Remove some unneccessary use of constant time code in curve448
authorMatt Caswell <matt@openssl.org>
Wed, 7 Feb 2018 12:14:25 +0000 (12:14 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 20 Feb 2018 12:59:31 +0000 (12:59 +0000)
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)

crypto/ec/curve448/eddsa.c

index 0930402..92892f3 100644 (file)
@@ -64,7 +64,8 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
     if (context_len > UINT8_MAX)
         return C448_FAILURE;
 
-    dom[0] = 2 + word_is_zero(prehashed) + word_is_zero(for_prehash);
+    dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0)
+                       - (for_prehash == 0 ? 1 : 0));
     dom[1] = (uint8_t)context_len;
 
     if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)