diff options
| author | jsing <> | 2025-03-24 13:07:04 +0000 |
|---|---|---|
| committer | jsing <> | 2025-03-24 13:07:04 +0000 |
| commit | 70275e713454e731b5cbf6545eff93592d1d9872 (patch) | |
| tree | 6397da5be4e5b65da2b65dd38a2c3f1202843573 /src/lib/libcrypto/ec/ecp_methods.c | |
| parent | e8c19f02f4b0497ce5d3eca5d72b3cdaeaff9f09 (diff) | |
| download | openbsd-70275e713454e731b5cbf6545eff93592d1d9872.tar.gz openbsd-70275e713454e731b5cbf6545eff93592d1d9872.tar.bz2 openbsd-70275e713454e731b5cbf6545eff93592d1d9872.zip | |
Explicitly pass group generator to mul_double_nonct() from EC_POINT_mul().
EC_POINT_mul() has a complex multi-use interface - there are effectively
three different ways it will behave, depending on which arguments are NULL.
In the case where we compute g_scalar * generator + p_scalar * point, the
mul_double_nonct() function pointer is called, however only g_scalar,
p_scalar and point are passed - it is expected that the lower level
implementation (in this case ec_wnaf_mul()) will use the generator from
the group.
Change mul_double_nonct(), ec_mul_double_nonct() and ec_wnaf_mul() so that
they take scalar1, point1, scalar2 and point2. This removes all knowledge
of g_scalar and the generator from the multiplication code, keeping it
limited to EC_POINT_mul(). While here also consistently pass scalar then
point, rather than a mix of scalar/point and point/scalar.
ok tb@
Diffstat (limited to 'src/lib/libcrypto/ec/ecp_methods.c')
| -rw-r--r-- | src/lib/libcrypto/ec/ecp_methods.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c index 544c2be4d4..ced85ceb1e 100644 --- a/src/lib/libcrypto/ec/ecp_methods.c +++ b/src/lib/libcrypto/ec/ecp_methods.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecp_methods.c,v 1.44 2025/03/09 15:33:35 tb Exp $ */ | 1 | /* $OpenBSD: ecp_methods.c,v 1.45 2025/03/24 13:07:04 jsing Exp $ */ |
| 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> | 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> |
| 3 | * for the OpenSSL project. | 3 | * for the OpenSSL project. |
| 4 | * Includes code written by Bodo Moeller for the OpenSSL project. | 4 | * Includes code written by Bodo Moeller for the OpenSSL project. |
| @@ -1194,10 +1194,11 @@ ec_mul_single_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, | |||
| 1194 | } | 1194 | } |
| 1195 | 1195 | ||
| 1196 | static int | 1196 | static int |
| 1197 | ec_mul_double_nonct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, | 1197 | ec_mul_double_nonct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar1, |
| 1198 | const BIGNUM *p_scalar, const EC_POINT *point, BN_CTX *ctx) | 1198 | const EC_POINT *point1, const BIGNUM *scalar2, const EC_POINT *point2, |
| 1199 | BN_CTX *ctx) | ||
| 1199 | { | 1200 | { |
| 1200 | return ec_wnaf_mul(group, r, g_scalar, point, p_scalar, ctx); | 1201 | return ec_wnaf_mul(group, r, scalar1, point1, scalar2, point2, ctx); |
| 1201 | } | 1202 | } |
| 1202 | 1203 | ||
| 1203 | static int | 1204 | static int |