From 8b59049407f337cf9813f9012a81f6587e6c4d98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 14 Aug 2017 18:04:19 +0200 Subject: [PATCH] Make verify() actually restartable --- include/mbedtls/x509_crt.h | 17 ++- library/x509_crt.c | 137 +++++++++++++++++---- tests/data_files/Readme-x509.txt | 2 +- tests/suites/test_suite_x509parse.data | 70 ++++++++++- tests/suites/test_suite_x509parse.function | 10 ++ 5 files changed, 208 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index eb929d7e5..7487df619 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -171,7 +171,22 @@ typedef struct */ typedef struct { - mbedtls_ecdsa_restart_ctx ecdsa; /*!< ecdsa restart context */ + /* for check_signature() */ + mbedtls_ecdsa_restart_ctx ecdsa; + + /* for find_parent_in() */ + mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ + mbedtls_x509_crt *fallback_parent; + int fallback_sign_good; + + /* for find_parent() */ + int parent_is_trusted; /* -1 if find_parent is not in progress */ + + /* for verify_chain() */ + mbedtls_x509_crt *child; /* non-null iff in progress */ + int self_cnt; + mbedtls_x509_crt_verify_chain ver_chain; + } mbedtls_x509_crt_restart_ctx; #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 5c2d2c1b9..a0d1956dc 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1870,7 +1870,7 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child, if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) ) return( -1 ); -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA ) { return( mbedtls_pk_verify_restartable( &parent->pk, @@ -1961,8 +1961,23 @@ static int x509_crt_find_parent_in( mbedtls_x509_crt_restart_ctx *rs_ctx ) { int ret; - mbedtls_x509_crt *parent, *fallback_parent = NULL; - int signature_is_good = 0, fallback_sign_good = 0; + mbedtls_x509_crt *parent, *fallback_parent; + int signature_is_good, fallback_sign_good; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + /* restore state if we have some stored */ + if( rs_ctx != NULL && rs_ctx->parent != NULL ) + { + parent = rs_ctx->parent; + fallback_parent = rs_ctx->fallback_parent; + fallback_sign_good = rs_ctx->fallback_sign_good; + + goto check_signature; + } +#endif + + fallback_parent = NULL; + fallback_sign_good = 0; for( parent = candidates; parent != NULL; parent = parent->next ) { @@ -1978,14 +1993,24 @@ static int x509_crt_find_parent_in( } /* Signature */ +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +check_signature: +#endif ret = x509_crt_check_signature( child, parent, rs_ctx ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - // TODO: stave state + if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + { + /* save state */ + rs_ctx->parent = parent; + rs_ctx->fallback_parent = fallback_parent; + rs_ctx->fallback_sign_good = fallback_sign_good; + return( ret ); } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#else + (void) ret; +#endif signature_is_good = ret == 0; if( top && ! signature_is_good ) @@ -2018,6 +2043,16 @@ static int x509_crt_find_parent_in( *r_signature_is_good = fallback_sign_good; } +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL ) + { + /* reset state */ + rs_ctx->parent = NULL; + rs_ctx->fallback_parent = NULL; + rs_ctx->fallback_sign_good = 0; + } +#endif + return( 0 ); } @@ -2042,6 +2077,12 @@ static int x509_crt_find_parent( *parent_is_trusted = 1; +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + /* restore state if we have some stored */ + if( rs_ctx != NULL && rs_ctx->parent_is_trusted != -1) + *parent_is_trusted = rs_ctx->parent_is_trusted; +#endif + while( 1 ) { search_list = *parent_is_trusted ? trust_ca : child->next; @@ -2051,11 +2092,15 @@ static int x509_crt_find_parent( path_cnt, self_cnt, rs_ctx ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - // TODO: stave state + if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + { + /* save state */ + rs_ctx->parent_is_trusted = *parent_is_trusted; return( ret ); } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ +#else + (void) ret; +#endif /* stop here if found or already in second iteration */ if( *parent != NULL || *parent_is_trusted == 0 ) @@ -2072,6 +2117,12 @@ static int x509_crt_find_parent( signature_is_good = 0; } +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + /* reset state */ + if( rs_ctx != NULL ) + rs_ctx->parent_is_trusted = -1; +#endif + return( 0 ); } @@ -2155,12 +2206,31 @@ static int x509_crt_verify_chain( mbedtls_x509_crt_verify_chain_item *cur; mbedtls_x509_crt *child; mbedtls_x509_crt *parent; - int parent_is_trusted = 0; - int child_is_trusted = 0; - int signature_is_good = 0; - int self_cnt = 0; + int parent_is_trusted; + int child_is_trusted; + int signature_is_good; + int self_cnt; + +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + /* resume if we had an operation in progress */ + if( rs_ctx != NULL && rs_ctx->child != NULL ) + { + /* save state */ + child = rs_ctx->child; + self_cnt = rs_ctx->self_cnt; + *ver_chain = rs_ctx->ver_chain; + + cur = &ver_chain->items[ver_chain->len - 1]; + flags = &cur->flags; + + goto find_parent; + } +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ child = crt; + self_cnt = 0; + parent_is_trusted = 0; + child_is_trusted = 0; while( 1 ) { /* Add certificate to the verification chain */ @@ -2194,17 +2264,27 @@ static int x509_crt_verify_chain( return( 0 ); } +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) +find_parent: +#endif /* Look for a parent in trusted CAs or up the chain */ ret = x509_crt_find_parent( child, trust_ca, &parent, &parent_is_trusted, &signature_is_good, ver_chain->len - 1, self_cnt, rs_ctx ); #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - // TODO: stave state + if( rs_ctx != NULL && ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) + { + /* save state */ + rs_ctx->child = child; + rs_ctx->self_cnt = self_cnt; + rs_ctx-> ver_chain = *ver_chain; + return( ret ); -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ } +#else + (void) ret; +#endif /* No parent? We're done here */ if( parent == NULL ) @@ -2425,13 +2505,6 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile, &ver_chain, rs_ctx ); -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) { - // TODO: stave state - return( ret ); - } -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ - if( ret != 0 ) goto exit; @@ -2439,6 +2512,11 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt, ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy ); exit: +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) + mbedtls_x509_crt_restart_free( rs_ctx ); +#endif + /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by * the SSL module for authmode optional, but non-zero return from the * callback means a fatal error so it shouldn't be ignored */ @@ -2554,6 +2632,17 @@ void mbedtls_x509_crt_free( mbedtls_x509_crt *crt ) void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx ) { mbedtls_ecdsa_restart_init( &ctx->ecdsa ); + + ctx->parent = NULL; + ctx->fallback_parent = NULL; + ctx->fallback_sign_good = 0; + + ctx->parent_is_trusted = -1; + + ctx->child = NULL; + ctx->self_cnt = 0; + memset( ctx->ver_chain.items, 0, sizeof( ctx->ver_chain.items ) ); + ctx->ver_chain.len = 0; } /* @@ -2565,6 +2654,8 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ) return; mbedtls_ecdsa_restart_free( &ctx->ecdsa ); + + mbedtls_x509_crt_restart_init( ctx ); } #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index d1a6c2d27..185fb3412 100644 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -17,7 +17,7 @@ Two intermediate CAs are signed by them: - test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA" uses RSA-4096, signed by test-ca2 - test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA" - uses an EC key with NIST P-256, signed by test-ca + uses an EC key with NIST P-384, signed by test-ca A third intermediate CA is signed by test-int-ca2.crt: - test-int-ca3.crt "C=UK, O=mbed TLS, CN=mbed TLS Test intermediate CA 3" diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b3e1c1cdf..1c553b456 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1810,22 +1810,86 @@ X509 cert verify restart: trusted EE, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:0:0:0 +X509 cert verify restart: trusted EE, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_verify_restart:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:0:1:0:0 + X509 cert verify restart: no intermediate, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:0:0:0 +X509 cert verify restart: no intermediate, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:1:100:10000 + +X509 cert verify restart: no intermediate, max_ops=40000 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:40000:0:0 + +X509 cert verify restart: no intermediate, max_ops=500 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5.crt":"data_files/test-ca2.crt":0:0:500:20:80 + X509 cert verify restart: no intermediate, badsign, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 -X509 cert verify restart: one intermediate, max_ops=0 +X509 cert verify restart: no intermediate, badsign, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 + +X509 cert verify restart: no intermediate, badsign, max_ops=40000 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:40000:0:0 + +X509 cert verify restart: no intermediate, badsign, max_ops=500 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +x509_verify_restart:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:20:80 + +X509 cert verify restart: one int, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:0:0:0 -X509 cert verify restart: one intermediate, EE badsign, max_ops=0 +X509 cert verify restart: one int, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:1:100:10000 + +X509 cert verify restart: one int, max_ops=30000 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:30000:0:0 + +X509 cert verify restart: one int, max_ops=500 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3_int-ca2.crt":"data_files/test-int-ca2.crt":0:0:500:25:100 + +X509 cert verify restart: one int, EE badsign, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 -X509 cert verify restart: one intermediate, int badsign, max_ops=0 +X509 cert verify restart: one int, EE badsign, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 + +X509 cert verify restart: one int, EE badsign, max_ops=30000 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 + +X509 cert verify restart: one int, EE badsign, max_ops=500 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10-bs_int3.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 + +X509 cert verify restart: one int, int badsign, max_ops=0 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:0:0:0 + +X509 cert verify restart: one int, int badsign, max_ops=1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:1:100:10000 + +X509 cert verify restart: one int, int badsign, max_ops=30000 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:30000:0:0 + +X509 cert verify restart: one int, int badsign, max_ops=500 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C +x509_verify_restart:"data_files/server10_int3-bs.pem":"data_files/test-int-ca2.crt":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:500:25:100 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f899eb018..c12aaef0c 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -272,6 +272,16 @@ void x509_verify_restart( char *crt_file, char *ca_file, mbedtls_x509_crt ca; uint32_t flags = 0; + /* + * See comments on ecp_test_vect_restart() for op count precision. + * + * For reference, with mbed TLS 2.6 and default settings: + * - ecdsa_verify() for P-256: ~ 6700 + * - ecdsa_verify() for P-384: ~ 18800 + * - x509_verify() for server5 -> test-ca2: ~ 18800 + * - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500 + */ + mbedtls_x509_crt_restart_init( &rs_ctx ); mbedtls_x509_crt_init( &crt ); mbedtls_x509_crt_init( &ca );