Reset ops_done at the right time

This should only be done in the top-level function.

Also, we need to know if we indeed are the top-level function or not: for
example, when mbedtls_ecp_muladd() calls mbedtls_ecp_mul(), the later should
not reset ops_done. This is handled by the "depth" parameter in the restart
context.
This commit is contained in:
Manuel Pégourié-Gonnard 2017-04-20 11:20:26 +02:00
parent 53fbd63eb4
commit 3a256128d6
2 changed files with 23 additions and 13 deletions

View file

@ -185,6 +185,7 @@ typedef struct mbedtls_ecp_restart_mul mbedtls_ecp_restart_mul_ctx;
typedef struct typedef struct
{ {
unsigned ops_done; /*!< current ops count */ unsigned ops_done; /*!< current ops count */
unsigned depth; /*!< call depth (0 = top-level) */
mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */ mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */
} mbedtls_ecp_restart_ctx; } mbedtls_ecp_restart_ctx;
#endif /* MBEDTLS_ECP_EARLY_RETURN */ #endif /* MBEDTLS_ECP_EARLY_RETURN */

View file

@ -164,6 +164,7 @@ void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx )
return; return;
ctx->ops_done = 0; ctx->ops_done = 0;
ctx->depth = 0;
ecp_restart_mul_free( ctx->rsm ); ecp_restart_mul_free( ctx->rsm );
mbedtls_free( ctx->rsm ); mbedtls_free( ctx->rsm );
@ -1769,10 +1770,6 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
ecp_restart_mul_init( rs_ctx->rsm ); ecp_restart_mul_init( rs_ctx->rsm );
} }
/* reset ops count for this call */
if( rs_ctx != NULL )
rs_ctx->ops_done = 0;
#endif #endif
/* Is P the base point ? */ /* Is P the base point ? */
@ -2104,10 +2101,11 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
char is_grp_capable = 0; char is_grp_capable = 0;
#endif #endif
/* Common sanity checks */ #if defined(MBEDTLS_ECP_EARLY_RETURN)
if( ( ret = mbedtls_ecp_check_privkey( grp, m ) ) != 0 || /* reset ops count for this call if top-level */
( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 ) if( rs_ctx != NULL && rs_ctx->depth++ == 0 )
return( ret ); rs_ctx->ops_done = 0;
#endif
#if defined(MBEDTLS_ECP_INTERNAL_ALT) #if defined(MBEDTLS_ECP_INTERNAL_ALT)
if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) )
@ -2116,25 +2114,36 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
} }
#endif /* MBEDTLS_ECP_INTERNAL_ALT */ #endif /* MBEDTLS_ECP_INTERNAL_ALT */
/* Common sanity checks */
MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( grp, m ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_check_pubkey( grp, P ) );
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
#if defined(ECP_MONTGOMERY) #if defined(ECP_MONTGOMERY)
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY ) if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
ret = ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ); MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) );
#endif #endif
#if defined(ECP_SHORTWEIERSTRASS) #if defined(ECP_SHORTWEIERSTRASS)
if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS ) if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ); MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
#endif #endif
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
cleanup: cleanup:
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
if ( is_grp_capable ) if ( is_grp_capable )
{ {
mbedtls_internal_ecp_free( grp ); mbedtls_internal_ecp_free( grp );
} }
#endif /* MBEDTLS_ECP_INTERNAL_ALT */ #endif /* MBEDTLS_ECP_INTERNAL_ALT */
#if defined(MBEDTLS_ECP_EARLY_RETURN)
if( rs_ctx != NULL )
rs_ctx->depth--;
#endif
return( ret ); return( ret );
} }