Remove some unneccessary use of constant time code in curve448

author Matt Caswell <matt@openssl.org>

Wed, 7 Feb 2018 12:14:25 +0000 (12:14 +0000)

committer Matt Caswell <matt@openssl.org>

Tue, 20 Feb 2018 12:59:31 +0000 (12:59 +0000)
author Matt Caswell <matt@openssl.org>
Wed, 7 Feb 2018 12:14:25 +0000 (12:14 +0000)
committer Matt Caswell <matt@openssl.org>
Tue, 20 Feb 2018 12:59:31 +0000 (12:59 +0000)
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c

index 09304020c7b68fd61b3fc2b5439b0ea129412e8a..92892f305d805b9a4b7599e48d4448bc2b64294c 100644 (file)
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -64,7 +64,8 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
      if (context_len > UINT8_MAX)
          return C448_FAILURE;
  
-    dom[0] = 2 + word_is_zero(prehashed) + word_is_zero(for_prehash);
+    dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0)
+                       - (for_prehash == 0 ? 1 : 0));
      dom[1] = (uint8_t)context_len;
  
      if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
author	Matt Caswell <matt@openssl.org>
	Wed, 7 Feb 2018 12:14:25 +0000 (12:14 +0000)
committer	Matt Caswell <matt@openssl.org>
	Tue, 20 Feb 2018 12:59:31 +0000 (12:59 +0000)