8 files changed, 63 insertions, 38 deletions
diff --git a/openssl/crypto/ec/ec.h b/openssl/crypto/ec/ec.h
index dfe8710d3..572111f16 100644
--- a/openssl/crypto/ec/ec.h
+++ b/openssl/crypto/ec/ec.h
@@ -629,7 +629,7 @@ int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN
 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
 int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
 
-/** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
+/** Computes r = generator * n sum_{i=0}^{num-1} p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
  *  \param  r      EC_POINT object for the result
  *  \param  n      BIGNUM with the multiplier for the group generator (optional)
diff --git a/openssl/crypto/ec/ec2_smpl.c b/openssl/crypto/ec/ec2_smpl.c
index e0e59c7d8..62223cbb0 100644
--- a/openssl/crypto/ec/ec2_smpl.c
+++ b/openssl/crypto/ec/ec2_smpl.c
@@ -80,9 +80,6 @@
 
 const EC_METHOD *EC_GF2m_simple_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gf2m_simple_method();
-#else
 	static const EC_METHOD ret = {
 		EC_FLAGS_DEFAULT_OCT,
 		NID_X9_62_characteristic_two_field,
@@ -125,8 +122,12 @@ const EC_METHOD *EC_GF2m_simple_method(void)
 		0 /* field_decode */,
 		0 /* field_set_to_one */ };
 
-	return &ret;
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return fips_ec_gf2m_simple_method();
 #endif
+
+	return &ret;
 	}
 
 
diff --git a/openssl/crypto/ec/ec_ameth.c b/openssl/crypto/ec/ec_ameth.c
index f715a238a..11283769b 100644
--- a/openssl/crypto/ec/ec_ameth.c
+++ b/openssl/crypto/ec/ec_ameth.c
@@ -453,14 +453,16 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
 	if (ktype > 0)
 		{
 		public_key = EC_KEY_get0_public_key(x);
-		if ((pub_key = EC_POINT_point2bn(group, public_key,
-			EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
+		if (public_key != NULL)
 			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-		if (pub_key)
+			if ((pub_key = EC_POINT_point2bn(group, public_key,
+				EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
+				{
+				reason = ERR_R_EC_LIB;
+				goto err;
+				}
 			buf_len = (size_t)BN_num_bytes(pub_key);
+			}
 		}
 
 	if (ktype == 2)
diff --git a/openssl/crypto/ec/ec_asn1.c b/openssl/crypto/ec/ec_asn1.c
index e94f34e11..52d31c2f9 100644
--- a/openssl/crypto/ec/ec_asn1.c
+++ b/openssl/crypto/ec/ec_asn1.c
@@ -1183,29 +1183,46 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
 		goto err;
 		}
 
+	if (ret->pub_key)
+		EC_POINT_clear_free(ret->pub_key);
+	ret->pub_key = EC_POINT_new(ret->group);
+	if (ret->pub_key == NULL)
+		{
+		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+		goto err;
+		}
+
 	if (priv_key->publicKey)
 		{
 		const unsigned char *pub_oct;
-		size_t pub_oct_len;
+		int pub_oct_len;
 
-		if (ret->pub_key)
-			EC_POINT_clear_free(ret->pub_key);
-		ret->pub_key = EC_POINT_new(ret->group);
-		if (ret->pub_key == NULL)
+		pub_oct     = M_ASN1_STRING_data(priv_key->publicKey);
+		pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
+		/* The first byte - point conversion form - must be present. */
+                if (pub_oct_len <= 0)
 			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+			ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_BUFFER_TOO_SMALL);
 			goto err;
 			}
-		pub_oct     = M_ASN1_STRING_data(priv_key->publicKey);
-		pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
-		/* save the point conversion form */
+		/* Save the point conversion form. */
 		ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
 		if (!EC_POINT_oct2point(ret->group, ret->pub_key,
-			pub_oct, pub_oct_len, NULL))
+					pub_oct, (size_t)(pub_oct_len), NULL))
+			{
+			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+	else
+		{
+		if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, NULL, NULL, NULL))
 			{
 			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
 			goto err;
 			}
+		/* Remember the original private-key-only encoding. */
+		ret->enc_flag |= EC_PKEY_NO_PUBKEY;
 		}
 
 	ok = 1;
@@ -1230,7 +1247,8 @@ int	i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
 	size_t          buf_len=0, tmp_len;
 	EC_PRIVATEKEY   *priv_key=NULL;
 
-	if (a == NULL || a->group == NULL || a->priv_key == NULL)
+	if (a == NULL || a->group == NULL || a->priv_key == NULL ||
+	    (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL))
 		{
 		ECerr(EC_F_I2D_ECPRIVATEKEY,
                       ERR_R_PASSED_NULL_PARAMETER);
diff --git a/openssl/crypto/ec/ecp_mont.c b/openssl/crypto/ec/ecp_mont.c
index f04f132c7..3c5ec1965 100644
--- a/openssl/crypto/ec/ecp_mont.c
+++ b/openssl/crypto/ec/ecp_mont.c
@@ -72,9 +72,6 @@
 
 const EC_METHOD *EC_GFp_mont_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gfp_mont_method();
-#else
 	static const EC_METHOD ret = {
 		EC_FLAGS_DEFAULT_OCT,
 		NID_X9_62_prime_field,
@@ -114,8 +111,12 @@ const EC_METHOD *EC_GFp_mont_method(void)
 		ec_GFp_mont_field_decode,
 		ec_GFp_mont_field_set_to_one };
 
-	return &ret;
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return fips_ec_gfp_mont_method();
 #endif
+
+	return &ret;
 	}
 
 
diff --git a/openssl/crypto/ec/ecp_nist.c b/openssl/crypto/ec/ecp_nist.c
index aad2d5f44..db3b99e06 100644
--- a/openssl/crypto/ec/ecp_nist.c
+++ b/openssl/crypto/ec/ecp_nist.c
@@ -73,9 +73,6 @@
 
 const EC_METHOD *EC_GFp_nist_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gfp_nist_method();
-#else
 	static const EC_METHOD ret = {
 		EC_FLAGS_DEFAULT_OCT,
 		NID_X9_62_prime_field,
@@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_nist_method(void)
 		0 /* field_decode */,
 		0 /* field_set_to_one */ };
 
-	return &ret;
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return fips_ec_gfp_nist_method();
 #endif
+
+	return &ret;
 	}
 
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
diff --git a/openssl/crypto/ec/ecp_smpl.c b/openssl/crypto/ec/ecp_smpl.c
index ef5285477..2d1f35768 100644
--- a/openssl/crypto/ec/ecp_smpl.c
+++ b/openssl/crypto/ec/ecp_smpl.c
@@ -73,9 +73,6 @@
 
 const EC_METHOD *EC_GFp_simple_method(void)
 	{
-#ifdef OPENSSL_FIPS
-	return fips_ec_gfp_simple_method();
-#else
 	static const EC_METHOD ret = {
 		EC_FLAGS_DEFAULT_OCT,
 		NID_X9_62_prime_field,
@@ -115,8 +112,12 @@ const EC_METHOD *EC_GFp_simple_method(void)
 		0 /* field_decode */,
 		0 /* field_set_to_one */ };
 
-	return &ret;
+#ifdef OPENSSL_FIPS
+	if (FIPS_mode())
+		return fips_ec_gfp_simple_method();
 #endif
+
+	return &ret;
 	}
 
 
@@ -1317,8 +1318,8 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT
 		{
 		for (i = 0; i < num; i++)
 			{
-			if (prod_Z[i] != NULL)
-				BN_clear_free(prod_Z[i]);
+			if (prod_Z[i] == NULL) break;
+			BN_clear_free(prod_Z[i]);
 			}
 		OPENSSL_free(prod_Z);
 		}
diff --git a/openssl/crypto/ec/ectest.c b/openssl/crypto/ec/ectest.c
index 82c8c8bfb..d1bf98059 100644
--- a/openssl/crypto/ec/ectest.c
+++ b/openssl/crypto/ec/ectest.c
@@ -251,14 +251,15 @@ static void group_order_tests(EC_GROUP *group)
 		if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
 
 		/* Exercise EC_POINTs_mul, including corner cases. */
+		if (EC_POINT_is_at_infinity(group, P)) ABORT;
 		scalars[0] = n1; points[0] = Q; /* => infinity */
 		scalars[1] = n2; points[1] = P; /* => -P */
 		scalars[2] = n1; points[2] = Q; /* => infinity */
 		scalars[3] = n2; points[3] = Q; /* => infinity */
 		scalars[4] = n1; points[4] = P; /* => P */
 		scalars[5] = n2; points[5] = Q; /* => infinity */
-		if (!EC_POINTs_mul(group, Q, NULL, 5, points, scalars, ctx)) ABORT;
-		if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+		if (!EC_POINTs_mul(group, P, NULL, 6, points, scalars, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
 		}
 	fprintf(stdout, "ok\n");