Commit de72274d authored by Billy Brumley's avatar Billy Brumley Committed by Matt Caswell
Browse files

[crypto/ec] disable SCA mitigations for curves with incomplete parameters 



Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6648)
parent a97d19f7

crypto/ec/ec_mult.c

+24 −22
Original line number Diff line number Diff line
@@ -389,6 +389,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, 
        return EC_POINT_set_to_infinity(group, r);

    }



    if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) {

        /*-

         * Handle the common cases where the scalar is secret, enforcing a constant

         * time scalar multiplication algorithm.
@@ -414,6 +415,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, 
             */

            return ec_mul_consttime(group, r, scalars[0], points[0], ctx);

        }

    }



    for (i = 0; i < num; i++) {

        if (!ec_point_is_compat(points[i], group)) {