Update documentation for new design/API

EC-JPAKE warning is no longer needed as we now have separate _restartable()
functions, and JPAKE will just call the non-restartable version.

Concurrency warning removed as this is one of the reasons why this design was
chosen.
This commit is contained in:
Manuel Pégourié-Gonnard 2017-04-19 10:20:49 +02:00
parent b739a712d1
commit 8f28addb27

View File

@ -273,6 +273,10 @@ typedef struct
* then need to be called again with the same arguments until * then need to be called again with the same arguments until
* it returns 0 or an other error code. * it returns 0 or an other error code.
* *
* This only affects functions that accept a pointer to a
* \c mbedtls_ecp_restart_ctx as an argument, and only works
* if that pointer valid (in particular, not NULL).
*
* \param max_ops Maximum number of basic operations done in a row. * \param max_ops Maximum number of basic operations done in a row.
* Default: 0 (unlimited). * Default: 0 (unlimited).
* Lower (non-zero) values mean ECC functions will block for * Lower (non-zero) values mean ECC functions will block for
@ -296,19 +300,6 @@ typedef struct
* - around 330 basic operations for P-384 * - around 330 basic operations for P-384
* *
* \note This setting is currently ignored by Curve25519 * \note This setting is currently ignored by Curve25519
*
* \warning The ECJPAKE module is currently not compatible with this
* feature. \c max_ops must always be 0 while using ECJPAKE.
*
* \warning NOT thread-safe: when \c max_ops is not zero, sharing a
* \c mbedtls_ecp_group structure, or a
* \c mbedtls_pk_context structure wrapping an ECC key,
* between concurrent threads of execution is NOT supported.
* For (D)TLS, that means it's not safe to concurrently run
* two handshakes that use the same private EC key for
* authenticating ourselves; it is however safe to maintain
* multiple simultaneous connections as long as the
* handshakes are not concurrent or don't use the same key.
*/ */
void mbedtls_ecp_set_max_ops( unsigned max_ops ); void mbedtls_ecp_set_max_ops( unsigned max_ops );
#endif /* MBEDTLS_ECP_EARLY_RETURN */ #endif /* MBEDTLS_ECP_EARLY_RETURN */