kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
6ef1b64558
boringssl/crypto/fipsmodule/ec
History
David Benjamin 6ef1b64558 Add a comment about ecp_nistz256_point_add_affine's limitations. 
ecp_nistz256_point_add_affine does not support the doubling case and,
unlike ecp_nistz256_point_add which does a tail call, computes the wrong
answer. Note TestPointAdd in the unit tests skips this case.

This works fine because we only use ecp_nistz256_point_add_affine for
the g_scalar term, which is fully computed before the p_scalar term.
(Additionally it requires that the windowing pattern never hit the
doubling case for single multiplication.)

But this is not obvious from reading the multiplication functions, so
leave a comment at the call site to point this out.

Change-Id: I08882466d98030cdc882a5be9e702ee404e80cce
Reviewed-on: https://boringssl-review.googlesource.com/c/33945
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
2019-01-02 23:33:31 +00:00
..
asm Revert "Revert "Speed up ECDSA verify on x86-64."" 2018-11-07 23:57:22 +00:00
ec_key.c Use EC_RAW_POINT in ECDSA. 2018-11-13 02:06:46 +00:00
ec_montgomery.c Optimize EC_GFp_mont_method's cmp_x_coordinate. 2018-11-13 01:48:21 +00:00
ec_scalar_base_mult_tests.txt Add some EC base point multiplication test vectors. 2018-03-27 23:33:24 +00:00
ec_test.cc Contract P-224 elements before returning them. 2018-11-14 22:38:12 +00:00
ec.c Clean up EC_POINT to byte conversions. 2018-11-13 17:27:59 +00:00
felem.c Add missing #include of <openssl/err.h>. 2018-05-01 01:00:44 +00:00
internal.h Modernize OPENSSL_COMPILE_ASSERT, part 2. 2018-11-14 16:06:37 +00:00
make_ec_scalar_base_mult_tests.go Add some EC base point multiplication test vectors. 2018-03-27 23:33:24 +00:00
make_p256-x86_64-table.go Add utility program for emitting P-256 x86-64 table. 2018-03-26 16:28:42 +00:00
make_p256-x86_64-tests.go Refresh p256-x86_64_tests.txt. 2019-01-02 23:29:31 +00:00
oct.c Clean up EC_POINT to byte conversions. 2018-11-13 17:27:59 +00:00
p224-64.c Merge P-224 contract into serialisation. 2018-11-14 23:47:13 +00:00
p256-x86_64_test.cc Add an ABI testing framework. 2018-12-21 16:09:32 +00:00
p256-x86_64_tests.txt Refresh p256-x86_64_tests.txt. 2019-01-02 23:29:31 +00:00
p256-x86_64-table.h Add utility program for emitting P-256 x86-64 table. 2018-03-26 16:28:42 +00:00
p256-x86_64.c Add a comment about ecp_nistz256_point_add_affine's limitations. 2019-01-02 23:33:31 +00:00
p256-x86_64.h Add an ABI testing framework. 2018-12-21 16:09:32 +00:00
scalar.c Rename EC_MAX_SCALAR_*. 2018-11-13 03:22:04 +00:00
simple_mul.c Devirtualize ec_simple_{add,dbl}. 2018-11-06 18:32:11 +00:00
simple.c Push BIGNUM out of the cmp_x_coordinate interface. 2018-11-12 21:46:36 +00:00
util.c ec/p256.c: fiat-crypto field arithmetic (64, 32) 2017-12-11 17:55:46 +00:00
wnaf.c Rename EC_MAX_SCALAR_*. 2018-11-13 03:22:04 +00:00