From cd0dbf36b6e35b8d02fe9535186fc79cd7e245a0 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 24 Jul 2020 00:09:04 +0200
Subject: [PATCH] mbedtls_mpi_mul_hlp: no microoptimization

Note a possible microoptimization in mbedtls_mpi_mul_hlp that I tried
in the hope of reducing the number of allocations, but turned out to
be counterproductive.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/bignum.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/library/bignum.c b/library/bignum.c
index af9a399b6..441375263 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1676,6 +1676,14 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint
 
     /* Calculate X*b as A + A*(b-1) to take advantage of mpi_mul_hlp */
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    /* In general, A * b requires 1 limb more than b. If
+     * A->p[n - 1] * b / b == A->p[n - 1], then A * b fits in the same
+     * number of limbs as A and the call to grow() is not required since
+     * copy() will take care of the growth. However, experimentally,
+     * making the call to grow() conditional causes slightly fewer
+     * calls to calloc() in ECP code, presumably because it reuses the
+     * same mpi for a while and this way the mpi is more likely to directly
+     * grow to its final size. */
     MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n + 1 ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
     mpi_mul_hlp( n, A->p, X->p, b - 1 );