Fix get_num_ops internal code.
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 36d48ad..3ec9273 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3487,15 +3487,12 @@
}
uint32_t mbedtls_psa_sign_hash_get_num_ops(
- mbedtls_psa_sign_hash_interruptible_operation_t *operation)
+ const mbedtls_psa_sign_hash_interruptible_operation_t *operation)
{
#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
defined(MBEDTLS_ECP_RESTARTABLE)
- /* Hide the fact that the restart context only holds a delta of number of
- * ops done during the last operation, not an absolute value. */
- operation->num_ops += operation->restart_ctx.ecp.ops_done;
return operation->num_ops;
#else
(void) operation;
@@ -3506,15 +3503,12 @@
}
uint32_t mbedtls_psa_verify_hash_get_num_ops(
- mbedtls_psa_verify_hash_interruptible_operation_t *operation)
+ const mbedtls_psa_verify_hash_interruptible_operation_t *operation)
{
#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
defined(MBEDTLS_ECP_RESTARTABLE)
- /* Hide the fact that the restart context only holds a delta of number of
- * ops done during the last operation, not an absolute value. */
- operation->num_ops += operation->restart_ctx.ecp.ops_done;
return operation->num_ops;
#else
(void) operation;
@@ -3657,6 +3651,10 @@
&operation->restart_ctx));
}
+ /* Hide the fact that the restart context only holds a delta of number of
+ * ops done during the last operation, not an absolute value. */
+ operation->num_ops += operation->restart_ctx.ecp.ops_done;
+
if (status == PSA_SUCCESS) {
status = mbedtls_to_psa_error(
mbedtls_mpi_write_binary(&r,
@@ -3853,7 +3851,9 @@
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \
defined(MBEDTLS_ECP_RESTARTABLE)
- return mbedtls_to_psa_error(
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ status = mbedtls_to_psa_error(
mbedtls_ecdsa_verify_restartable(&operation->ctx->grp,
operation->hash,
operation->hash_length,
@@ -3862,6 +3862,11 @@
&operation->s,
&operation->restart_ctx));
+ /* Hide the fact that the restart context only holds a delta of number of
+ * ops done during the last operation, not an absolute value. */
+ operation->num_ops += operation->restart_ctx.ecp.ops_done;
+
+ return status;
#else
(void) operation;
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 0ef0131..b1817e2 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -656,7 +656,7 @@
* mbedtls_psa_sign_hash_complete().
*/
uint32_t mbedtls_psa_sign_hash_get_num_ops(
- mbedtls_psa_sign_hash_interruptible_operation_t *operation);
+ const mbedtls_psa_sign_hash_interruptible_operation_t *operation);
/**
* \brief Get the number of ops that a hash verification operation has taken for
@@ -677,7 +677,7 @@
* mbedtls_psa_verify_hash_complete().
*/
uint32_t mbedtls_psa_verify_hash_get_num_ops(
- mbedtls_psa_verify_hash_interruptible_operation_t *operation);
+ const mbedtls_psa_verify_hash_interruptible_operation_t *operation);
/**
* \brief Start signing a hash or short message with a private key, in an