Fix multiply by zero in gcry_mpi_ec_mul.

* mpi/ec.c (_gcry_mpi_ec_mul_point): Handle case of SCALAR == 0. -- This is backport from master leaving out the test case. Signed-off-by: Werner Koch <wk@gnupg.org>
author: Werner Koch <wk@wheatstone.g10code.de> 2013-04-16 18:59:22 +0200
committer: Werner Koch <wk@gnupg.org> 2013-04-18 10:03:24 +0200
commit: cc2f85116226bf9e2b77c4949eb1e7ea2357f67d (patch)
tree: 05a259f0e6a9bea61012e4850606cb4c8232612d
parent: c7362450c679736ceb82e95fac2e251972f3ea1e (diff)
download: libgcrypt-cc2f85116226bf9e2b77c4949eb1e7ea2357f67d.tar.gz
1 files changed, 17 insertions, 4 deletions
diff --git a/mpi/ec.c b/mpi/ec.c
index ce86e099..fa00818f 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -670,10 +670,23 @@ _gcry_mpi_ec_mul_point (mpi_point_t *result,
 
   mpi_mul (h, k, ctx->three); /* h = 3k */
   loops = mpi_get_nbits (h);
-
-  mpi_set (result->x, point->x);
-  mpi_set (result->y, yy); mpi_free (yy); yy = NULL;
-  mpi_set (result->z, point->z);
+  if (loops < 2)
+    {
+      /* If SCALAR is zero, the above mpi_mul sets H to zero and thus
+         LOOPs will be zero.  To avoid an underflow of I in the main
+         loop we set LOOP to 2 and the result to (0,0,0).  */
+      loops = 2;
+      mpi_clear (result->x);
+      mpi_clear (result->y);
+      mpi_clear (result->z);
+    }
+  else
+    {
+      mpi_set (result->x, point->x);
+      mpi_set (result->y, yy);
+      mpi_set (result->z, point->z);
+    }
+  mpi_free (yy); yy = NULL;
 
   p1.x = x1; x1 = NULL;
   p1.y = y1; y1 = NULL;
author	Werner Koch <wk@wheatstone.g10code.de>	2013-04-16 18:59:22 +0200
committer	Werner Koch <wk@gnupg.org>	2013-04-18 10:03:24 +0200
commit	cc2f85116226bf9e2b77c4949eb1e7ea2357f67d (patch)
tree	05a259f0e6a9bea61012e4850606cb4c8232612d
parent	c7362450c679736ceb82e95fac2e251972f3ea1e (diff)
download	libgcrypt-cc2f85116226bf9e2b77c4949eb1e7ea2357f67d.tar.gz