From: Matt Caswell <matt@openssl.org>
Date: Wed, 7 Feb 2018 12:14:25 +0000 (+0000)
Subject: Remove some unneccessary use of constant time code in curve448
X-Git-Tag: OpenSSL_1_1_1-pre2~65
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a7232276fef30a63070fd9dbb53d3820d3761d5b;p=oweals%2Fopenssl.git

Remove some unneccessary use of constant time code in curve448

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
---

diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index 09304020c7..92892f305d 100644
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -64,7 +64,8 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
     if (context_len > UINT8_MAX)
         return C448_FAILURE;
 
-    dom[0] = 2 + word_is_zero(prehashed) + word_is_zero(for_prehash);
+    dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0)
+                       - (for_prehash == 0 ? 1 : 0));
     dom[1] = (uint8_t)context_len;
 
     if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)