[Cryptech-Commits] [sw/libhal] 02/02: Impressive how much trouble one can get into with one uninitialized bignum.

[git at cryptech.is]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository sw/libhal.

commit 27076d80252718dd0fba70ec9ab72f32f999061c
Author: Rob Austein <sra at hactrn.net>
Date:   Fri Oct 2 21:35:57 2015 -0400

    Impressive how much trouble one can get into with one uninitialized bignum.
---
 ecdsa.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ecdsa.c b/ecdsa.c
index d355cbb..32855df 100644
--- a/ecdsa.c
+++ b/ecdsa.c
@@ -363,8 +363,8 @@ static inline hal_error_t point_to_montgomery(ec_point_t *P,
   if (fp_cmp_d(unconst_fp_int(P->z), 1) != FP_EQ)
     return HAL_ERROR_BAD_ARGUMENTS;
 
-  if (fp_mulmod(unconst_fp_int(P->x), unconst_fp_int(curve->mu), unconst_fp_int(curve->q), P->x) != FP_OKAY ||
-      fp_mulmod(unconst_fp_int(P->y), unconst_fp_int(curve->mu), unconst_fp_int(curve->q), P->y) != FP_OKAY)
+  if (fp_mulmod(P->x, unconst_fp_int(curve->mu), unconst_fp_int(curve->q), P->x) != FP_OKAY ||
+      fp_mulmod(P->y, unconst_fp_int(curve->mu), unconst_fp_int(curve->q), P->y) != FP_OKAY)
     return HAL_ERROR_IMPOSSIBLE;
 
   fp_copy(unconst_fp_int(curve->mu), P->z);
@@ -529,6 +529,7 @@ static inline void point_add(const ec_point_t * const P,
   const int P_was_infinite = point_is_infinite(P);
 
   fp_int Qy_neg[1];
+  fp_init(Qy_neg);
   fp_sub(unconst_fp_int(curve->q), unconst_fp_int(Q->y), Qy_neg);
   const int result_is_infinite = fp_cmp(unconst_fp_int(P->y), Qy_neg) == FP_EQ && same_xz;
   fp_zero(Qy_neg);