301efc8cea
This makes similar fixes as were done in the following OpenSSL commits:
c028254b12a8ea0d0f8a677172eda2e2d78073f3: Correctly set Z_is_one on
the return value in the NISTZ256 implementation.
e22d2199e2a5cc9b243f45c2b633d1e31fadecd7: Error checking and memory
leak leak fixes in NISTZ256.
4446044a793a9103a4bc70c0214005e6a4463767: NISTZ256: set Z_is_one to
boolean 0/1 as is customary.
a4d5269e6d0dba0c276c968448a3576f7604666a: NISTZ256: don't swallow
malloc errors.
The fixes aren't exactly the same. In particular, the comments "This is
an unusual input, we don't guarantee constant-timeness" and the changes
to |ecp_nistz256_mult_precompute| (which isn't in BoringSSL) were
omitted.
Change-Id: Ia7bb982daa62fb328e8bd2d4dd49a8857e104096
Reviewed-on: https://boringssl-review.googlesource.com/6492
Reviewed-by: Adam Langley <agl@google.com>
|
||
|---|---|---|
| .. | ||
| asm | ||
| CMakeLists.txt | ||
| ec_asn1.c | ||
| ec_key.c | ||
| ec_montgomery.c | ||
| ec_test.cc | ||
| ec.c | ||
| example_mul.c | ||
| internal.h | ||
| oct.c | ||
| p224-64.c | ||
| p256-64.c | ||
| p256-x86_64-table.h | ||
| p256-x86_64.c | ||
| simple.c | ||
| util-64.c | ||
| wnaf.c | ||