diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b317d7021..980ec5e66 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -97,7 +97,7 @@ extern "C" { /* Note: when adding a new curve: * - Add it at the end of this enum, otherwise you'll break the ABI by * changing the numerical value for existing curves. - * - Increment MBEDTLS_ECP_DP_MAX below. + * - Increment MBEDTLS_ECP_DP_MAX below if needed. * - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to * config.h. * - List the curve as a dependency of MBEDTLS_ECP_C and diff --git a/library/ecp.c b/library/ecp.c index 0c901b0ac..d6ef5edc4 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3295,6 +3295,9 @@ cleanup: #if defined(MBEDTLS_SELF_TEST) +/* Adjust the exponent to be a valid private point for the specified curve. + * This is sometimes necessary because we use a single set of exponents + * for all curves but the validity of values depends on the curve. */ static int self_test_adjust_exponent( const mbedtls_ecp_group *grp, mbedtls_mpi *m ) { @@ -3328,11 +3331,13 @@ cleanup: return( ret ); } +/* Calculate R = m.P for each m in exponents. Check that the number of + * basic operations doesn't depend on the value of m. */ static int self_test_point( int verbose, mbedtls_ecp_group *grp, mbedtls_ecp_point *R, mbedtls_mpi *m, - mbedtls_ecp_point *P, + const mbedtls_ecp_point *P, const char *const *exponents, size_t n_exponents ) { @@ -3407,6 +3412,9 @@ int mbedtls_ecp_self_test( int verbose ) #if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED) const char *m_exponents[] = { + /* Valid private values for Curve25519. In a build with Curve448 + * but not Curve25519, they will be adjusted in + * self_test_adjust_exponent(). */ "4000000000000000000000000000000000000000000000000000000000000000", "5C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C3C30", "5715ECCE24583F7A7023C24164390586842E816D7280A49EF6DF4EAE6B280BF8",