/*
- * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
*
* At a high level, it is Montgomery ladder with conditional swaps.
*
- * It performs either a fixed scalar point multiplication
+ * It performs either a fixed point multiplication
* (scalar * generator)
- * when point is NULL, or a generic scalar point multiplication
+ * when point is NULL, or a variable point multiplication
* (scalar * point)
* when point is not NULL.
*
int ret = 0;
if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
- goto err;
+ return 0;
- if ((group->order == NULL) || (group->field == NULL))
- goto err;
+ BN_CTX_start(ctx);
order_bits = BN_num_bits(group->order);
goto err;
if (point == NULL) {
- if (group->generator == NULL)
- goto err;
if (!EC_POINT_copy(s, group->generator))
goto err;
} else {
EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME);
- BN_CTX_start(ctx);
lambda = BN_CTX_get(ctx);
k = BN_CTX_get(ctx);
if (k == NULL)
* precomputation is not available */
int ret = 0;
+ if (group->meth != r->meth) {
+ ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+ return 0;
+ }
+
+ if ((scalar == NULL) && (num == 0)) {
+ return EC_POINT_set_to_infinity(group, r);
+ }
+
/*-
* Handle the common cases where the scalar is secret, enforcing a constant
* time scalar multiplication algorithm.
return ec_mul_consttime(group, r, scalars[0], points[0], ctx);
}
- if (group->meth != r->meth) {
- ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
- return 0;
- }
-
- if ((scalar == NULL) && (num == 0)) {
- return EC_POINT_set_to_infinity(group, r);
- }
-
for (i = 0; i < num; i++) {
if (group->meth != points[i]->meth) {
ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);