Revert itch macro changes.

We now have h_to_a_itch <= mul_itch, mul_g_itch. Add asserts at a few
places relying on this.
(ECC_ECDSA_KEYGEN_ITCH, ECC_MAX): Delete macros.
(ECC_ECDSA_SIGN_ITCH): Revert previous change.

ChangeLog

 2019-12-09  Niels Möller  <nisse@lysator.liu.se>
 
+	* ecc-internal.h: Revert itch macro changes. We now have
+	h_to_a_itch <= mul_itch, mul_g_itch. Add asserts at a few places
+	relying on this.
+	(ECC_ECDSA_KEYGEN_ITCH, ECC_MAX): Delete macros.
+	(ECC_ECDSA_SIGN_ITCH): Revert previous change.
+
 	* ecc-448.c (ecc_mod_pow_446m224m1): Reduce scratch space from 9*n
 	to 6*n.
 	(ECC_448_INV_ITCH, ECC_448_SQRT_ITCH): Reduce accordingly.

ecc-internal.h

@@ -439,11 +439,8 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p,
 #define ECC_MUL_A_EH_ITCH(size) \
   (((3 << ECC_MUL_A_EH_WBITS) + 10) * (size))
 #endif
-#define ECC_ECDSA_KEYGEN_ITCH(size) (11*(size))
-#define ECC_ECDSA_SIGN_ITCH(size) (13*(size))
+#define ECC_ECDSA_SIGN_ITCH(size) (12*(size))
 #define ECC_MOD_RANDOM_ITCH(size) (size)
 #define ECC_HASH_ITCH(size) (1+(size))
 
-#define ECC_MAX(x,y) ((x) > (y) ? (x) : (y))
-
 #endif /* NETTLE_ECC_INTERNAL_H_INCLUDED */

ecc-point-mul-g.c

@@ -46,10 +46,11 @@ ecc_point_mul_g (struct ecc_point *r, const struct ecc_scalar *n)
 {
   const struct ecc_curve *ecc = r->ecc;
   mp_limb_t size = ecc->p.size;
-  mp_size_t itch = 3*size + ECC_MAX(ecc->mul_g_itch, ecc->h_to_a_itch);
+  mp_size_t itch = 3*size + ecc->mul_g_itch;
   mp_limb_t *scratch = gmp_alloc_limbs (itch);
 
   assert (n->ecc == ecc);
+  assert (ecc->h_to_a_itch <= ecc->mul_g_itch);
 
   ecc->mul_g (ecc, scratch, n->p, scratch + 3*size);
   ecc->h_to_a (ecc, 0, r->p, scratch, scratch + 3*size);

ecc-point-mul.c

@@ -46,11 +46,12 @@ ecc_point_mul (struct ecc_point *r, const struct ecc_scalar *n,
 {
   const struct ecc_curve *ecc = r->ecc;
   mp_limb_t size = ecc->p.size;
-  mp_size_t itch = 3*size + ECC_MAX(ecc->mul_itch, ecc->h_to_a_itch);
+  mp_size_t itch = 3*size + ecc->mul_itch;
   mp_limb_t *scratch = gmp_alloc_limbs (itch);
 
   assert (n->ecc == ecc);
   assert (p->ecc == ecc);
+  assert (ecc->h_to_a_itch <= ecc->mul_itch);
 
   ecc->mul (ecc, scratch, n->p, p->p, scratch + 3*size);
   ecc->h_to_a (ecc, 0, r->p, scratch, scratch + 3*size);

ecdsa-keygen.c

@@ -47,11 +47,12 @@ ecdsa_generate_keypair (struct ecc_point *pub,
 			struct ecc_scalar *key,
 			void *random_ctx, nettle_random_func *random)
 {
-  TMP_DECL(p, mp_limb_t, 3*ECC_MAX_SIZE + ECC_ECDSA_KEYGEN_ITCH (ECC_MAX_SIZE));
+  TMP_DECL(p, mp_limb_t, 3*ECC_MAX_SIZE + ECC_MUL_G_ITCH (ECC_MAX_SIZE));
   const struct ecc_curve *ecc = pub->ecc;
-  mp_size_t itch = 3*ecc->p.size + ECC_ECDSA_KEYGEN_ITCH (ecc->p.size);
+  mp_size_t itch = 3*ecc->p.size + ecc->mul_g_itch;
 
   assert (key->ecc == ecc);
+  assert (ecc->h_to_a_itch <= ecc->mul_g_itch);
 
   TMP_ALLOC (p, itch);
 

testsuite/ecc-mul-a-test.c

@@ -17,7 +17,7 @@ test_main (void)
       mp_limb_t *p = xalloc_limbs (ecc_size_j (ecc));
       mp_limb_t *q = xalloc_limbs (ecc_size_j (ecc));
       mp_limb_t *n = xalloc_limbs (size);
-      mp_limb_t *scratch = xalloc_limbs (ecc->mul_itch + ecc->h_to_a_itch);
+      mp_limb_t *scratch = xalloc_limbs (ecc->mul_itch);
       unsigned j;
       
       mpn_zero (n, size);

testsuite/ecc-mul-g-test.c

@@ -17,7 +17,7 @@ test_main (void)
       mp_limb_t *p = xalloc_limbs (ecc_size_j (ecc));
       mp_limb_t *q = xalloc_limbs (ecc_size_j (ecc));
       mp_limb_t *n = xalloc_limbs (size);
-      mp_limb_t *scratch = xalloc_limbs (ecc->mul_g_itch + ecc->h_to_a_itch);
+      mp_limb_t *scratch = xalloc_limbs (ecc->mul_g_itch);
 
       mpn_zero (n, size);