From 3577131bb4283b6d95c8dde85a4264fdb3c88278 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Thu, 14 Apr 2022 11:52:11 +0100
Subject: [PATCH] Reintroduce trimming of input in mbedtls_mpi_mul_int()

Removing the trimming has significant memory impact. While it is clearly what
we want to do eventually for constant-time'ness, it should be fixed alongside
a strategy to contain the ramifications on memory usage.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
---
 library/bignum.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/library/bignum.c b/library/bignum.c
index 493ffa21e..6f634b5d1 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1500,8 +1500,12 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint
     MPI_VALIDATE_RET( X != NULL );
     MPI_VALIDATE_RET( A != NULL );
 
+    size_t n = A->n;
+    while( n > 0 && A->p[n - 1] == 0 )
+        --n;
+
     /* The general method below doesn't work if b==0. */
-    if( b == 0 )
+    if( b == 0 || n == 0 )
         return( mbedtls_mpi_lset( X, 0 ) );
 
     /* Calculate A*b as A + A*(b-1) to take advantage of mbedtls_mpi_core_mla */
@@ -1517,9 +1521,9 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint
      *
      * Note that calculating A*b as 0 + A*b doesn't work as-is because
      * A,X can be the same. */
-    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A->n + 1 ) );
+    MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n + 1 ) );
     MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
-    mbedtls_mpi_core_mla( X->p, X->n, A->p, A->n, b - 1 );
+    mbedtls_mpi_core_mla( X->p, X->n, A->p, n, b - 1 );
 
 cleanup:
     return( ret );