ecc: Fix the regression of gcry_mpi_ec_add.

* mpi/ec.c (_gcry_mpi_ec_point_resize): Export the routine
for internal use.
(add_points_edwards, _gcry_mpi_ec_mul_point): Use mpi_point_resize.
* src/gcrypt-int.h (_gcry_mpi_ec_point_resize): Declare.

* src/visibility.c (gcry_mpi_ec_dup, gcry_mpi_ec_add): Make sure for
the size of limb before calling the internal functions.
(gcry_mpi_ec_sub): Likewise.

--

GnuPG-bug-id: 5372
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

3 files changed, 44 insertions, 17 deletions

diff --git a/mpi/ec.c b/mpi/ec.c
index 659bb5ca..0b6ae9a9 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -154,8 +154,8 @@ _gcry_mpi_point_copy (gcry_mpi_point_t point)
 }
 
 
-static void
-point_resize (mpi_point_t p, mpi_ec_t ctx)
+void
+_gcry_mpi_ec_point_resize (mpi_point_t p, mpi_ec_t ctx)
 {
   size_t nlimbs = ctx->p->nlimbs;
 
@@ -1483,7 +1483,7 @@ add_points_edwards (mpi_point_t result,
 #define G (ctx->t.scratch[6])
 #define tmp (ctx->t.scratch[7])
 
-  point_resize (result, ctx);
+  mpi_point_resize (result, ctx);
 
   /* Compute: (X_3 : Y_3 : Z_3) = (X_1 : Y_1 : Z_1) + (X_2 : Y_2 : Z_3)  */
 
@@ -1711,7 +1711,7 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
           mpi_set_ui (result->x, 0);
           mpi_set_ui (result->y, 1);
           mpi_set_ui (result->z, 1);
-          point_resize (point, ctx);
+          mpi_point_resize (point, ctx);
         }
 
       if (mpi_is_secure (scalar))
@@ -1721,8 +1721,8 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
           mpi_point_struct tmppnt;
 
           point_init (&tmppnt);
-          point_resize (result, ctx);
-          point_resize (&tmppnt, ctx);
+          mpi_point_resize (result, ctx);
+          mpi_point_resize (&tmppnt, ctx);
           for (j=nbits-1; j >= 0; j--)
             {
               _gcry_mpi_ec_dup_point (result, result, ctx);
@@ -1735,8 +1735,8 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
         {
           if (ctx->model == MPI_EC_EDWARDS)
             {
-              point_resize (result, ctx);
-              point_resize (point, ctx);
+              mpi_point_resize (result, ctx);
+              mpi_point_resize (point, ctx);
             }
 
           for (j=nbits-1; j >= 0; j--)
@@ -1798,10 +1798,10 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
           scalar = a;
         }
 
-      point_resize (&p1, ctx);
-      point_resize (&p2, ctx);
-      point_resize (&p1_, ctx);
-      point_resize (&p2_, ctx);
+      mpi_point_resize (&p1, ctx);
+      mpi_point_resize (&p2, ctx);
+      mpi_point_resize (&p1_, ctx);
+      mpi_point_resize (&p2_, ctx);
 
       mpi_resize (point->x, ctx->p->nlimbs);
       point->x->nlimbs = ctx->p->nlimbs;
diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h
index 086953d7..858b92ce 100644
--- a/src/gcrypt-int.h
+++ b/src/gcrypt-int.h
@@ -421,6 +421,7 @@ gcry_mpi_point_t _gcry_mpi_ec_get_point (const char *name,
                                         gcry_ctx_t ctx, int copy);
 int _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
                              mpi_ec_t ctx);
+void _gcry_mpi_ec_point_resize (gcry_mpi_point_t p, mpi_ec_t ctx);
 void _gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
 void _gcry_mpi_ec_add (gcry_mpi_point_t w,
                        gcry_mpi_point_t u, gcry_mpi_point_t v, mpi_ec_t ctx);
@@ -513,6 +514,7 @@ int _gcry_mpi_get_flag (gcry_mpi_t a, enum gcry_mpi_flag flag);
 #define mpi_point_set(p,x,y,z)        _gcry_mpi_point_set((p),(x),(y),(z))
 #define mpi_point_snatch_set(p,x,y,z) _gcry_mpi_point_snatch_set((p),(x), \
                                                                  (y),(z))
+#define mpi_point_resize(p,ctx) _gcry_mpi_ec_point_resize (p, ctx)
 
 #define mpi_get_nbits(a)       _gcry_mpi_get_nbits ((a))
 #define mpi_test_bit(a,b)      _gcry_mpi_test_bit ((a),(b))
diff --git a/src/visibility.c b/src/visibility.c
index 8cda962c..b94b1fe9 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -26,6 +26,7 @@
 #include "cipher-proto.h"
 #include "context.h"
 #include "mpi.h"
+#include "ec-context.h"
 
 const char *
 gcry_strerror (gcry_error_t err)
@@ -570,23 +571,47 @@ gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_point_t point,
 void
 gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx)
 {
-  _gcry_mpi_ec_dup_point (w, u, _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+  mpi_ec_t ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC);
+
+  if (ec->model == MPI_EC_EDWARDS || ec->model == MPI_EC_MONTGOMERY)
+    {
+      mpi_point_resize (w, ec);
+      mpi_point_resize (u, ec);
+    }
+
+  _gcry_mpi_ec_dup_point (w, u, ec);
 }
 
 void
 gcry_mpi_ec_add (gcry_mpi_point_t w,
                  gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx)
 {
-  _gcry_mpi_ec_add_points (w, u, v,
-                           _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+  mpi_ec_t ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC);
+
+  if (ec->model == MPI_EC_EDWARDS || ec->model == MPI_EC_MONTGOMERY)
+    {
+      mpi_point_resize (w, ec);
+      mpi_point_resize (u, ec);
+      mpi_point_resize (v, ec);
+    }
+
+  _gcry_mpi_ec_add_points (w, u, v, ec);
 }
 
 void
 gcry_mpi_ec_sub (gcry_mpi_point_t w,
                  gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx)
 {
-  _gcry_mpi_ec_sub_points (w, u, v,
-                           _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+  mpi_ec_t ec = _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC);
+
+  if (ec->model == MPI_EC_EDWARDS || ec->model == MPI_EC_MONTGOMERY)
+    {
+      mpi_point_resize (w, ec);
+      mpi_point_resize (u, ec);
+      mpi_point_resize (v, ec);
+    }
+
+  _gcry_mpi_ec_sub_points (w, u, v, ec);
 }
 
 void