Merge pull request #5841 from aurel32/ecp_mul_mxz-timing-leak Fix a timing leak in ecp_mul_mxz()

commit: 75c4eaf1f8b751c848ac823cf01a90201ccde3fc [log] [tgz]
author: Gilles Peskine <gilles.peskine@arm.com> Thu Oct 27 19:46:48 2022 +0200
committer: GitHub <noreply@github.com> Thu Oct 27 19:46:48 2022 +0200
tree: 81008f768df44b3aa3cddde2b2c542700d44a8f1
parent: 9603daddaae453a4999a0c1d994a5232aad0c55d [diff]
parent: c79ce881521513c893101f10842ea857976c1030 [diff]
diff --git a/library/ecp.c b/library/ecp.c
index 5c597d5..08e33e2 100644
--- a/library/ecp.c
+++ b/library/ecp.c

@@ -2461,7 +2461,7 @@
     MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
 
     /* Loop invariant: R = result so far, RP = R + P */
-    i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */
+    i = grp->nbits + 1; /* one past the (zero-based) required msb for private keys */
     while( i-- > 0 )
     {
         b = mbedtls_mpi_get_bit( m, i );
commit	75c4eaf1f8b751c848ac823cf01a90201ccde3fc	[log] [tgz]
author	Gilles Peskine <gilles.peskine@arm.com>	Thu Oct 27 19:46:48 2022 +0200
committer	GitHub <noreply@github.com>	Thu Oct 27 19:46:48 2022 +0200
tree	81008f768df44b3aa3cddde2b2c542700d44a8f1
parent	9603daddaae453a4999a0c1d994a5232aad0c55d [diff]
parent	c79ce881521513c893101f10842ea857976c1030 [diff]