From dda1f8a0c46e15b4a235163470ff700b2f13dcc5 Mon Sep 17 00:00:00 2001
From: Thomas Pornin <pornin@bolet.org>
Date: Fri, 24 Apr 2020 15:18:58 +0200
Subject: [PATCH 1/1] Harmonized behaviour when point length is invalid.

---
 src/ec/ec_p256_m15.c  | 22 ++++++++--------------
 src/ec/ec_p256_m31.c  | 22 ++++++++--------------
 src/ec/ec_prime_i15.c | 10 +++++++---
 src/ec/ec_prime_i31.c | 13 ++++++++++---
 4 files changed, 33 insertions(+), 34 deletions(-)

diff --git a/src/ec/ec_p256_m15.c b/src/ec/ec_p256_m15.c
index 8d68d1d..05800d8 100644
--- a/src/ec/ec_p256_m15.c
+++ b/src/ec/ec_p256_m15.c
@@ -2039,12 +2039,13 @@ api_mul(unsigned char *G, size_t Glen,
 	p256_jacobian P;
 
 	(void)curve;
+	if (Glen != 65) {
+		return 0;
+	}
 	r = p256_decode(&P, G, Glen);
 	p256_mul(&P, x, xlen);
-	if (Glen >= 65) {
-		p256_to_affine(&P);
-		p256_encode(G, &P);
-	}
+	p256_to_affine(&P);
+	p256_encode(G, &P);
 	return r;
 }
 
@@ -2059,16 +2060,6 @@ api_mulgen(unsigned char *R,
 	p256_to_affine(&P);
 	p256_encode(R, &P);
 	return 65;
-
-	/*
-	const unsigned char *G;
-	size_t Glen;
-
-	G = api_generator(curve, &Glen);
-	memcpy(R, G, Glen);
-	api_mul(R, Glen, x, xlen, curve);
-	return Glen;
-	*/
 }
 
 static uint32_t
@@ -2081,6 +2072,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len,
 	int i;
 
 	(void)curve;
+	if (len != 65) {
+		return 0;
+	}
 	r = p256_decode(&P, A, len);
 	p256_mul(&P, x, xlen);
 	if (B == NULL) {
diff --git a/src/ec/ec_p256_m31.c b/src/ec/ec_p256_m31.c
index d57ef7b..b185937 100644
--- a/src/ec/ec_p256_m31.c
+++ b/src/ec/ec_p256_m31.c
@@ -1384,12 +1384,13 @@ api_mul(unsigned char *G, size_t Glen,
 	p256_jacobian P;
 
 	(void)curve;
+	if (Glen != 65) {
+		return 0;
+	}
 	r = p256_decode(&P, G, Glen);
 	p256_mul(&P, x, xlen);
-	if (Glen >= 65) {
-		p256_to_affine(&P);
-		p256_encode(G, &P);
-	}
+	p256_to_affine(&P);
+	p256_encode(G, &P);
 	return r;
 }
 
@@ -1404,16 +1405,6 @@ api_mulgen(unsigned char *R,
 	p256_to_affine(&P);
 	p256_encode(R, &P);
 	return 65;
-
-	/*
-	const unsigned char *G;
-	size_t Glen;
-
-	G = api_generator(curve, &Glen);
-	memcpy(R, G, Glen);
-	api_mul(R, Glen, x, xlen, curve);
-	return Glen;
-	*/
 }
 
 static uint32_t
@@ -1426,6 +1417,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len,
 	int i;
 
 	(void)curve;
+	if (len != 65) {
+		return 0;
+	}
 	r = p256_decode(&P, A, len);
 	p256_mul(&P, x, xlen);
 	if (B == NULL) {
diff --git a/src/ec/ec_prime_i15.c b/src/ec/ec_prime_i15.c
index 0f210f2..f86dbe6 100644
--- a/src/ec/ec_prime_i15.c
+++ b/src/ec/ec_prime_i15.c
@@ -733,11 +733,12 @@ api_mul(unsigned char *G, size_t Glen,
 	jacobian P;
 
 	cc = id_to_curve(curve);
+	if (Glen != cc->point_len) {
+		return 0;
+	}
 	r = point_decode(&P, G, Glen, cc);
 	point_mul(&P, x, xlen, cc);
-	if (Glen == cc->point_len) {
-		point_encode(G, &P, cc);
-	}
+	point_encode(G, &P, cc);
 	return r;
 }
 
@@ -770,6 +771,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len,
 	 */
 
 	cc = id_to_curve(curve);
+	if (len != cc->point_len) {
+		return 0;
+	}
 	r = point_decode(&P, A, len, cc);
 	if (B == NULL) {
 		size_t Glen;
diff --git a/src/ec/ec_prime_i31.c b/src/ec/ec_prime_i31.c
index 0586a3b..b205f36 100644
--- a/src/ec/ec_prime_i31.c
+++ b/src/ec/ec_prime_i31.c
@@ -107,15 +107,16 @@ typedef struct {
 	const uint32_t *b;
 	const uint32_t *R2;
 	uint32_t p0i;
+	size_t point_len;
 } curve_params;
 
 static inline const curve_params *
 id_to_curve(int curve)
 {
 	static const curve_params pp[] = {
-		{ P256_P, P256_B, P256_R2, 0x00000001 },
-		{ P384_P, P384_B, P384_R2, 0x00000001 },
-		{ P521_P, P521_B, P521_R2, 0x00000001 }
+		{ P256_P, P256_B, P256_R2, 0x00000001,  65 },
+		{ P384_P, P384_B, P384_R2, 0x00000001,  97 },
+		{ P521_P, P521_B, P521_R2, 0x00000001, 133 }
 	};
 
 	return &pp[curve - BR_EC_secp256r1];
@@ -734,6 +735,9 @@ api_mul(unsigned char *G, size_t Glen,
 	jacobian P;
 
 	cc = id_to_curve(curve);
+	if (Glen != cc->point_len) {
+		return 0;
+	}
 	r = point_decode(&P, G, Glen, cc);
 	point_mul(&P, x, xlen, cc);
 	point_encode(G, &P, cc);
@@ -769,6 +773,9 @@ api_muladd(unsigned char *A, const unsigned char *B, size_t len,
 	 */
 
 	cc = id_to_curve(curve);
+	if (len != cc->point_len) {
+		return 0;
+	}
 	r = point_decode(&P, A, len, cc);
 	if (B == NULL) {
 		size_t Glen;
-- 
2.17.1