Hello, Here are my changes for https://dev.gnupg.org/T7519 (after applying 0001-mpi-ec-Remove-runtime-check-in-ec_mod.patch)
Because libgcrypt exposes lower level API like gcry_mpi_ec_add, gcry_mpi_ec_dup, and gcry_mpi_ec_mul, we need to be conservative to keep exposed behaviors. I introduce new internal flag of GCRYECC_FLAG_LEAST_LEAK to select less-leaky ec_* routines for constant-time computation. NIIBE Yutaka (8): mpi:ec: Use ec_addm for ec_mul2. mpi:ec: Keep A untouched in ec_get_a_is_pminus3. mpi:ec: Refactor _gcry_mpi_ec_mul_point cipher:ecc: Introduce GCRYECC_FLAG_LEAST_LEAK. mpi:ec: Resize when GCRYECC_FLAG_LEAST_LEAK. mpi:ec: Use affine coordinate for mpi_ec_mul_point_lli. mpi:ec: Don't normalize the MPIs when GCRYECC_FLAG_LEAST_LEAK. mpi:ec: Introduce ec_*_lli for Weierstrass curves to be less leaky. cipher/ecc.c | 8 +- mpi/ec-nist.c | 16 +- mpi/ec.c | 739 ++++++++++++++++++++++++++++++++++++++------------ src/cipher.h | 5 + 4 files changed, 582 insertions(+), 186 deletions(-) -- 2.47.2 _______________________________________________ Gcrypt-devel mailing list Gcrypt-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gcrypt-devel
