diff options
author | Werner Koch <wk@wheatstone.g10code.de> | 2013-04-16 18:59:22 +0200 |
---|---|---|
committer | Werner Koch <wk@wheatstone.g10code.de> | 2013-04-16 18:59:41 +0200 |
commit | 78cd0ba8a8eceee9d0b3397a2ab3bda6ba37c8a4 (patch) | |
tree | 0997bf4df22845788eace4d2ebd8bfa608e345c8 /mpi/ec.c | |
parent | bd3afc27459a44df8cf501a7e1ae37bb849a8b0e (diff) | |
download | libgcrypt-78cd0ba8a8eceee9d0b3397a2ab3bda6ba37c8a4.tar.gz |
Fix multiply by zero in gcry_mpi_ec_mul.
* mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0.
* tests/t-mpi-point.c (basic_ec_math): Add a test case for this.
Signed-off-by: Werner Koch <wk@wheatstone.g10code.de>
Diffstat (limited to 'mpi/ec.c')
-rw-r--r-- | mpi/ec.c | 21 |
1 files changed, 17 insertions, 4 deletions
@@ -977,10 +977,23 @@ _gcry_mpi_ec_mul_point (mpi_point_t result, mpi_mul (h, k, mpi_const (MPI_C_THREE)); /* h = 3k */ loops = mpi_get_nbits (h); - - mpi_set (result->x, point->x); - mpi_set (result->y, yy); mpi_free (yy); yy = NULL; - mpi_set (result->z, point->z); + if (loops < 2) + { + /* If SCALAR is zero, the above mpi_mul sets H to zero and thus + LOOPs will be zero. To avoid an underflow of I in the main + loop we set LOOP to 2 and the result to (0,0,0). */ + loops = 2; + mpi_clear (result->x); + mpi_clear (result->y); + mpi_clear (result->z); + } + else + { + mpi_set (result->x, point->x); + mpi_set (result->y, yy); + mpi_set (result->z, point->z); + } + mpi_free (yy); yy = NULL; p1.x = x1; x1 = NULL; p1.y = y1; y1 = NULL; |