From 86a921af06f52d1b16fbc8a76d8f0ff1950d1c8a Mon Sep 17 00:00:00 2001 From: Bodo Möller Date: Sun, 11 Mar 2001 08:44:50 +0000 Subject: handle negative scalars correctly when doing point multiplication --- crypto/ec/ec_mult.c | 8 ++++++++ crypto/ec/ectest.c | 19 +++++++++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) (limited to 'crypto/ec') diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index ddd3db5921..01574d8c93 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -187,10 +187,18 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, BIGNUM *scalar, if (i < num) { if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err; + if (scalars[i]->neg) + { + if (!EC_POINT_invert(group, val_sub[i][0], ctx)) goto err; + } } else { if (!EC_POINT_copy(val_sub[i][0], generator)) goto err; + if (scalar->neg) + { + if (!EC_POINT_invert(group, val_sub[i][0], ctx)) goto err; + } } if (wsize[i] > 1) diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c index b68e27e98a..766a0dbc75 100644 --- a/crypto/ec/ectest.c +++ b/crypto/ec/ectest.c @@ -519,7 +519,7 @@ int main(int argc, char *argv[]) scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ scalars[1] = y; - fprintf(stdout, "simultaneous multiplication ... "); + fprintf(stdout, "simultaneous multiplication ..."); fflush(stdout); /* z is still the group order */ @@ -528,7 +528,22 @@ int main(int argc, char *argv[]) if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT; - fprintf(stdout, "ok\n\n"); + fprintf(stdout, "."); + fflush(stdout); + + if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; + if (!BN_copy(z, y)) ABORT; + z->neg = 1; + + points[0] = Q; + points[1] = Q; + scalars[0] = y; + scalars[1] = z; + + if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; + if (!EC_POINT_is_at_infinity(group, P)) ABORT; + + fprintf(stdout, " ok\n\n"); } -- cgit v1.2.3