Rewrite a comment to use p rather than q

author: tb <> 2024-12-12 10:02:00 +0000
committer: tb <> 2024-12-12 10:02:00 +0000
commit: fd906c7b27573203602764309c3cf5faaefdf573 (patch)
tree: b24c8788789857e07c8948e204ab0c205d10149c /src
parent: 0073d22328d043ee79dbaa9705605bcc23456d4a (diff)
download: openbsd-fd906c7b27573203602764309c3cf5faaefdf573.tar.gz
openbsd-fd906c7b27573203602764309c3cf5faaefdf573.tar.bz2
openbsd-fd906c7b27573203602764309c3cf5faaefdf573.zip
1 files changed, 10 insertions, 10 deletions
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 9f1a742d38..6644c4dfc7 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.90 2024/12/12 10:00:15 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.91 2024/12/12 10:02:00 tb Exp $ */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
@@ -227,16 +227,16 @@ ec_group_get_field_type(const EC_GROUP *group)
 /*
 * If there is a user-provided cofactor, sanity check and use it. Otherwise
- * try computing the cofactor from generator order n and field cardinality q.
+ * try computing the cofactor from generator order n and field cardinality p.
 * This works for all curves of cryptographic interest.
 *
- * Hasse's theorem: | h * n - (q + 1) | <= 2 * sqrt(q)
+ * Hasse's theorem: | h * n - (p + 1) | <= 2 * sqrt(p)
 *
- * So: h_min = (q + 1 - 2*sqrt(q)) / n and h_max = (q + 1 + 2*sqrt(q)) / n and
+ * So: h_min = (p + 1 - 2*sqrt(p)) / n and h_max = (p + 1 + 2*sqrt(p)) / n and
- * therefore h_max - h_min = 4*sqrt(q) / n. So if n > 4*sqrt(q) holds, there is
+ * therefore h_max - h_min = 4*sqrt(p) / n. So if n > 4*sqrt(p) holds, there is
 * only one possible value for h:
 *
- *      h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil
+ *      h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (p + 1)/n \rceil
 *
 * Otherwise, zero cofactor and return success.
 */
@@ -273,14 +273,14 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor)
        /*
         * If the cofactor is too large, we cannot guess it and default to zero.
-         * The RHS of below is a strict overestimate of log(4 * sqrt(q)).
+         * The RHS of below is a strict overestimate of log(4 * sqrt(p)).
         */
        if (BN_num_bits(&group->order) <= (BN_num_bits(&group->p) + 1) / 2 + 3)
                goto done;
        /*
         * Compute
-         *     h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2) / n \rfloor.
+         *     h = \lfloor (p + 1)/n \rceil = \lfloor (p + 1 + n/2) / n \rfloor.
         */
        /* h = n/2 */
@@ -289,10 +289,10 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor)
        /* h = 1 + n/2 */
        if (!BN_add_word(cofactor, 1))
                goto err;
-        /* h = q + 1 + n/2 */
+        /* h = p + 1 + n/2 */
        if (!BN_add(cofactor, cofactor, &group->p))
                goto err;
-        /* h = (q + 1 + n/2) / n */
+        /* h = (p + 1 + n/2) / n */
        if (!BN_div_ct(cofactor, NULL, cofactor, &group->order, ctx))
                goto err;
author	tb <>	2024-12-12 10:02:00 +0000
committer	tb <>	2024-12-12 10:02:00 +0000
commit	fd906c7b27573203602764309c3cf5faaefdf573 (patch)
tree	b24c8788789857e07c8948e204ab0c205d10149c /src
parent	0073d22328d043ee79dbaa9705605bcc23456d4a (diff)
download	openbsd-fd906c7b27573203602764309c3cf5faaefdf573.tar.gz openbsd-fd906c7b27573203602764309c3cf5faaefdf573.tar.bz2 openbsd-fd906c7b27573203602764309c3cf5faaefdf573.zip

diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c index 9f1a742d38..6644c4dfc7 100644 --- a/src/lib/libcrypto/ec/ec_lib.c +++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_lib.c,v 1.90 2024/12/12 10:00:15 tb Exp $ */	1	/* $OpenBSD: ec_lib.c,v 1.91 2024/12/12 10:02:00 tb Exp $ */
2	/*	2	/*
3	* Originally written by Bodo Moeller for the OpenSSL project.	3	* Originally written by Bodo Moeller for the OpenSSL project.
4	*/	4	*/
@@ -227,16 +227,16 @@ ec_group_get_field_type(const EC_GROUP *group)
227		227
228	/*	228	/*
229	* If there is a user-provided cofactor, sanity check and use it. Otherwise	229	* If there is a user-provided cofactor, sanity check and use it. Otherwise
230	* try computing the cofactor from generator order n and field cardinality q.	230	* try computing the cofactor from generator order n and field cardinality p.
231	* This works for all curves of cryptographic interest.	231	* This works for all curves of cryptographic interest.
232	*	232	*
233	* Hasse's theorem: \| h * n - (q + 1) \| <= 2 * sqrt(q)	233	* Hasse's theorem: \| h * n - (p + 1) \| <= 2 * sqrt(p)
234	*	234	*
235	* So: h_min = (q + 1 - 2sqrt(q)) / n and h_max = (q + 1 + 2sqrt(q)) / n and	235	* So: h_min = (p + 1 - 2sqrt(p)) / n and h_max = (p + 1 + 2sqrt(p)) / n and
236	* therefore h_max - h_min = 4sqrt(q) / n. So if n > 4sqrt(q) holds, there is	236	* therefore h_max - h_min = 4sqrt(p) / n. So if n > 4sqrt(p) holds, there is
237	* only one possible value for h:	237	* only one possible value for h:
238	*	238	*
239	* h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil	239	* h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (p + 1)/n \rceil
240	*	240	*
241	* Otherwise, zero cofactor and return success.	241	* Otherwise, zero cofactor and return success.
242	*/	242	*/
@@ -273,14 +273,14 @@ ec_set_cofactor(EC_GROUP group, const BIGNUM in_cofactor)
273		273
274	/*	274	/*
275	* If the cofactor is too large, we cannot guess it and default to zero.	275	* If the cofactor is too large, we cannot guess it and default to zero.
276	* The RHS of below is a strict overestimate of log(4 * sqrt(q)).	276	* The RHS of below is a strict overestimate of log(4 * sqrt(p)).
277	*/	277	*/
278	if (BN_num_bits(&group->order) <= (BN_num_bits(&group->p) + 1) / 2 + 3)	278	if (BN_num_bits(&group->order) <= (BN_num_bits(&group->p) + 1) / 2 + 3)
279	goto done;	279	goto done;
280		280
281	/*	281	/*
282	* Compute	282	* Compute
283	* h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2) / n \rfloor.	283	* h = \lfloor (p + 1)/n \rceil = \lfloor (p + 1 + n/2) / n \rfloor.
284	*/	284	*/
285		285
286	/* h = n/2 */	286	/* h = n/2 */
@@ -289,10 +289,10 @@ ec_set_cofactor(EC_GROUP group, const BIGNUM in_cofactor)
289	/* h = 1 + n/2 */	289	/* h = 1 + n/2 */
290	if (!BN_add_word(cofactor, 1))	290	if (!BN_add_word(cofactor, 1))
291	goto err;	291	goto err;
292	/* h = q + 1 + n/2 */	292	/* h = p + 1 + n/2 */
293	if (!BN_add(cofactor, cofactor, &group->p))	293	if (!BN_add(cofactor, cofactor, &group->p))
294	goto err;	294	goto err;
295	/* h = (q + 1 + n/2) / n */	295	/* h = (p + 1 + n/2) / n */
296	if (!BN_div_ct(cofactor, NULL, cofactor, &group->order, ctx))	296	if (!BN_div_ct(cofactor, NULL, cofactor, &group->order, ctx))
297	goto err;	297	goto err;
298		298