A number intended to treat the base as secret should not be branching on
whether it is zero. Test-wise, this is covered by existing tests in bnmod.txt.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6733)
aa = val[0];
} else
aa = a;
aa = val[0];
} else
aa = a;
- if (BN_is_zero(aa)) {
- BN_zero(rr);
- ret = 1;
- goto err;
- }
if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
goto err; /* 1 */
if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
goto err; /* 1 */