diff options
| author | jsing <> | 2025-03-24 13:07:04 +0000 | 
|---|---|---|
| committer | jsing <> | 2025-03-24 13:07:04 +0000 | 
| commit | 865465694bb9f7950a0710e8d7667d2540779602 (patch) | |
| tree | 6397da5be4e5b65da2b65dd38a2c3f1202843573 /src/lib/libcrypto/cms/cms_enc.c | |
| parent | 572b48cb49edaff7e25c2a2130a6715142745223 (diff) | |
| download | openbsd-865465694bb9f7950a0710e8d7667d2540779602.tar.gz openbsd-865465694bb9f7950a0710e8d7667d2540779602.tar.bz2 openbsd-865465694bb9f7950a0710e8d7667d2540779602.zip | |
Explicitly pass group generator to mul_double_nonct() from EC_POINT_mul().
EC_POINT_mul() has a complex multi-use interface - there are effectively
three different ways it will behave, depending on which arguments are NULL.
In the case where we compute g_scalar * generator + p_scalar * point, the
mul_double_nonct() function pointer is called, however only g_scalar,
p_scalar and point are passed - it is expected that the lower level
implementation (in this case ec_wnaf_mul()) will use the generator from
the group.
Change mul_double_nonct(), ec_mul_double_nonct() and ec_wnaf_mul() so that
they take scalar1, point1, scalar2 and point2. This removes all knowledge
of g_scalar and the generator from the multiplication code, keeping it
limited to EC_POINT_mul(). While here also consistently pass scalar then
point, rather than a mix of scalar/point and point/scalar.
ok tb@
Diffstat (limited to 'src/lib/libcrypto/cms/cms_enc.c')
0 files changed, 0 insertions, 0 deletions
