commit c9c0aa6306fc1480a601ad1de5ecf9228068dde8
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Mar 16 14:53:26 2017 +0100
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Wed Aug 09 11:44:53 2017 +0200
tree ef4c75e108b067e901bae27dfdf0ecfac40a7de1
parent c5d844b999c03379bb4b8fc5903791d13ba6231e

Remember precomputed table

Free it as soon as it's no longer needed, but as a backup free it in
ecp_group_free(), in case ecp_mul() is not called again after returning
ECP_IN_PROGRESS.

So far we only remember it when it's fully computed, next step is to be able
to compute it in multiple steps.

library/ecp.c

diff --git a/library/ecp.c b/library/ecp.c
index 785093f..653c60f 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -109,9 +109,11 @@
     mbedtls_ecp_point P;    /* saved argument: point                        */
     mbedtls_ecp_point R;    /* current intermediate result                  */
     size_t i;               /* current index in various loops, 0 outside    */
-    enum {
-        ecp_rs_init = 0,
-        ecp_rs_final_norm,
+    mbedtls_ecp_point *T;   /* table for precomputed points                 */
+    unsigned char T_size;   /* number of points in table T                  */
+    enum {                  /* what's the next step ?                       */
+        ecp_rs_init = 0,        /* just getting started                     */
+        ecp_rs_final_norm,      /* do the final normalization               */
     } state;
 };
 
@@ -128,6 +130,8 @@
  */
 static void ecp_restart_free( mbedtls_ecp_restart_ctx *ctx )
 {
+    unsigned char i;
+
     if( ctx == NULL )
         return;
 
@@ -135,6 +139,12 @@
     mbedtls_ecp_point_free( &ctx->P );
     mbedtls_ecp_point_free( &ctx->R );
 
+    if( ctx->T != NULL ) {
+        for( i = 0; i < ctx->T_size; i++ )
+            mbedtls_ecp_point_free( ctx->T + i );
+        mbedtls_free( ctx->T );
+    }
+
     memset( ctx, 0, sizeof( mbedtls_ecp_restart_ctx ) );
 }
 
@@ -1601,8 +1611,9 @@
                          void *p_rng )
 {
     int ret;
-    unsigned char w, p_eq_g, pre_len, i;
+    unsigned char w, p_eq_g = 0, i;
     size_t d;
+    unsigned char pre_len = 0;
     mbedtls_ecp_point *T = NULL;
 
 #if defined(MBEDTLS_ECP_EARLY_RETURN)
@@ -1639,8 +1650,6 @@
 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
     p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
                mbedtls_mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
-#else
-    p_eq_g = 0;
 #endif
 
     /* Pick window size and deduce related sizes */
@@ -1654,6 +1663,16 @@
      */
     T = p_eq_g ? grp->T : NULL;
 
+#if defined(MBEDTLS_ECP_EARLY_RETURN)
+    if( grp->rs != NULL && grp->rs->T != NULL && T == NULL )
+    {
+        /* transfer "ownership" of T from rs to local function */
+        T = grp->rs->T;
+        grp->rs->T = NULL;
+        grp->rs->T_size = 0;
+    }
+#endif
+
     if( T == NULL )
     {
         T = mbedtls_calloc( pre_len, sizeof( mbedtls_ecp_point ) );
@@ -1679,6 +1698,16 @@
 
 cleanup:
 
+#if defined(MBEDTLS_ECP_EARLY_RETURN)
+    if( grp->rs != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS && T != grp->T )
+    {
+        /* transfer "ownership" of T from local function to rs */
+        grp->rs->T_size = pre_len;
+        grp->rs->T = T;
+        T = NULL;
+    }
+#endif
+
     if( T != NULL && ! p_eq_g )
     {
         for( i = 0; i < pre_len; i++ )