diff options
| author | tb <> | 2024-11-30 16:18:01 +0000 |
|---|---|---|
| committer | tb <> | 2024-11-30 16:18:01 +0000 |
| commit | c882c1fa4340d9535200f48929287f2fd1127b80 (patch) | |
| tree | 8e412cf44f05ab80a79f627987d104e6c89f2753 /src/lib/libcrypto/dsa/dsa_meth.c | |
| parent | c6ce45ed1cfaaa03459157bf8527b8b0df2c9979 (diff) | |
| download | openbsd-c882c1fa4340d9535200f48929287f2fd1127b80.tar.gz openbsd-c882c1fa4340d9535200f48929287f2fd1127b80.tar.bz2 openbsd-c882c1fa4340d9535200f48929287f2fd1127b80.zip | |
Improve ec_points_make_affine()
It is unclear how the original code was supposed to work. It clearly
missed a few corner cases (like handling points at infinity correctly)
and the badly mangled comment that was supposed to display a binary
search tree didn't help at all.
Instead do something much more straightforward: multiply all the non-zero
Z coordinates of the points not at infinity together, keeping track of the
intermediate products. Then do a single expensive modular inversion before
working backwards to compute all the inverses. Then the transformation from
Jacobian coordinates to affine coordiantes (x, y, z) -> (x/z^2, y/z^3, 1)
becomes cheap. A little bit of care has to be taken for Montgomery curves
but that's very simple compared to the mess that was there before.
ok jsing
This is a cleaned up version of:
commit 0fe73d6c3641cb175871463bdddbbea3ee0b62ae
Author: Bodo Moeller <bodo@openssl.org>
Date: Fri Aug 1 17:18:14 2014 +0200
Simplify and fix ec_GFp_simple_points_make_affine
(which didn't always handle value 0 correctly).
Reviewed-by: emilia@openssl.org
Diffstat (limited to 'src/lib/libcrypto/dsa/dsa_meth.c')
0 files changed, 0 insertions, 0 deletions