>>> * Fix ecp_nistz256_mul_by_2 and ecp_nistz256_mul_by_3 to fully reduce >>> their outputs. >>> >>> * Fix ecp_nistz256_add to fully reduce its output. >> >> As for specifically addition see below. As for fixing mul_by_[23] and >> the fact that they use addition. There are two ways. a) Modify addition >> so that it *preserves* property of being fully reduced and leave >> mul_by_[23] as is. b) Let addition as is and add additional step to >> mul_by_[23]. The choice of approach can be platform-specific. For >> example on x86_64 a) is simpler and appears more efficient.
After considering other ecp_nistz256-enabled platforms a) appears better choice on all of them. It probably holds universally true, but I would still mention b) in commentary... -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev