From b2812cc2746311c6dc7d72242f434bf09c25d807 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 9 Dec 2022 09:53:55 +0100 Subject: [PATCH] Clarify documentation of ECP_RESTARTABLE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/mbedtls_config.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 5d4033c17..b4f5eb7d4 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -693,7 +693,8 @@ * This option: * - Adds xxx_restartable() variants of existing operations in the * following modules, with corresponding restart context types: - * - ECP: scalar multiplication (mult), linear combination (muladd); + * - ECP (for Short Weierstrass curves only): scalar multiplication (mul), + * linear combination (muladd); * - ECDSA: signature generation & verification; * - PK: signature generation & verification; * - X509: certificate chain verification. @@ -701,12 +702,12 @@ * - Changes the behaviour of TLS 1.2 clients (not servers) when using the * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC * computations restartable: - * - ECDH operations from the key exchange - unless MBEDTLS_USE_PSA_CRYPTO - * is also enabled. + * - ECDH operations from the key exchange, only for Short Weierstass + * curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled. * - verification of the server's key exchange signature; * - verification of the server's certificate chain; - * - generation of our signature if client authentication is used, with an - * ECC key/certificate. + * - generation of the client's signature if client authentication is used, + * with an ECC key/certificate. * * \note In the cases above, the usual SSL/TLS functions, such as * mbedtls_ssl_handshake(), can now return @@ -715,14 +716,13 @@ * \note When this option and MBEDTLS_USE_PSA_CRYPTO are both enabled, * restartable operations in PK, X.509 and TLS (see above) are not * using PSA. On the other hand, ECDH computations in TLS are using - * PSA, and are not restartable. + * PSA, and are not restartable. These are temporary limitations that + * should be lifted in the future. * * \note This option only works with the default software implementation of * elliptic curve functionality. It is incompatible with * MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT. * - * \note This option only works for Short Weierstrass curves. - * * Requires: MBEDTLS_ECP_C * * Uncomment this macro to enable restartable ECC computations.