From 76cba389713a356b769443e830a04e112a3fd810 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 3 Sep 2020 00:01:33 -0500
Subject: [PATCH] wolfcrypt/src/ge_448.c: redo small stack refactor of
 ge448_double_scalarmult_vartime(), so that when -UWOLFSSL_SMALL_STACK, code
 is effectively unchanged.

---
 wolfcrypt/src/ge_448.c | 77 ++++++++++++++++++++++--------------------
 1 file changed, 40 insertions(+), 37 deletions(-)

diff --git a/wolfcrypt/src/ge_448.c b/wolfcrypt/src/ge_448.c
index 15d6c992d..aac86ca1c 100644
--- a/wolfcrypt/src/ge_448.c
+++ b/wolfcrypt/src/ge_448.c
@@ -10655,7 +10655,7 @@ static void slide(int8_t *r, const uint8_t *a)
     }
 }
 
-/* Perform a scalar multplication of the base point and public point.
+/* Perform a scalar multiplication of the base point and public point.
  *   r = a * p + b * base
  * Uses a sliding window of 5 bits.
  * Not constant time.
@@ -10667,25 +10667,24 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a,
                                     const ge448_p2 *p, const uint8_t *b)
 {
 #define GE448_WINDOW_BUF_SIZE 448
+
+#if !defined(WOLFSSL_SMALL_STACK) || (defined(WOLFSSL_NO_MALLOC) && !defined(XMALLOC_USER))
+    int8_t       aslide[GE448_WINDOW_BUF_SIZE];
+    int8_t       bslide[GE448_WINDOW_BUF_SIZE];
+    ge448_p2     pi[16]; /* p,3p,..,31p */
+    ge448_p2     p2;
+    int          i;
+
+    #define PI_PTR(pi) (&(pi))
+#else
     int8_t       *aslide = NULL;
     int8_t       *bslide = NULL;
     ge448_p2     *pi[16]; /* p,3p,..,31p */
     ge448_p2     *p2 = NULL;
-    int          i;
-    int          ret;
+    int          i, ret;
 
-#if defined(WOLFSSL_NO_MALLOC) && !defined(XMALLOC_USER)
-    int8_t       aslide_buf[GE448_WINDOW_BUF_SIZE];
-    int8_t       bslide_buf[GE448_WINDOW_BUF_SIZE];
-    ge448_p2     pi_buf[16];
-    ge448_p2     p2_buf;
+    #define PI_PTR(pi) (pi)
 
-    aslide = &aslide_buf[0];
-    bslide = &bslide_buf[0];
-    for (i = 0; i < (int)(sizeof pi / sizeof pi[0]); ++i)
-        pi[i] = &pi_buf[i];
-    p2 = &p2_buf;
-#else
     XMEMSET(pi, 0, sizeof pi);
     aslide = (int8_t *)XMALLOC(GE448_WINDOW_BUF_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     if (! aslide) {
@@ -10714,25 +10713,25 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a,
     slide(aslide, a);
     slide(bslide, b);
 
-    fe448_copy(pi[0]->X, p->X);
-    fe448_copy(pi[0]->Y, p->Y);
-    fe448_copy(pi[0]->Z, p->Z);
-    ge448_dbl(p2, p);
-    ge448_add(pi[1], p2, pi[0]);
-    ge448_add(pi[2], p2, pi[1]);
-    ge448_add(pi[3], p2, pi[2]);
-    ge448_add(pi[4], p2, pi[3]);
-    ge448_add(pi[5], p2, pi[4]);
-    ge448_add(pi[6], p2, pi[5]);
-    ge448_add(pi[7], p2, pi[6]);
-    ge448_add(pi[8], p2, pi[7]);
-    ge448_add(pi[9], p2, pi[8]);
-    ge448_add(pi[10], p2, pi[9]);
-    ge448_add(pi[11], p2, pi[10]);
-    ge448_add(pi[12], p2, pi[11]);
-    ge448_add(pi[13], p2, pi[12]);
-    ge448_add(pi[14], p2, pi[13]);
-    ge448_add(pi[15], p2, pi[14]);
+    fe448_copy(PI_PTR(pi[0])->X, p->X);
+    fe448_copy(PI_PTR(pi[0])->Y, p->Y);
+    fe448_copy(PI_PTR(pi[0])->Z, p->Z);
+    ge448_dbl(PI_PTR(p2), p);
+    ge448_add(PI_PTR(pi[1]), PI_PTR(p2), PI_PTR(pi[0]));
+    ge448_add(PI_PTR(pi[2]), PI_PTR(p2), PI_PTR(pi[1]));
+    ge448_add(PI_PTR(pi[3]), PI_PTR(p2), PI_PTR(pi[2]));
+    ge448_add(PI_PTR(pi[4]), PI_PTR(p2), PI_PTR(pi[3]));
+    ge448_add(PI_PTR(pi[5]), PI_PTR(p2), PI_PTR(pi[4]));
+    ge448_add(PI_PTR(pi[6]), PI_PTR(p2), PI_PTR(pi[5]));
+    ge448_add(PI_PTR(pi[7]), PI_PTR(p2), PI_PTR(pi[6]));
+    ge448_add(PI_PTR(pi[8]), PI_PTR(p2), PI_PTR(pi[7]));
+    ge448_add(PI_PTR(pi[9]), PI_PTR(p2), PI_PTR(pi[8]));
+    ge448_add(PI_PTR(pi[10]), PI_PTR(p2), PI_PTR(pi[9]));
+    ge448_add(PI_PTR(pi[11]), PI_PTR(p2), PI_PTR(pi[10]));
+    ge448_add(PI_PTR(pi[12]), PI_PTR(p2), PI_PTR(pi[11]));
+    ge448_add(PI_PTR(pi[13]), PI_PTR(p2), PI_PTR(pi[12]));
+    ge448_add(PI_PTR(pi[14]), PI_PTR(p2), PI_PTR(pi[13]));
+    ge448_add(PI_PTR(pi[15]), PI_PTR(p2), PI_PTR(pi[14]));
 
     ge448_0(r);
 
@@ -10747,9 +10746,9 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a,
         ge448_dbl(r, r);
 
         if (aslide[i] > 0)
-            ge448_add(r, r, pi[aslide[i]/2]);
+            ge448_add(r, r, PI_PTR(pi[aslide[i]/2]));
         else if (aslide[i] < 0)
-            ge448_sub(r, r ,pi[(-aslide[i])/2]);
+            ge448_sub(r, r ,PI_PTR(pi[(-aslide[i])/2]));
 
         if (bslide[i] > 0)
             ge448_madd(r, r, &base_i[bslide[i]/2]);
@@ -10757,9 +10756,9 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a,
             ge448_msub(r, r, &base_i[(-bslide[i])/2]);
     }
 
+#if defined(WOLFSSL_SMALL_STACK) && !(defined(WOLFSSL_NO_MALLOC) && !defined(XMALLOC_USER))
     ret = 0;
 
-#if !defined(WOLFSSL_NO_MALLOC) || defined(XMALLOC_USER)
   out:
 
     if (aslide)
@@ -10772,9 +10771,13 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a,
     }
     if (p2)
         XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
 
     return ret;
+#else
+    return 0;
+#endif
+
+#undef PI_PTR
 #undef GE448_WINDOW_BUF_SIZE
 }