[PATCH 1/2] mpi:ec: Make sure to have MPI limbs in ECC.

[NIIBE Yutaka]

* src/mpi.h (_gcry_mpi_point_init): Add NBITS argument.
* mpi/ec.c (point_init): Follow the change.
(_gcry_mpi_point_log): Fix mpi_new with NBITS.
(_gcry_mpi_point_new): Fix _gcry_mpi_point_init with NBITS.
(_gcry_mpi_point_init): Initialize with mpi_new with NBITS.
(_gcry_mpi_ec_get_affine): Fix mpi_new with NBITS.
(montgomery_mul_point): Fix point_init with NBITS.
(mpi_ec_mul_point_lli): Fix point_init and mpi_new with NBITS.
(_gcry_mpi_ec_mul_point): Fix point_init with NBITS.
(_gcry_mpi_ec_curve_point): Fix mpi_new with NBITS.
* mpi/ec-hw-s390x.c (_gcry_s390x_ec_hw_mul_point): Likewise.
(s390_mul_point_montgomery): Likewise.
* cipher/ecc-common.h (point_init): Follow the change of
_gcry_mpi_point_init.
* cipher/ecc-curves.c (_gcry_ecc_get_curve): Likewise.
(point_from_keyparam): Fix mpi_point_new with NBITS.
(mpi_ec_get_elliptic_curve): Follow the change of
_gcry_mpi_point_init.
(_gcry_ecc_set_mpi): Fix mpi_point_new with NBITS.
* cipher/ecc-ecdh.c (_gcry_ecc_curve_keypair)
(_gcry_ecc_curve_mul_point): Fix point_init with NBITS.
* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise.
(_gcry_ecc_ecdsa_verify): Likewise.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_encodepoint, ecc_ed448_recover_x)
(_gcry_ecc_eddsa_recover_x): Fix mpi_new with NBITS.
(_gcry_ecc_eddsa_genkey): Remove unused X and Y.  Fix point_init with
NBITS.
(_gcry_ecc_eddsa_sign): Fix mpi_new with NBITS.  Fix point_init with
NBITS.
(_gcry_ecc_eddsa_verify): Fix point_init with NBITS.
* cipher/ecc-gost.c (_gcry_ecc_gost_sign, _gcry_ecc_gost_verify):
Likewise.
* cipher/ecc-misc.c (_gcry_ecc_curve_copy): Follow the change of
_gcry_mpi_point_init.
(_gcry_mpi_ec_ec2os, _gcry_ecc_sec_decodepoint): Fix mpi_new with
NBITS.
(_gcry_ecc_compute_public): Fix mpi_point_new with NBITS.
* cipher/ecc-sm2.c (_gcry_ecc_sm2_encrypt): Fix point_init with NBITS.
Fix mpi_new with NBITS.
(_gcry_ecc_sm2_decrypt, _gcry_ecc_sm2_sign, _gcry_ecc_sm2_verify):
Likewise.
* cipher/ecc.c (nist_generate_key): Fix point_init with NBITS.
(test_keys): Likewise.
(test_ecdh_only_keys): Fix point_init and mpi_new with NBITS.
(check_secret_key): Likewise.
(ecc_generate): Fix mpi_new with NBITS.
(ecc_encrypt_raw): Fix mpi_new and point_init with NBITS.
(ecc_decrypt_raw): Fix point_init and mpi_new with NBITS.
(compute_keygrip): Fix mpi_new with NBITS.

--

The changes for ECC least leak assume that the limbs for MPI are
allocated and enough.  In the past, we had a practice to use
"mpi_new (0)" to initialize an MPI, which only allocates the
placeholder of MPI and not the limbs.  This is the fix of those places
in ECC.

GnuPG-bug-id: 8094
Signed-off-by: NIIBE Yutaka <gniibe at fsij.org>
---
 cipher/ecc-common.h |  2 +-
 cipher/ecc-curves.c |  8 +++----
 cipher/ecc-ecdh.c   |  6 ++---
 cipher/ecc-ecdsa.c  |  8 +++----
 cipher/ecc-eddsa.c  | 44 ++++++++++++++++-------------------
 cipher/ecc-gost.c   |  8 +++----
 cipher/ecc-misc.c   | 18 +++++++--------
 cipher/ecc-sm2.c    | 38 +++++++++++++++---------------
 cipher/ecc.c        | 55 ++++++++++++++++++++++----------------------
 mpi/ec-hw-s390x.c   |  6 ++---
 mpi/ec.c            | 56 ++++++++++++++++++++++-----------------------
 src/mpi.h           |  2 +-
 12 files changed, 123 insertions(+), 128 deletions(-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-mpi-ec-Make-sure-to-have-MPI-limbs-in-ECC.patch
Type: text/x-patch
Size: 22200 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20260214/6e6d7ccd/attachment-0001.bin>