multiplication by 0 in wc_ecc_mulmod and point at infinity about wolfssl HOT 5 OPEN

Hi @a-def

The function doesn't support zero in 5.7.0.

I've put up a PR that fixes this and added a test case to ensure we keep this behavior.

Is this all you need?

from wolfssl.

Hi @a-def ,

I've re-opened this (it auto closed) as I would like to have your feedback on the PR. Please let us know if this PR resolves the issue or if you see anything else.

Thanks,
David Garske, wolfSSL

from wolfssl.

Hi,

Great, thank you for this quick fix. That's all.

from wolfssl.

Version

Most recent master

Description

Hello,

I've re-opened this issue as the fix still leads to unexpected behavior.

By setting z to 0, the resulting output would be treated as an invalid point down the line.

For example, testing if the output is on the curve with wc_ecc_point_is_on_curve would fail. Indeed, wc_ecc_is_point would return with ECC_BAD_ARG_E because the z of the output is set to 0 after a multiplication by 0.

Yet, point at infinity is a valid point on the curve. I wonder if it is relevant to set z to 1 and/or add a conditional statement in wc_ecc_is_point to handle the point at infinity.

from wolfssl.

Hi @a-def

I've put up a pull request with the change to set z to 1.
I did debate this in my mind but the safe add and double don't use the z so I thought it was safe!

Let me know if this fixes things for you.

Sean :-)

from wolfssl.