From b3d0bcf5a185842d2c717927eef03577fd61a912 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Wed, 20 Jan 2021 09:40:19 +0100
Subject: [PATCH] Fix ecc_ecdsa_verify corner case with all-zero hash.

---
 ChangeLog          | 5 +++++
 ecc-ecdsa-verify.c | 6 +++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a5506897..fe7241e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2021-01-20  Niels Möller  <nisse@lysator.liu.se>
+
+	* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Fix corner case with
+	all-zero hash. Reported by Guido Vranken.
+
 2021-01-10  Niels Möller  <nisse@lysator.liu.se>
 
 	* fat-ppc.c: Don't use __GLIBC_PREREQ in the same preprocessor
diff --git a/ecc-ecdsa-verify.c b/ecc-ecdsa-verify.c
index 2b5b6921..1b2dcca7 100644
--- a/ecc-ecdsa-verify.c
+++ b/ecc-ecdsa-verify.c
@@ -132,12 +132,12 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
 	 private key by guessing.
        */
       /* Total storage: 6*ecc->p.size + ecc->add_hhh_itch */
-      ecc->add_hhh (ecc, P1, P1, P2, P1 + 3*ecc->p.size);
+      ecc->add_hhh (ecc, P2, P2, P1, P1 + 3*ecc->p.size);
     }
   /* x coordinate only, modulo q */
-  ecc->h_to_a (ecc, 2, P2, P1, P1 + 3*ecc->p.size);
+  ecc->h_to_a (ecc, 2, P1, P2, P1 + 3*ecc->p.size);
 
-  return (mpn_cmp (rp, P2, ecc->p.size) == 0);
+  return (mpn_cmp (rp, P1, ecc->p.size) == 0);
 #undef P2
 #undef P1
 #undef sinv