TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 5ed8c1ededa349cde7cb949171202d151067f9b4^! / .
commit5ed8c1ededa349cde7cb949171202d151067f9b4[log] [tgz]
authorRon Eldor <Ron.Eldor@arm.com>Mon Nov 05 14:04:26 2018 +0200
committerRon Eldor <Ron.Eldor@arm.com>Mon Nov 05 14:04:26 2018 +0200
tree711440f4bfd10b79da8d1d94e6745088d84dc8f9
parent2b161c33bef53b2ac43bfbe7dffe2a8489e6d086 [diff]
Avoid using restartable and alternative ECP imp.

1. Add a check that MBEDTLS_ECP_RESTARTABLE is not defined
   along any EC* alternative implementation.
2. Add a closing comment foran `#endif`.

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 9e6bb8a..425e3ea 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h

@@ -108,6 +108,16 @@
 #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_ECP_RESTARTABLE)           && \
+    ( defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
+      defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)     || \
+      defined(MBEDTLS_ECDSA_SIGN_ALT)          || \
+      defined(MBEDTLS_ECDSA_VERIFY_ALT)        || \
+      defined(MBEDTLS_ECDSA_GENKEY_ALT)        || \
+      defined(MBEDTLS_ECP_ALT) )
+#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation"
+#endif
+
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
 #error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
 #endif

diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 28e860b..c594b69 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -694,6 +694,9 @@
  * for too long on ECC (and, hence, X.509 or SSL/TLS) operations.
  *
  * Uncomment this macro to enable restartable ECC computations.
+ *
+ * \note  MBEDTLS_ECP_RESTARTABLE cannot be defined if there is an alternative
+ *        implementation for one of the ECP, ECDSA or ECDH functions. *
  */
 //#define MBEDTLS_ECP_RESTARTABLE
 

diff --git a/library/ecdsa.c b/library/ecdsa.c
index 54ecab1..a62c14c 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c

@@ -638,7 +638,7 @@
     MBEDTLS_MPI_CHK( ecdsa_sign_restartable( &ctx->grp, &r, &s, &ctx->d,
                          hash, hlen, f_rng, p_rng, rs_ctx ) );
 #endif /* MBEDTLS_ECDSA_SIGN_ALT */
-#endif
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
     MBEDTLS_MPI_CHK( ecdsa_signature_to_asn1( &r, &s, sig, slen ) );
 
@@ -662,7 +662,7 @@
                 ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) );
 }
 
-#if ! defined(MBEDTLS_DEPRECATED_REMOVED) && \
+#if !defined(MBEDTLS_DEPRECATED_REMOVED) && \
     defined(MBEDTLS_ECDSA_DETERMINISTIC)
 int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
                                const unsigned char *hash, size_t hlen,