Fix for in-place ecc_add_eh.

* ecc-add-eh.c (ecc_add_eh): Fix in-place operation by reordering two multiplies. Previously, in-place operation resulted in an invalid call to mpn_mul with overlapping operands. Reported by Sergei Trofimovich.

Fix for in-place ecc_add_eh.
dcda81d7 · Niels Möller · fd2dc9b0 · dcda81d7 · dcda81d7
Commit dcda81d7 authored 7 years ago by Niels Möller
--- a/ChangeLog
+++ b/ChangeLog
+2017-07-18  Niels Möller  <nisse@lysator.liu.se>
+	* ecc-add-eh.c (ecc_add_eh): Fix in-place operation by reordering
+	two multiplies. Previously, in-place operation resulted in an
+	invalid call to mpn_mul with overlapping operands. Reported by
+	Sergei Trofimovich.
 2017-06-09  Niels Möller  <nisse@lysator.liu.se>
 	* pss.c (pss_verify_mgf1): Check for m being too large, fixing an

--- a/ecc-add-eh.c
+++ b/ecc-add-eh.c
@@ -98,8 +98,8 @@ ecc_add_eh (const struct ecc_curve *ecc,
  ecc_modp_mul (ecc, x3, B, z1);
  /* y3 */
-  ecc_modp_mul (ecc, B, F, C); /* ! */
+  ecc_modp_mul (ecc, B, F, z1); /* ! */
-  ecc_modp_mul (ecc, y3, B, z1);
+  ecc_modp_mul (ecc, y3, B, C); /* Clobbers z1 in case r == p. */
  /* z3 */
  ecc_modp_mul (ecc, B, F, G);