>>>>> thanks! Was away last week and so didn't have a chance to try fixing this.
>>>>>
>>>>> I'll patch that it and run the tests against it.
>>>> I've run out of time tracking this down for today, but I got to the
>>>> point where setting the Jacobian coordinates:
>>>>
>>>> X: C4EB2994C09557B400FF6A543CFB257F945E86FE3DF1D32A8128F32927666A8F
>>>> Y: 3D5283F8F10F559AE5310005005F321B28D2D699F3E01F179F91AC6660013328
>>>> Z: F97FD7E6757991A2C7E0C2488FF3C54E58030BCACF3FB95954FD3EF211C24631
>>>>
>>>> and multiplying that point by
>>>> 2269520AFB46450398DE95AE59DDBDC1D42B8B7030F81BCFEF12D819C1D678DD
>>>> results in the affine point:
>>>>
>>>> x: 4BBC2813F69EF6A4D3E69E2832E9A9E97FF59F8C136DCDBD9509BC685FF337FD
>>>> y: BDCB623715CE2D983CFC2776C6EED4375454BE2C88932D43856906C1DC7A0BD7
>>>>
>>>> However, I believe that the result should be:
>>>>
>>>> x: C2910AA0216D12DE30C5573CCFC4116546E3091DC1E9EC8604F634185CE40863
>>>> y: C9071E13D688C305CE179C6168DD9066657BC6CDC1639A44B68DF7F1E0A40EDF
>>> I do get the latter...
>> ... in master, and I get the former in 1.0.2. Looking into it...
>
> Attached patch produces correct result in 1.0.2. Looking further for
> explanation...
Oops! Wrong patch! Correct one attached. If you feel like testing the
wrong one, go ahead, but there are some later non-essential adjustments.
diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c
index bf3fcc6..33b07ce 100644
--- a/crypto/ec/ecp_nistz256.c
+++ b/crypto/ec/ecp_nistz256.c
@@ -637,7 +637,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *
group,
ecp_nistz256_point_double(&row[10 - 1], &row[ 5 - 1]);
ecp_nistz256_point_add (&row[15 - 1], &row[14 - 1], &row[1 - 1]);
ecp_nistz256_point_add (&row[11 - 1], &row[10 - 1], &row[1 - 1]);
- ecp_nistz256_point_add (&row[16 - 1], &row[15 - 1], &row[1 - 1]);
+ ecp_nistz256_point_double(&row[16 - 1], &row[ 8 - 1]);
}
index = 255;
