Save some small memory allocations inside ecp_mul()
diff --git a/library/ecp.c b/library/ecp.c
index 8c5c06e..5cde22d 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -915,6 +915,8 @@
* due to the choice of precomputed points in the modified comb method.
* So branches for these cases do not leak secret information.
*
+ * We accept Q->Z being unset (saving memory in tables) as meaning 1.
+ *
* Cost: 1A := 8M + 3S
*/
static int ecp_add_mixed( const ecp_group *grp, ecp_point *R,
@@ -933,13 +935,13 @@
if( mpi_cmp_int( &P->Z, 0 ) == 0 )
return( ecp_copy( R, Q ) );
- if( mpi_cmp_int( &Q->Z, 0 ) == 0 )
+ if( Q->Z.p != NULL && mpi_cmp_int( &Q->Z, 0 ) == 0 )
return( ecp_copy( R, P ) );
/*
* Make sure Q coordinates are normalized
*/
- if( mpi_cmp_int( &Q->Z, 1 ) != 0 )
+ if( Q->Z.p != NULL && mpi_cmp_int( &Q->Z, 1 ) != 0 )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 ); mpi_init( &T4 );
@@ -1240,9 +1242,6 @@
MPI_CHK( mpi_safe_cond_assign( &R->Y, &T[j].Y, j == ii ) );
}
- /* The Z coordinate is always 1 */
- MPI_CHK( mpi_lset( &R->Z, 1 ) );
-
/* Safely invert result if i is "negative" */
MPI_CHK( ecp_safe_invert_jac( grp, R, i >> 7 ) );
@@ -1271,6 +1270,7 @@
/* Start with a non-zero point and randomize its coordinates */
i = d;
MPI_CHK( ecp_select_comb( grp, R, T, t_len, x[i] ) );
+ MPI_CHK( mpi_lset( &R->Z, 1 ) );
if( f_rng != 0 )
MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );