#### Topic: [OpenSSL interface] Question about EC_POINT_MUL

Hello all,

Happy new year and best wishes to all the community.

I have a question about the OpenSSL interface API and the function ECC_POINT_mul.

It seems that the behavior of this function is not conform with the OpenSSL requirements.

Following the manpage

https://www.openssl.org/docs/manmaster/ … T_mul.html

"EC_POINT_mul is a convenient interface to EC_POINTs_mul: it calculates the value generator * n + q * m and stores the result in r. The value n may be NULL in which case the result is just q * m (variable point multiplication). Alternatively, both q and m may be NULL, and n non-NULL, in which case the result is just generator * n (fixed point multiplication).[...]"

But in the code of WolfSSL the wolfSSL_EC_POINT_mul (here from v4.1.0) not follows this requirement and stop the processing.

if (group == NULL || r == NULL || r->internal == NULL ||

q == NULL || q->internal == NULL || m == NULL) {

WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error");

return WOLFSSL_FAILURE;

}

In my case I try to do a Q = d * G point multiplication to generate a public key.

So only the group [group], the result variable [r] and the private scalar [d] are necessary.

You could see this type of usage with the JOSE librairy from CISCO which use OpenSSL interface to perform cryptographic computing like:

if (1 != EC_POINT_mul(params, Q, bnD, NULL, NULL, NULL))

{

CJOSE_ERROR(err, CJOSE_ERR_NO_MEMORY);

goto create_EC_failed;

}

Into the OpenSSL implementation, this function follows the requirement of the manpage without filtering (here from openSSL master repository)

int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,

const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)

{

/* just a convenient interface to EC_POINTs_mul() */

const EC_POINT *points[1];

const BIGNUM *scalars[1];

points[0] = point;

scalars[0] = p_scalar;

return EC_POINTs_mul(group, r, g_scalar,

(point != NULL

&& p_scalar != NULL), points, scalars, ctx);

}

Can you confirm this difference and explains the reason ?

Have you ever meet this problem by using the JOSE implementation from CISCO and WolfSSL ?

Thanks to all for your help.