Adding shortcut for all-bits-zero payloads (mbedtls_ecp_mul_shortcuts()) and returning proper error code (MBEDTLS_ERR_ECP_INVALID_KEY) for that case (ecjpake_zkp_read()).

Signed-off-by: TRodziewicz <rodziewicz@gmail.com>
2026-03-20 19:21:09 +01:00 · 2021-02-24 14:01:40 +01:00
parent 5068b061ac
commit 28b61074d1
2 changed files with 13 additions and 2 deletions
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -286,6 +286,13 @@ static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
     * Verification
     */
    MBEDTLS_MPI_CHK( ecjpake_hash( md_info, grp, pf, G, &V, X, id, &h ) );
+
+    if( mbedtls_mpi_cmp_int( &r,0 ) == 0 )
+    {
+        ret = MBEDTLS_ERR_ECP_INVALID_KEY;
+        goto cleanup;
+    }
+
    MBEDTLS_MPI_CHK( mbedtls_ecp_muladd( (mbedtls_ecp_group *) grp,
                     &VV, &h, X, &r, G ) );

--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2795,7 +2795,7 @@ cleanup:

 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
 /*
- * R = m * P with shortcuts for m == 1 and m == -1
+ * R = m * P with shortcuts for m == 0, m == 1 and m == -1
 * NOT constant-time - ONLY for short Weierstrass!
 */
 static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
@@ -2806,7 +2806,11 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

-    if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
+    if( mbedtls_mpi_cmp_int( m, 0 ) == 0 )
+    {
+        MBEDTLS_MPI_CHK( mbedtls_ecp_set_zero( R ) );
+    }
+    else if( mbedtls_mpi_cmp_int( m, 1 ) == 0 )
    {
        MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, P ) );
    }