ecc: multiplication of Edwards curve to be constant-time.

* mpi/ec.c (_gcry_mpi_ec_mul_point): Use point_swap_cond. -- Reported-by: Taylor R Campbell.
author: NIIBE Yutaka <gniibe@fsij.org> 2015-11-25 10:42:47 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2015-11-25 10:42:47 +0900
commit: 295b1c3540752af4fc5e6f41480e6db215222fba (patch)
tree: 860897e54ba59f163beee7f493513c6e0a116886
parent: b6015176df6bfae107ac82f9baa29ef2c175c9f9 (diff)
download: libgcrypt-295b1c3540752af4fc5e6f41480e6db215222fba.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/mpi/ec.c b/mpi/ec.c
index 16449425..9394d89d 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -1254,12 +1254,13 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
           mpi_point_struct tmppnt;
 
           point_init (&tmppnt);
+          point_resize (result, ctx);
+          point_resize (&tmppnt, ctx);
           for (j=nbits-1; j >= 0; j--)
             {
               _gcry_mpi_ec_dup_point (result, result, ctx);
               _gcry_mpi_ec_add_points (&tmppnt, result, point, ctx);
-              if (mpi_test_bit (scalar, j))
-                point_set (result, &tmppnt);
+              point_swap_cond (result, &tmppnt, mpi_test_bit (scalar, j), ctx);
             }
           point_free (&tmppnt);
         }
author	NIIBE Yutaka <gniibe@fsij.org>	2015-11-25 10:42:47 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2015-11-25 10:42:47 +0900
commit	295b1c3540752af4fc5e6f41480e6db215222fba (patch)
tree	860897e54ba59f163beee7f493513c6e0a116886
parent	b6015176df6bfae107ac82f9baa29ef2c175c9f9 (diff)
download	libgcrypt-295b1c3540752af4fc5e6f41480e6db215222fba.tar.gz