TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 2b90961b8da6e79a004e467cd9d6d5b9a60a22d0^! / . / include / mbedtls
commit2b90961b8da6e79a004e467cd9d6d5b9a60a22d0[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Thu Nov 21 13:37:00 2019 +0100
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Tue Nov 26 12:54:06 2019 +0100
tree7bbb6006031c6167d205db4d388c23939c39017b
parent1a5337179f26a1e4bc8012d2f07eb862d8e59cd7 [diff]
Add integrity check for curve parameters

We don't really need a secure hash for that, something like CRC32 would
probably be enough - but we have SHA-256 handy, not CRC32, so use that for the
sake of simplicity.

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index fe9c594..ce348d9 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -110,6 +110,10 @@
 #error "MBEDTLS_USE_TINYCRYPT defined, but it cannot be defined with MBEDTLS_NO_64BIT_MULTIPLICATION"
 #endif
 
+#if defined(MBEDTLS_USE_TINYCRYPT) && !defined(MBEDTLS_SHA256_C)
+#error "MBEDTLS_USE_TINYCRYPT defined, but not MBEDTLS_SHA256_C"
+#endif
+
 #if defined(MBEDTLS_USE_TINYCRYPT) &&                                    \
     !( defined(MBEDTLS_SSL_CONF_SINGLE_EC)       &&                      \
        MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID   == 23 &&                      \

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 87012da..dbb84b4 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -2649,6 +2649,7 @@
  *           MBEDTLS_SSL_CONF_SINGLE_EC
  *           MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID == 23
  *           MBEDTLS_SSL_CONF_SINGLE_UECC_GRP_ID == MBEDTLS_UECC_DP_SECP256R1
+ *           MBEDTLS_SHA256_C
  *
  * \see MBEDTLS_SSL_CONF_RNG
  *