From 295b1c3540752af4fc5e6f41480e6db215222fba Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Wed, 25 Nov 2015 10:42:47 +0900
Subject: ecc: multiplication of Edwards curve to be constant-time.

* mpi/ec.c (_gcry_mpi_ec_mul_point): Use point_swap_cond.

--

Reported-by: Taylor R Campbell.
---
 mpi/ec.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'mpi')

diff --git a/mpi/ec.c b/mpi/ec.c
index 16449425..9394d89d 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -1254,12 +1254,13 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
           mpi_point_struct tmppnt;
 
           point_init (&tmppnt);
+          point_resize (result, ctx);
+          point_resize (&tmppnt, ctx);
           for (j=nbits-1; j >= 0; j--)
             {
               _gcry_mpi_ec_dup_point (result, result, ctx);
               _gcry_mpi_ec_add_points (&tmppnt, result, point, ctx);
-              if (mpi_test_bit (scalar, j))
-                point_set (result, &tmppnt);
+              point_swap_cond (result, &tmppnt, mpi_test_bit (scalar, j), ctx);
             }
           point_free (&tmppnt);
         }
-- 
cgit v1.2.1