handle negative scalars correctly when doing point multiplication (86a921af) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/ec/ec_mult.c

+8 −0

Original line number	Diff line number	Diff line
		@@ -187,10 +187,18 @@ int EC_POINTs_mul(const EC_GROUP group, EC_POINT r, BIGNUM *scalar,
		if (i < num)
		{
		if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err;
		if (scalars[i]->neg)
		{
		if (!EC_POINT_invert(group, val_sub[i][0], ctx)) goto err;
		}
		}
		else
		{
		if (!EC_POINT_copy(val_sub[i][0], generator)) goto err;
		if (scalar->neg)
		{
		if (!EC_POINT_invert(group, val_sub[i][0], ctx)) goto err;
		}
		}

		if (wsize[i] > 1)

+17 −2

Original line number	Diff line number	Diff line
		@@ -528,6 +528,21 @@ int main(int argc, char *argv[])
		if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
		if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;

		fprintf(stdout, ".");
		fflush(stdout);

		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
		if (!BN_copy(z, y)) ABORT;
		z->neg = 1;

		points[0] = Q;
		points[1] = Q;
		scalars[0] = y;
		scalars[1] = z;

		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
		if (!EC_POINT_is_at_infinity(group, P)) ABORT;

		fprintf(stdout, " ok\n\n");
		}