From 78cd0ba8a8eceee9d0b3397a2ab3bda6ba37c8a4 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@wheatstone.g10code.de>
Date: Tue, 16 Apr 2013 18:59:22 +0200
Subject: Fix multiply by zero in gcry_mpi_ec_mul.

* mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0.
* tests/t-mpi-point.c (basic_ec_math): Add a test case for this.

Signed-off-by: Werner Koch <wk@wheatstone.g10code.de>
---
 mpi/ec.c | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

(limited to 'mpi/ec.c')

diff --git a/mpi/ec.c b/mpi/ec.c
index 5d2f5c92..8fb47a30 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -977,10 +977,23 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
 
   mpi_mul (h, k, mpi_const (MPI_C_THREE)); /* h = 3k */
   loops = mpi_get_nbits (h);
-
-  mpi_set (result->x, point->x);
-  mpi_set (result->y, yy); mpi_free (yy); yy = NULL;
-  mpi_set (result->z, point->z);
+  if (loops < 2)
+    {
+      /* If SCALAR is zero, the above mpi_mul sets H to zero and thus
+         LOOPs will be zero.  To avoid an underflow of I in the main
+         loop we set LOOP to 2 and the result to (0,0,0).  */
+      loops = 2;
+      mpi_clear (result->x);
+      mpi_clear (result->y);
+      mpi_clear (result->z);
+    }
+  else
+    {
+      mpi_set (result->x, point->x);
+      mpi_set (result->y, yy);
+      mpi_set (result->z, point->z);
+    }
+  mpi_free (yy); yy = NULL;
 
   p1.x = x1; x1 = NULL;
   p1.y = y1; y1 = NULL;
-- 
cgit v1.2.1