Unset Z_is_zero after applying coordinate blinding and

re-enable coordinate blinding.

ok jsing

1 files changed, 4 insertions, 3 deletions

diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index d3fcd99670..e379a74fb1 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_smpl.c,v 1.26 2018/11/06 02:16:13 tb Exp $ */
+/* $OpenBSD: ecp_smpl.c,v 1.27 2018/11/06 06:59:25 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project.
  * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -1463,6 +1463,9 @@ ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
         if (!group->meth->field_mul(group, &p->Y, tmp, &p->Y, ctx))
                 goto err;
 
+        /* Disable optimized arithmetics after replacing Z by lambda * Z. */
+        p->Z_is_one = 0;
+
         ret = 1;
 
  err:
@@ -1599,10 +1602,8 @@ ec_GFp_simple_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
          * Apply coordinate blinding for EC_POINT if the underlying EC_METHOD
          * implements it.
          */
-#if 0
         if (!ec_point_blind_coordinates(group, s, ctx))
                 goto err;
-#endif
 
         /* top bit is a 1, in a fixed pos */
         if (!EC_POINT_copy(r, s))