diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2015-11-25 10:42:47 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2015-11-25 10:42:47 +0900 |
commit | 295b1c3540752af4fc5e6f41480e6db215222fba (patch) | |
tree | 860897e54ba59f163beee7f493513c6e0a116886 /mpi/ec.c | |
parent | b6015176df6bfae107ac82f9baa29ef2c175c9f9 (diff) | |
download | libgcrypt-295b1c3540752af4fc5e6f41480e6db215222fba.tar.gz |
ecc: multiplication of Edwards curve to be constant-time.
* mpi/ec.c (_gcry_mpi_ec_mul_point): Use point_swap_cond.
--
Reported-by: Taylor R Campbell.
Diffstat (limited to 'mpi/ec.c')
-rw-r--r-- | mpi/ec.c | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -1254,12 +1254,13 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, mpi_point_struct tmppnt; point_init (&tmppnt); + point_resize (result, ctx); + point_resize (&tmppnt, ctx); for (j=nbits-1; j >= 0; j--) { _gcry_mpi_ec_dup_point (result, result, ctx); _gcry_mpi_ec_add_points (&tmppnt, result, point, ctx); - if (mpi_test_bit (scalar, j)) - point_set (result, &tmppnt); + point_swap_cond (result, &tmppnt, mpi_test_bit (scalar, j), ctx); } point_free (&tmppnt); } |