Improve scratch usage in ecc_mod_inv.

* ecc-mod-inv.c (ecc_mod_inv): Use passed in scratch for all
scratch needs, don't use memory after the result area.
* ecc-ecdsa-sign.c (ecc_ecdsa_sign): Update invert call.
* ecc-ecdsa-verify.c (ecc_ecdsa_verify): Likewise.
* ecc-eh-to-a.c (ecc_eh_to_a): Likewise.
* ecc-j-to-a.c (ecc_j_to_a): Likewise.
* ecc-gostdsa-verify.c (ecc_gostdsa_verify): Likewise.
* ecc-internal.h (ECC_MOD_INV_ITCH, ECC_J_TO_A_ITCH)
(ECC_EH_TO_A_ITCH): Update accordingly, but no change in total
scratch need.

1 files changed, 3 insertions, 2 deletions

diff --git a/ecc-ecdsa-sign.c b/ecc-ecdsa-sign.c
index 10e1de22..93cbbe7e 100644
--- a/ecc-ecdsa-sign.c
+++ b/ecc-ecdsa-sign.c
@@ -48,6 +48,7 @@ ecc_ecdsa_sign_itch (const struct ecc_curve *ecc)
 {
   /* Needs 3*ecc->p.size + scratch for ecc->mul_g. Currently same for
      ecc_mul_g. */
+  assert (ecc->p.size + ecc->p.invert_itch <= 3*ecc->p.size + ecc->mul_g_itch);
   return ECC_ECDSA_SIGN_ITCH (ecc->p.size);
 }
 
@@ -82,8 +83,8 @@ ecc_ecdsa_sign (const struct ecc_curve *ecc,
   /* x coordinate only, modulo q */
   ecc->h_to_a (ecc, 2, rp, P, P + 3*ecc->p.size);
 
-  /* Invert k, uses 4 * ecc->p.size including scratch */
-  ecc->q.invert (&ecc->q, kinv, kp, tp); /* NOTE: Also clobbers hp */
+  /* Invert k, uses up to 7 * ecc->p.size including scratch (for secp384). */
+  ecc->q.invert (&ecc->q, kinv, kp, tp);
   
   /* Process hash digest */
   ecc_hash (&ecc->q, hp, length, digest);