Uprev NSS from 3.18.0 RTM to 3.19.0 RTM

nss/lib/freebl/mpi/mpmontg.c

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 /* This file implements moduluar exponentiation using Montgomery's
  * method for modular reduction.  This file implements the method
  * described as "Improvement 2" in the paper "A Cryptogrpahic Library for
  * the Motorola DSP56000" by Stephen R. Dusse' and Burton S. Kaliski Jr.
  * published in "Advances in Cryptology: Proceedings of EUROCRYPT '90"
  * "Lecture Notes in Computer Science" volume 473, 1991, pg 230-244,
@@ skipping 865 matching lines @@
                     mp_size          window_bits,
                     mp_size          num_powers)
 {
   mp_int *pa1, *pa2, *ptmp;
   mp_size i;
   mp_size first_window;
   mp_err  res;
   int     expOff;
   mp_int  accum1, accum2, accum[WEAVE_WORD_SIZE];
   mp_int  tmp;
-  unsigned char *powersArray;
-  unsigned char *powers;
+  unsigned char *powersArray = NULL;
+  unsigned char *powers = NULL;
 
   MP_DIGITS(&accum1) = 0;
   MP_DIGITS(&accum2) = 0;
   MP_DIGITS(&accum[0]) = 0;
   MP_DIGITS(&accum[1]) = 0;
   MP_DIGITS(&accum[2]) = 0;
   MP_DIGITS(&accum[3]) = 0;
   MP_DIGITS(&tmp) = 0;
 
-  powersArray = (unsigned char *)malloc(num_powers*(nLen*sizeof(mp_digit)+1));
-  if (powersArray == NULL) {
-    res = MP_MEM;
-    goto CLEANUP;
-  }
-
-  /* powers[i] = base ** (i); */
-  powers = (unsigned char *)MP_ALIGN(powersArray,num_powers);
-
   /* grab the first window value. This allows us to preload accumulator1
    * and save a conversion, some squares and a multiple*/
   MP_CHECKOK( mpl_get_bits(exponent, 
                                 bits_in_exponent-window_bits, window_bits) );
   first_window = (mp_size)res;
 
   MP_CHECKOK( mp_init_size(&accum1, 3 * nLen + 2) );
   MP_CHECKOK( mp_init_size(&accum2, 3 * nLen + 2) );
-  MP_CHECKOK( mp_init_size(&tmp, 3 * nLen + 2) );
 
   /* build the first WEAVE_WORD powers inline */
   /* if WEAVE_WORD_SIZE is not 4, this code will have to change */
   if (num_powers > 2) {
     MP_CHECKOK( mp_init_size(&accum[0], 3 * nLen + 2) );
     MP_CHECKOK( mp_init_size(&accum[1], 3 * nLen + 2) );
     MP_CHECKOK( mp_init_size(&accum[2], 3 * nLen + 2) );
     MP_CHECKOK( mp_init_size(&accum[3], 3 * nLen + 2) );
     mp_set(&accum[0], 1);
     MP_CHECKOK( s_mp_to_mont(&accum[0], mmm, &accum[0]) );
     MP_CHECKOK( mp_copy(montBase, &accum[1]) );
     SQR(montBase, &accum[2]);
     MUL_NOWEAVE(montBase, &accum[2], &accum[3]);
+    powersArray = (unsigned char *)malloc(num_powers*(nLen*sizeof(mp_digit)+1));
+    if (!powersArray) {
+      res = MP_MEM;
+      goto CLEANUP;
+    }
+    /* powers[i] = base ** (i); */ \
+    powers = (unsigned char *)MP_ALIGN(powersArray,num_powers); \
     MP_CHECKOK( mpi_to_weave(accum, powers, nLen, num_powers) );
     if (first_window < 4) {
       MP_CHECKOK( mp_copy(&accum[first_window], &accum1) );
       first_window = num_powers;
     }
   } else {
       if (first_window == 0) {
         mp_set(&accum1, 1);
         MP_CHECKOK( s_mp_to_mont(&accum1, mmm, &accum1) );
       } else {
         /* assert first_window == 1? */
         MP_CHECKOK( mp_copy(montBase, &accum1) );
       }
   }
 
   /*
    * calculate all the powers in the powers array.
    * this adds 2**(k-1)-2 square operations over just calculating the
    * odd powers where k is the window size in the two other mp_modexpt
    * implementations in this file. We will get some of that
    * back by not needing the first 'k' squares and one multiply for the 
-   * first window */ 
+   * first window.
+   * Given the value of 4 for WEAVE_WORD_SIZE, this loop will only execute if
+   * num_powers > 2, in which case powers will have been allocated.
+   */
   for (i = WEAVE_WORD_SIZE; i < num_powers; i++) {
     int acc_index = i & (WEAVE_WORD_SIZE-1); /* i % WEAVE_WORD_SIZE */
     if ( i & 1 ) {
       MUL_NOWEAVE(montBase, &accum[acc_index-1] , &accum[acc_index]);
       /* we've filled the array do our 'per array' processing */
       if (acc_index == (WEAVE_WORD_SIZE-1)) {
         MP_CHECKOK( mpi_to_weave(accum, powers + i - (WEAVE_WORD_SIZE-1),
                                                          nLen, num_powers) );
 
         if (first_window <= i) {
@@ skipping 26 matching lines @@
    * above and is an internal programming error. 
    */
 #if MP_ARGCHK == 2
   assert(MP_USED(&accum1) != 0);
 #endif
 
   /* set accumulator to montgomery residue of 1 */
   pa1 = &accum1;
   pa2 = &accum2;
 
+  /* tmp is not used if window_bits == 1. */
+  if (window_bits != 1) {
+    MP_CHECKOK( mp_init_size(&tmp, 3 * nLen + 2) );
+  }
+
   for (expOff = bits_in_exponent - window_bits*2; expOff >= 0; expOff -= window_bits) {
     mp_size smallExp;
     MP_CHECKOK( mpl_get_bits(exponent, expOff, window_bits) );
     smallExp = (mp_size)res;
 
     /* handle unroll the loops */
     switch (window_bits) {
     case 1:
         if (!smallExp) {
             SQR(pa1,pa2); SWAPPA;
@@ skipping 158 matching lines @@
 
 CLEANUP:
   mp_clear(&montBase);
   mp_clear(&goodBase);
   /* Don't mp_clear mmm.N because it is merely a copy of modulus.
   ** Just zap it.
   */
   memset(&mmm, 0, sizeof mmm);
   return res;
 }