Further improve/fix ec_GFp_simple_points_make_affine (ecp_smpl.c) and
authorBodo Moeller <bodo@openssl.org>
Wed, 13 Aug 2014 15:37:19 +0000 (17:37 +0200)
committerBodo Moeller <bodo@openssl.org>
Wed, 13 Aug 2014 15:37:19 +0000 (17:37 +0200)
group_order_tests (ectest.c).  Also fix the EC_POINTs_mul documentation (ec.h).

Reviewed-by: emilia@openssl.org
crypto/ec/ec.h
crypto/ec/ecp_smpl.c
crypto/ec/ectest.c

index c357b27..fbec322 100644 (file)
@@ -633,7 +633,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
 
-/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
+/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
  *  \param  r      EC_POINT object for the result
  *  \param  n      BIGNUM with the multiplier for the group generator (optional)
index f2cd6f7..77bf845 100644 (file)
@@ -1311,8 +1311,8 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT
                {
                for (i = 0; i < num; i++)
                        {
-                       if (prod_Z[i] != NULL)
-                               BN_clear_free(prod_Z[i]);
+                       if (prod_Z[i] == NULL) break;
+                       BN_clear_free(prod_Z[i]);
                        }
                OPENSSL_free(prod_Z);
                }
index 82c8c8b..d1bf980 100644 (file)
@@ -251,14 +251,15 @@ static void group_order_tests(EC_GROUP *group)
                if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
 
                /* Exercise EC_POINTs_mul, including corner cases. */
+               if (EC_POINT_is_at_infinity(group, P)) ABORT;
                scalars[0] = n1; points[0] = Q; /* => infinity */
                scalars[1] = n2; points[1] = P; /* => -P */
                scalars[2] = n1; points[2] = Q; /* => infinity */
                scalars[3] = n2; points[3] = Q; /* => infinity */
                scalars[4] = n1; points[4] = P; /* => P */
                scalars[5] = n2; points[5] = Q; /* => infinity */
-               if (!EC_POINTs_mul(group, Q, NULL, 5, points, scalars, ctx)) ABORT;
-               if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+               if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) ABORT;
+               if (!EC_POINT_is_at_infinity(group, P)) ABORT;
                }
        fprintf(stdout, "ok\n");