Move internal drbg init to specific mul functions
While it seems cleaner and more convenient to set it in the top-level
mbedtls_ecp_mul() function, the existence of the restartable option changes
things - when it's enabled the drbg context needs to be saved in the restart
context (more precisely in the restart_mul sub-context), which can only be
done when it's allocated, which is in the curve-specific mul function.
This commit only internal drbg management from mbedtls_ecp_mul() to
ecp_mul_mxz() and ecp_mul_comb(), without modifying behaviour (even internal),
and a future commit will modify the ecp_mul_comb() version to handle restart
properly.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ecp.c b/library/ecp.c
index dc2b592..0af3f47 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -2221,11 +2221,25 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char w, p_eq_g, i;
size_t d;
- unsigned char T_size, T_ok;
- mbedtls_ecp_point *T;
+ unsigned char T_size = 0, T_ok = 0;
+ mbedtls_ecp_point *T = NULL;
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_context drbg_ctx;
+
+ ecp_drbg_init( &drbg_ctx );
+#endif
ECP_RS_ENTER( rsm );
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ if( f_rng == NULL )
+ {
+ MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) );
+ f_rng = &ecp_drbg_random;
+ p_rng = &drbg_ctx;
+ }
+#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
+
/* Is P the base point ? */
#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
@@ -2297,6 +2311,10 @@
cleanup:
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_free( &drbg_ctx );
+#endif
+
/* does T belong to the group? */
if( T == grp->T )
T = NULL;
@@ -2487,9 +2505,22 @@
unsigned char b;
mbedtls_ecp_point RP;
mbedtls_mpi PX;
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_context drbg_ctx;
+ ecp_drbg_init( &drbg_ctx );
+#endif
mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ if( f_rng == NULL )
+ {
+ MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) );
+ f_rng = &ecp_drbg_random;
+ p_rng = &drbg_ctx;
+ }
+#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
+
/* Save PX and read from P before writing to R, in case P == R */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) );
@@ -2542,6 +2573,10 @@
MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
cleanup:
+#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ ecp_drbg_free( &drbg_ctx );
+#endif
+
mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
return( ret );
@@ -2561,18 +2596,11 @@
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
char is_grp_capable = 0;
#endif
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_context drbg_ctx;
-#endif
ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( R != NULL );
ECP_VALIDATE_RET( m != NULL );
ECP_VALIDATE_RET( P != NULL );
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_init( &drbg_ctx );
-#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* reset ops count for this call if top-level */
if( rs_ctx != NULL && rs_ctx->depth++ == 0 )
@@ -2584,15 +2612,6 @@
MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- if( f_rng == NULL )
- {
- MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) );
- f_rng = &ecp_drbg_random;
- p_rng = &drbg_ctx;
- }
-#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
/* skip argument check when restarting */
if( rs_ctx == NULL || rs_ctx->rsm == NULL )
@@ -2623,10 +2642,6 @@
mbedtls_internal_ecp_free( grp );
#endif /* MBEDTLS_ECP_INTERNAL_ALT */
-#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
- ecp_drbg_free( &drbg_ctx );
-#endif
-
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL )
rs_ctx->depth--;