diff options
| author | Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> | 2015-05-06 09:49:30 -0400 |
|---|---|---|
| committer | Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> | 2015-05-06 09:49:30 -0400 |
| commit | 2283f5e85dbc78dd10810cb6ebfa39e61ab6759e (patch) | |
| tree | 88017c6acfa326ebaab2d7a4935534f65a36db9b /Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | |
| parent | 3967dc652453e47ecd5f21a55bb687be15c59e9c (diff) | |
| download | efi-boot-shim-2283f5e85dbc78dd10810cb6ebfa39e61ab6759e.tar.gz efi-boot-shim-2283f5e85dbc78dd10810cb6ebfa39e61ab6759e.zip | |
Unapplying patches to prevent spurious conflicts.
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/ec/ec2_mult.c')
| -rwxr-xr-x | Cryptlib/OpenSSL/crypto/ec/ec2_mult.c | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c index 6b570a3f..7dca5e4b 100755 --- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c +++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c @@ -208,12 +208,9 @@ static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIG /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses a modified algorithm 2P of + * Uses algorithm 2P of * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation". - * - * To protect against side-channel attack the function uses constant time - * swap avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -247,11 +244,6 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, x2 = &r->X; z2 = &r->Y; - bn_wexpand(x1, group->field.top); - bn_wexpand(z1, group->field.top); - bn_wexpand(x2, group->field.top); - bn_wexpand(z2, group->field.top); - if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -274,12 +266,16 @@ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, { for (; j >= 0; j--) { - BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); - BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); - BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); + if (scalar->d[i] & mask) + { + if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; + if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; + } + else + { + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + } mask >>= 1; } j = BN_BITS2 - 1; |