Remove some unneccessary use of constant time code in curve448

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5105)
author: Matt Caswell <matt@openssl.org> 2018-02-07 12:14:25 +0000
committer: Matt Caswell <matt@openssl.org> 2018-02-20 12:59:31 +0000
commit: a7232276fef30a63070fd9dbb53d3820d3761d5b (patch)
tree: 5cf1a63b04c11509fb4e842b1f11202d60fc244d /crypto/ec
parent: 434149c7448729b5c20d61c359bd9dc367cf5604 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index 09304020c7..92892f305d 100644
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -64,7 +64,8 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
     if (context_len > UINT8_MAX)
         return C448_FAILURE;
 
-    dom[0] = 2 + word_is_zero(prehashed) + word_is_zero(for_prehash);
+    dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0)
+                       - (for_prehash == 0 ? 1 : 0));
     dom[1] = (uint8_t)context_len;
 
     if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
author	Matt Caswell <matt@openssl.org>	2018-02-07 12:14:25 +0000
committer	Matt Caswell <matt@openssl.org>	2018-02-20 12:59:31 +0000
commit	a7232276fef30a63070fd9dbb53d3820d3761d5b (patch)
tree	5cf1a63b04c11509fb4e842b1f11202d60fc244d /crypto/ec
parent	434149c7448729b5c20d61c359bd9dc367cf5604 (diff)