commit 8962ddbb2327764284d17100ff5d6946ae63f0d5
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Tue Mar 14 12:11:21 2017 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Aug 09 11:44:53 2017 +0200
tree 543ceb9b6c38841d620357ec1cf1a98477439636
parent 78d564a84156974580895e5a1aa6c24b8dd2ac64

Don't write to destination until we're done

library/ecp.c

diff --git a/library/ecp.c b/library/ecp.c
index 0a0239c..d402e5c 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -107,6 +107,7 @@
     unsigned char fake_it;  /* for tests: should we fake early return? */
     mbedtls_mpi m;          /* saved argument: scalar                       */
     mbedtls_ecp_point P;    /* saved argument: point                        */
+    mbedtls_ecp_point R;    /* current intermediate result                  */
 };
 
 /*
@@ -127,6 +128,7 @@
 
     mbedtls_mpi_free( &ctx->m );
     mbedtls_ecp_point_free( &ctx->P );
+    mbedtls_ecp_point_free( &ctx->R );
 }
 #endif /* MBEDTLS_ECP_EARLY_RETURN */
 
@@ -1456,14 +1458,24 @@
     int ret;
     unsigned char parity_trick;
     unsigned char k[COMB_MAX_D + 1];
+    mbedtls_ecp_point *RR = R;
+
+#if defined(MBEDTLS_ECP_EARLY_RETURN)
+    if( grp->rs != NULL )
+        RR = &grp->rs->R;
+#endif
 
     MBEDTLS_MPI_CHK( ecp_comb_recode_scalar( grp, m, k, d, w, &parity_trick ) );
 
-    MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, R, T, pre_len, k, d, f_rng, p_rng ) );
+    MBEDTLS_MPI_CHK( ecp_mul_comb_core( grp, RR, T, pre_len, k, d, f_rng, p_rng ) );
 
-    MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, R, parity_trick ) );
+    MBEDTLS_MPI_CHK( ecp_safe_invert_jac( grp, RR, parity_trick ) );
 
-    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
+    MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
+
+#if defined(MBEDTLS_ECP_EARLY_RETURN)
+    MBEDTLS_MPI_CHK( mbedtls_ecp_copy( R, RR ) );
+#endif
 
 cleanup:
     return( ret );