mpi:ec: Make sure to have MPI limbs in ECC.
* src/mpi.h (_gcry_mpi_point_init): Add NBITS argument. * mpi/ec.c (point_init): Follow the change. (_gcry_mpi_point_log): Fix mpi_new with NBITS. (_gcry_mpi_point_new): Fix _gcry_mpi_point_init with NBITS. (_gcry_mpi_point_init): Initialize with mpi_new with NBITS. (_gcry_mpi_ec_get_affine): Fix mpi_new with NBITS. (montgomery_mul_point): Fix point_init with NBITS. (mpi_ec_mul_point_lli): Fix point_init and mpi_new with NBITS. (_gcry_mpi_ec_mul_point): Fix point_init with NBITS. (_gcry_mpi_ec_curve_point): Fix mpi_new with NBITS. * mpi/ec-hw-s390x.c (_gcry_s390x_ec_hw_mul_point): Likewise. (s390_mul_point_montgomery): Likewise. * cipher/ecc-common.h (point_init): Follow the change of _gcry_mpi_point_init. * cipher/ecc-curves.c (_gcry_ecc_get_curve): Likewise. (point_from_keyparam): Fix mpi_point_new with NBITS. (mpi_ec_get_elliptic_curve): Follow the change of _gcry_mpi_point_init. (_gcry_ecc_set_mpi): Fix mpi_point_new with NBITS. * cipher/ecc-ecdh.c (_gcry_ecc_curve_keypair) (_gcry_ecc_curve_mul_point): Fix point_init with NBITS. * cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Likewise. (_gcry_ecc_ecdsa_verify): Likewise. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_encodepoint, ecc_ed448_recover_x) (_gcry_ecc_eddsa_recover_x): Fix mpi_new with NBITS. (_gcry_ecc_eddsa_genkey): Remove unused X and Y. Fix point_init with NBITS. (_gcry_ecc_eddsa_sign): Fix mpi_new with NBITS. Fix point_init with NBITS. (_gcry_ecc_eddsa_verify): Fix point_init with NBITS. * cipher/ecc-gost.c (_gcry_ecc_gost_sign, _gcry_ecc_gost_verify): Likewise. * cipher/ecc-misc.c (_gcry_ecc_curve_copy): Follow the change of _gcry_mpi_point_init. (_gcry_mpi_ec_ec2os, _gcry_ecc_sec_decodepoint): Fix mpi_new with NBITS. (_gcry_ecc_compute_public): Fix mpi_point_new with NBITS. * cipher/ecc-sm2.c (_gcry_ecc_sm2_encrypt): Fix point_init with NBITS. Fix mpi_new with NBITS. (_gcry_ecc_sm2_decrypt, _gcry_ecc_sm2_sign, _gcry_ecc_sm2_verify): Likewise. * cipher/ecc.c (nist_generate_key): Fix point_init with NBITS. (test_keys): Likewise. (test_ecdh_only_keys): Fix point_init and mpi_new with NBITS. (check_secret_key): Likewise. (ecc_generate): Fix mpi_new with NBITS. (ecc_encrypt_raw): Fix mpi_new and point_init with NBITS. (ecc_decrypt_raw): Fix point_init and mpi_new with NBITS. (compute_keygrip): Fix mpi_new with NBITS.
The changes for ECC least leak assume that the limbs for MPI are
allocated and enough. In the past, we had a practice to use
"mpi_new (0)" to initialize an MPI, which only allocates the
placeholder of MPI and not the limbs. This is the fix of those places
in ECC.
- GnuPG-bug-id: T8094
- Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>