From 1174db5bac1e4ca0298d6b835e3877490271f777 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Feb 2020 19:52:06 +0100 Subject: [PATCH] Revert "ecp: Remove dependency on TLS and X.509" This reverts commit de0a41b716ae4d9e938236771d49a880480eb66e. --- configs/config-psa-crypto.h | 10 +++++----- include/mbedtls/config.h | 10 +++++----- include/mbedtls/ecp.h | 24 ++++++++++++------------ library/ecp.c | 2 +- 4 files changed, 23 insertions(+), 23 deletions(-) diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index f007ceec3..f42ada692 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -726,11 +726,11 @@ * Enable "non-blocking" ECC operations that can return early and be resumed. * * This allows various functions to pause by returning - * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in Mbed TLS's SSL module, - * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order - * to further progress and eventually complete their operation. This is - * controlled through mbedtls_ecp_set_max_ops() which limits the maximum number - * of ECC operations a function may perform before pausing; see + * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in + * order to further progress and eventually complete their operation. This is + * controlled through mbedtls_ecp_set_max_ops() which limits the maximum + * number of ECC operations a function may perform before pausing; see * mbedtls_ecp_set_max_ops() for more information. * * This is useful in non-threaded environments if you want to avoid blocking diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 617e9137c..b0da06a30 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -787,11 +787,11 @@ * Enable "non-blocking" ECC operations that can return early and be resumed. * * This allows various functions to pause by returning - * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in Mbed TLS's SSL module, - * MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order - * to further progress and eventually complete their operation. This is - * controlled through mbedtls_ecp_set_max_ops() which limits the maximum number - * of ECC operations a function may perform before pausing; see + * #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module, + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in + * order to further progress and eventually complete their operation. This is + * controlled through mbedtls_ecp_set_max_ops() which limits the maximum + * number of ECC operations a function may perform before pausing; see * mbedtls_ecp_set_max_ops() for more information. * * This is useful in non-threaded environments if you want to avoid blocking diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index d04cc49b6..4c05b4fd0 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -375,19 +375,19 @@ mbedtls_ecp_keypair; * same; they must not be used until the function finally * returns 0. * - * This only applies to functions whose documentation mentions - * they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or - * `MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS` for functions in the - * Mbed TLS SSL module). For functions that accept a "restart - * context" argument, passing NULL disables restart and makes - * the function equivalent to the function with the same name + * This only applies to functions whose documentation + * mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or + * #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the + * SSL module). For functions that accept a "restart context" + * argument, passing NULL disables restart and makes the + * function equivalent to the function with the same name * with \c _restartable removed. For functions in the ECDH - * module, restart is disabled unless the function accepts an - * "ECDH context" argument and mbedtls_ecdh_enable_restart() - * was previously called on that context. For function in the - * Mbed TLS SSL module, restart is only enabled for specific - * sides and key exchanges (currently only for clients and - * ECDHE-ECDSA). + * module, restart is disabled unless the function accepts + * an "ECDH context" argument and + * mbedtls_ecdh_enable_restart() was previously called on + * that context. For function in the SSL module, restart is + * only enabled for specific sides and key exchanges + * (currently only for clients and ECDHE-ECDSA). * * \param max_ops Maximum number of basic operations done in a row. * Default: 0 (unlimited). diff --git a/library/ecp.c b/library/ecp.c index e156fcbe2..ee0a460ab 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -374,7 +374,7 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp, * Curves are listed in order: largest curves first, and for a given size, * fastest curves first. This provides the default order for the SSL module. * - * Reminder: update profiles in Mbed TLS's x509_crt.c when adding new curves! + * Reminder: update profiles in x509_crt.c when adding a new curves! */ static const mbedtls_ecp_curve_info ecp_supported_curves[] = {