summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ecdsa/ecdsa.c
diff options
context:
space:
mode:
authorjsing <>2025-03-24 13:07:04 +0000
committerjsing <>2025-03-24 13:07:04 +0000
commit865465694bb9f7950a0710e8d7667d2540779602 (patch)
tree6397da5be4e5b65da2b65dd38a2c3f1202843573 /src/lib/libcrypto/ecdsa/ecdsa.c
parent572b48cb49edaff7e25c2a2130a6715142745223 (diff)
downloadopenbsd-865465694bb9f7950a0710e8d7667d2540779602.tar.gz
openbsd-865465694bb9f7950a0710e8d7667d2540779602.tar.bz2
openbsd-865465694bb9f7950a0710e8d7667d2540779602.zip
Explicitly pass group generator to mul_double_nonct() from EC_POINT_mul().
EC_POINT_mul() has a complex multi-use interface - there are effectively three different ways it will behave, depending on which arguments are NULL. In the case where we compute g_scalar * generator + p_scalar * point, the mul_double_nonct() function pointer is called, however only g_scalar, p_scalar and point are passed - it is expected that the lower level implementation (in this case ec_wnaf_mul()) will use the generator from the group. Change mul_double_nonct(), ec_mul_double_nonct() and ec_wnaf_mul() so that they take scalar1, point1, scalar2 and point2. This removes all knowledge of g_scalar and the generator from the multiplication code, keeping it limited to EC_POINT_mul(). While here also consistently pass scalar then point, rather than a mix of scalar/point and point/scalar. ok tb@
Diffstat (limited to 'src/lib/libcrypto/ecdsa/ecdsa.c')
0 files changed, 0 insertions, 0 deletions