diff options
Diffstat (limited to 'security/libgcrypt/files/patch-cipher_ecc.c')
| -rw-r--r-- | security/libgcrypt/files/patch-cipher_ecc.c | 153 |
1 files changed, 153 insertions, 0 deletions
diff --git a/security/libgcrypt/files/patch-cipher_ecc.c b/security/libgcrypt/files/patch-cipher_ecc.c new file mode 100644 index 000000000000..a6df0bf614da --- /dev/null +++ b/security/libgcrypt/files/patch-cipher_ecc.c @@ -0,0 +1,153 @@ +--- cipher/ecc.c.orig 2025-09-23 13:14:22 UTC ++++ cipher/ecc.c +@@ -256,7 +256,7 @@ nist_generate_key (mpi_ec_t ec, int flags, + gcry_mpi_t x, y; + const unsigned int pbits = ec->nbits; + +- point_init (&Q); ++ point_init (&Q, ec->nbits); + + if ((flags & PUBKEY_FLAG_TRANSIENT_KEY)) + random_level = GCRY_STRONG_RANDOM; +@@ -387,7 +387,7 @@ test_keys (mpi_ec_t ec, unsigned int nbits) + if (DBG_CIPHER) + log_debug ("Testing key.\n"); + +- point_init (&R_); ++ point_init (&R_, ec->nbits); + + _gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM); + +@@ -544,7 +544,7 @@ test_ecdh_only_keys (mpi_ec_t ec, unsigned int nbits, + if (DBG_CIPHER) + log_debug ("Testing ECDH only key.\n"); + +- point_init (&R_); ++ point_init (&R_, ec->nbits); + + if (ec->dialect == ECC_DIALECT_SAFECURVE || (flags & PUBKEY_FLAG_DJB_TWEAK)) + { +@@ -572,8 +572,8 @@ test_ecdh_only_keys (mpi_ec_t ec, unsigned int nbits, + _gcry_mpi_randomize (test, nbits, GCRY_WEAK_RANDOM); + } + +- x0 = mpi_new (0); +- x1 = mpi_new (0); ++ x0 = mpi_new (ec->nbits); ++ x1 = mpi_new (ec->nbits); + + /* R_ = hkQ <=> R_ = hkdG */ + _gcry_mpi_ec_mul_point (&R_, test, ec->Q, ec); +@@ -617,12 +617,12 @@ check_secret_key (mpi_ec_t ec, int flags) + gcry_mpi_t x2 = NULL; + gcry_mpi_t y2 = NULL; + +- point_init (&Q); +- x1 = mpi_new (0); ++ point_init (&Q, ec->nbits); ++ x1 = mpi_new (ec->nbits); + if (ec->model == MPI_EC_MONTGOMERY) + y1 = NULL; + else +- y1 = mpi_new (0); ++ y1 = mpi_new (ec->nbits); + + /* G in E(F_p) */ + if (!_gcry_mpi_ec_curve_point (ec->G, ec)) +@@ -687,8 +687,8 @@ check_secret_key (mpi_ec_t ec, int flags) + } + else + { +- x2 = mpi_new (0); +- y2 = mpi_new (0); ++ x2 = mpi_new (ec->nbits); ++ y2 = mpi_new (ec->nbits); + if (_gcry_mpi_ec_get_affine (x2, y2, ec->Q, ec)) + { + if (DBG_CIPHER) +@@ -751,8 +751,8 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t + goto leave; + + /* Copy data to the result. */ +- Gx = mpi_new (0); +- Gy = mpi_new (0); ++ Gx = mpi_new (ec->nbits); ++ Gy = mpi_new (ec->nbits); + if (ec->model != MPI_EC_MONTGOMERY) + { + if (_gcry_mpi_ec_get_affine (Gx, Gy, ec->G, ec)) +@@ -787,8 +787,8 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t + { + /* This is the case for a key from _gcry_ecc_eddsa_generate + with no compression. */ +- Qx = mpi_new (0); +- Qy = mpi_new (0); ++ Qx = mpi_new (ec->nbits); ++ Qy = mpi_new (ec->nbits); + if (_gcry_mpi_ec_get_affine (Qx, Qy, ec->Q, ec)) + log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); + } +@@ -1369,13 +1369,13 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_da + unsigned int rawmpilen; + + rc = 0; +- x = mpi_new (0); ++ x = mpi_new (ec->nbits); + if (ec->model == MPI_EC_MONTGOMERY) + y = NULL; + else +- y = mpi_new (0); ++ y = mpi_new (ec->nbits); + +- point_init (&R); ++ point_init (&R, ec->nbits); + + /* R = kQ <=> R = kdG */ + _gcry_mpi_ec_mul_point (&R, data, ec->Q, ec); +@@ -1478,12 +1478,13 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_d + int flags = GCRYECC_FLAG_LEAST_LEAK; + int enable_specific_point_validation; + +- point_init (&kG); +- point_init (&R); ++ nbits = ecc_get_nbits (keyparms); + +- _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT, +- (nbits = ecc_get_nbits (keyparms))); ++ point_init (&kG, nbits); ++ point_init (&R, nbits); + ++ _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_DECRYPT, nbits); ++ + /* + * Extract the key. + */ +@@ -1564,11 +1565,11 @@ ecc_decrypt_raw (gcry_sexp_t *r_plain, gcry_sexp_t s_d + { + gcry_mpi_t x, y; + +- x = mpi_new (0); ++ x = mpi_new (ec->nbits); + if (ec->model == MPI_EC_MONTGOMERY) + y = NULL; + else +- y = mpi_new (0); ++ y = mpi_new (ec->nbits); + + if (_gcry_mpi_ec_get_affine (x, y, &R, ec)) + { +@@ -1887,10 +1888,10 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms + * Recover Y. The Weierstrass curve: y^2 = x^3 + a*x + b + */ + +- x3 = mpi_new (0); +- t = mpi_new (0); +- p1_4 = mpi_new (0); +- y = mpi_new (0); ++ x3 = mpi_new (ec->nbits); ++ t = mpi_new (ec->nbits); ++ p1_4 = mpi_new (ec->nbits); ++ y = mpi_new (ec->nbits); + + /* Compute right hand side. */ + mpi_powm (x3, x, mpi_const (MPI_C_THREE), ec->p); |