diff options
| author | Billy Brumley <bbrumley@gmail.com> | 2020-04-01 20:15:58 +0200 |
|---|---|---|
| committer | Nicola Tuveri <nicola.tuveri@ibm.com> | 2020-04-07 14:17:58 +0200 |
| commit | c61ced5ec50fc68707c7cea79f7df1d170f03f13 (patch) | |
| tree | a8ce43a5b3baf072936b8192d886bd6c8f11ee36 /crypto/ec/ec_mult.c | |
| parent | Fix the error handling in EC_POINTs_mul (diff) | |
| download | openssl-c61ced5ec50fc68707c7cea79f7df1d170f03f13.tar.xz openssl-c61ced5ec50fc68707c7cea79f7df1d170f03f13.zip | |
[crypto/ec] blind coordinates in ec_wNAF_mul for robustness
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Nicola Tuveri <nicola.tuveri@ibm.com>
(Merged from https://github.com/openssl/openssl/pull/11439)
Diffstat (limited to 'crypto/ec/ec_mult.c')
| -rw-r--r-- | crypto/ec/ec_mult.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 2d3fc50acf..c66276efce 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -746,6 +746,20 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (r_is_at_infinity) { if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err; + + /*- + * Apply coordinate blinding for EC_POINT. + * + * The underlying EC_METHOD can optionally implement this function: + * ec_point_blind_coordinates() returns 0 in case of errors or 1 on + * success or if coordinate blinding is not implemented for this + * group. + */ + if (!ec_point_blind_coordinates(group, r, ctx)) { + ECerr(EC_F_EC_WNAF_MUL, EC_R_POINT_COORDINATES_BLIND_FAILURE); + goto err; + } + r_is_at_infinity = 0; } else { if (!EC_POINT_add |