diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 8dd89fa99..5b448a53e 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4217,6 +4217,9 @@ uint32_t psa_interruptible_get_max_ops(void); * \c psa_sign_hash_interruptible_abort() on * the operation, a value of 0 will be returned. * + * \note This interface is guaranteed re-entrant and + * thus may be called from driver code. + * * \warning This is a beta API, and thus subject to change * at any point. It is not bound by the usual * interface stability promises. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b96c7b403..0efebb40c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3156,17 +3156,18 @@ exit: /* Asymmetric interruptible cryptography */ /****************************************************************/ +static uint32_t psa_interruptible_max_ops = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; + void psa_interruptible_set_max_ops(uint32_t max_ops) { - psa_driver_wrapper_interruptible_set_max_ops(max_ops); + psa_interruptible_max_ops = max_ops; } uint32_t psa_interruptible_get_max_ops(void) { - return psa_driver_wrapper_interruptible_get_max_ops(); + return psa_interruptible_max_ops; } - uint32_t psa_sign_hash_get_num_ops( const psa_sign_hash_interruptible_operation_t *operation) { @@ -3461,12 +3462,8 @@ psa_status_t psa_verify_hash_abort( /* implementations */ /****************************************************************/ -static uint32_t mbedtls_psa_interruptible_max_ops = - PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; - void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops) { - mbedtls_psa_interruptible_max_ops = max_ops; #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ @@ -3479,16 +3476,13 @@ void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops) } mbedtls_ecp_set_max_ops(max_ops); +#else + (void) max_ops; #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && * defined( MBEDTLS_ECP_RESTARTABLE ) */ } -uint32_t mbedtls_psa_interruptible_get_max_ops(void) -{ - return mbedtls_psa_interruptible_max_ops; -} - uint32_t mbedtls_psa_sign_hash_get_num_ops( const mbedtls_psa_sign_hash_interruptible_operation_t *operation) { @@ -3547,11 +3541,6 @@ psa_status_t mbedtls_psa_sign_hash_start( /* Ensure num_ops is zero'ed in case of context re-use. */ operation->num_ops = 0; - /* Ensure default is set even if - * mbedtls_psa_interruptible_set_max_ops() has not been called. */ - mbedtls_psa_interruptible_set_max_ops( - mbedtls_psa_interruptible_get_max_ops()); - status = mbedtls_psa_ecp_load_representation(attributes->core.type, attributes->core.bits, key_buffer, @@ -3616,6 +3605,9 @@ psa_status_t mbedtls_psa_sign_hash_complete( mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); + /* Ensure max_ops is set to the current value (or default). */ + mbedtls_psa_interruptible_set_max_ops(psa_interruptible_get_max_ops()); + if (signature_size < 2 * operation->coordinate_bytes) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; @@ -3767,11 +3759,6 @@ psa_status_t mbedtls_psa_verify_hash_start( /* Ensure num_ops is zero'ed in case of context re-use. */ operation->num_ops = 0; - /* Ensure default is set even if - * mbedtls_psa_interruptible_set_max_ops() has not been called. */ - mbedtls_psa_interruptible_set_max_ops( - mbedtls_psa_interruptible_get_max_ops()); - status = mbedtls_psa_ecp_load_representation(attributes->core.type, attributes->core.bits, key_buffer, @@ -3856,6 +3843,9 @@ psa_status_t mbedtls_psa_verify_hash_complete( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + /* Ensure max_ops is set to the current value (or default). */ + mbedtls_psa_interruptible_set_max_ops(psa_interruptible_get_max_ops()); + status = mbedtls_to_psa_error( mbedtls_ecdsa_verify_restartable(&operation->ctx->grp, operation->hash, diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index e3edec791..b16750658 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -70,10 +70,6 @@ psa_status_t psa_driver_wrapper_verify_hash( * Interruptible Signature functions */ -void psa_driver_wrapper_interruptible_set_max_ops(uint32_t max_ops); - -uint32_t psa_driver_wrapper_interruptible_get_max_ops(void); - uint32_t psa_driver_wrapper_sign_hash_get_num_ops( psa_sign_hash_interruptible_operation_t *operation); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 0f42b8c54..aa11d4e42 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -433,24 +433,6 @@ psa_status_t psa_driver_wrapper_verify_hash( } } -void psa_driver_wrapper_interruptible_set_max_ops( uint32_t max_ops ) -{ - /* TODO - dispatch to drivers dynamically registered for this - * service when registering is implemented. For now, fall - * through to internal implementation. */ - - mbedtls_psa_interruptible_set_max_ops( max_ops ); -} - -uint32_t psa_driver_wrapper_interruptible_get_max_ops( void ) -{ - /* TODO - dispatch to drivers dynamically registered for this - * service when registering is implemented. For now, fall - * through to internal implementation. */ - - return mbedtls_psa_interruptible_get_max_ops( ); -} - uint32_t psa_driver_wrapper_sign_hash_get_num_ops( psa_sign_hash_interruptible_operation_t *operation ) {