diff options
author | Werner Koch <wk@wheatstone.g10code.de> | 2013-04-16 18:59:22 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2013-04-18 10:03:24 +0200 |
commit | cc2f85116226bf9e2b77c4949eb1e7ea2357f67d (patch) | |
tree | 05a259f0e6a9bea61012e4850606cb4c8232612d | |
parent | c7362450c679736ceb82e95fac2e251972f3ea1e (diff) | |
download | libgcrypt-cc2f85116226bf9e2b77c4949eb1e7ea2357f67d.tar.gz |
Fix multiply by zero in gcry_mpi_ec_mul.
* mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0.
--
This is backport from master leaving out the test case.
Signed-off-by: Werner Koch <wk@gnupg.org>
-rw-r--r-- | mpi/ec.c | 21 |
1 files changed, 17 insertions, 4 deletions
@@ -670,10 +670,23 @@ _gcry_mpi_ec_mul_point (mpi_point_t *result, mpi_mul (h, k, ctx->three); /* h = 3k */ loops = mpi_get_nbits (h); - - mpi_set (result->x, point->x); - mpi_set (result->y, yy); mpi_free (yy); yy = NULL; - mpi_set (result->z, point->z); + if (loops < 2) + { + /* If SCALAR is zero, the above mpi_mul sets H to zero and thus + LOOPs will be zero. To avoid an underflow of I in the main + loop we set LOOP to 2 and the result to (0,0,0). */ + loops = 2; + mpi_clear (result->x); + mpi_clear (result->y); + mpi_clear (result->z); + } + else + { + mpi_set (result->x, point->x); + mpi_set (result->y, yy); + mpi_set (result->z, point->z); + } + mpi_free (yy); yy = NULL; p1.x = x1; x1 = NULL; p1.y = y1; y1 = NULL; |