boringssl/crypto/fipsmodule/ecdsa
David Benjamin 04018c5929 Remove EC_LOOSE_SCALAR.
ECDSA converts digests to scalars by taking the leftmost n bits, where n
is the number of bits in the group order. This does not necessarily
produce a fully-reduced scalar.

Montgomery multiplication actually tolerates this slightly looser bound,
so we did not bother with the conditional subtraction. However, this
subtraction is free compared to the multiplication, inversion, and base
point multiplication. Simplify things by keeping it fully-reduced.

Change-Id: If49dffefccc21510f40418dc52ea4da7e3ff198f
Reviewed-on: https://boringssl-review.googlesource.com/26968
Reviewed-by: Adam Langley <agl@google.com>
2018-04-02 18:22:58 +00:00
..
ecdsa_sign_tests.txt Add tests for large digests. 2018-04-02 18:18:23 +00:00
ecdsa_test.cc
ecdsa_verify_tests.txt Add tests for large digests. 2018-04-02 18:18:23 +00:00
ecdsa.c Remove EC_LOOSE_SCALAR. 2018-04-02 18:22:58 +00:00