From c1b910a7791c5c3393e4cd5e2a987b55b69642fc Mon Sep 17 00:00:00 2001
From: bunnie <bunnie@kosagi.com>
Date: Thu, 28 Mar 2024 09:48:50 +0800
Subject: [PATCH] add features for auto-release of hardware and warning on sw
 fallback

These features should help the crate work more seamlessly with the
existing API, at perhaps some performance penalty that is still
to be determined.
---
 curve25519-dalek/src/backend/serial/u32e/field.rs |  4 ++++
 curve25519-dalek/src/montgomery.rs                | 15 +++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/curve25519-dalek/src/backend/serial/u32e/field.rs b/curve25519-dalek/src/backend/serial/u32e/field.rs
index 7e71dcdd2..3a895ead9 100644
--- a/curve25519-dalek/src/backend/serial/u32e/field.rs
+++ b/curve25519-dalek/src/backend/serial/u32e/field.rs
@@ -200,10 +200,14 @@ pub(crate) fn engine(a: &[u8; 32], b: &[u8; 32], op: EngineOp) -> Engine25519 {
                 }
             }
 
+            #[cfg(feature="auto-release")]
+            free_engine();
+
             Engine25519 { 0: result }
         }
         _ => {
             // fallback to fiat crypto field arithmetic...
+            #[cfg(feature="warn-fallback")]
             log::warn!("Hardware acceleration unavailable, falling back to software");
             let fiat_a = bytes_to_fiat(a);
             let fiat_b = bytes_to_fiat(b);
diff --git a/curve25519-dalek/src/montgomery.rs b/curve25519-dalek/src/montgomery.rs
index 53f3d3286..f94c9f47a 100644
--- a/curve25519-dalek/src/montgomery.rs
+++ b/curve25519-dalek/src/montgomery.rs
@@ -471,9 +471,13 @@ impl ProjectivePoint {
                 copy_to_rf(self.U.as_bytes(), 29, rf_hw, 0);
                 copy_to_rf(self.W.as_bytes(), 30, rf_hw, 0);
 
-                MontgomeryPoint(run_job(&mut ucode_hw, &rf_hw, &mcode, 0))
+                let r = MontgomeryPoint(run_job(&mut ucode_hw, &rf_hw, &mcode, 0));
+                #[cfg(feature="auto-release")]
+                free_engine();
+                r
             }
             _ => {
+                #[cfg(feature="warn-fallback")]
                 log::warn!("Hardware acceleration unavailable, falling back to software");
                 let u = &self.U * &self.W.invert();
                 MontgomeryPoint(u.as_bytes())
@@ -651,8 +655,11 @@ pub(crate) fn differential_add_and_double(
             P.W = FieldElement::from_bytes(&copy_from_rf(21, &rf_hw, 0));
             Q.U = FieldElement::from_bytes(&copy_from_rf(22, &rf_hw, 0));
             Q.W = FieldElement::from_bytes(&copy_from_rf(23, &rf_hw, 0));
+            #[cfg(feature="auto-release")]
+            free_engine();
         }
         _ => {
+            #[cfg(feature="warn-fallback")]
             log::warn!("Hardware acceleration unavailable, falling back to software");
             let t0 = &P.U + &P.W;
             let t1 = &P.U - &P.W;
@@ -1012,9 +1019,13 @@ impl Mul<&Scalar> for &MontgomeryPoint {
                     window,
                 ); // 254 as loop counter
 
-                MontgomeryPoint(run_job(&mut ucode_hw, &rf_hw, &mcode, window))
+                let r = MontgomeryPoint(run_job(&mut ucode_hw, &rf_hw, &mcode, window));
+                #[cfg(feature="auto-release")]
+                free_engine();
+                r
             }
             _ => {
+                #[cfg(feature="warn-fallback")]
                 log::warn!("Hardware acceleration unavailable, falling back to software");
                 // We multiply by the integer representation of the given Scalar. By scalar invariant #1,
                 // the MSB is 0, so we can skip it.