aboutsummaryrefslogtreecommitdiff
path: root/rsa.c
diff options
context:
space:
mode:
authorRob Austein <sra@hactrn.net>2017-03-04 14:29:59 -0500
committerRob Austein <sra@hactrn.net>2017-03-04 14:29:59 -0500
commit533b1b57b20671fa035029c4eb70b6673db4e2eb (patch)
treec755b79887174ce05cd90c3bc29bde48c8b5c9c7 /rsa.c
parent17c53b59b5502078e48c40935eeac70417101045 (diff)
Don't use assert() for point-on-curve checks.
The stock assert() implementation turns out to be problematic in the stm32 environment, due to the lack of an output device, which makes "assert(foo)" equivalent to "if (!foo) abort()", leading to silent hangs. We probably ought to reimplement assert() to do something more useful, but, for now, avoid using it for "impossible" conditions which we do seem to be triggering anyway, like the occasional point-not-on-curve errors we get for points we ourselves have picked when testing multiple ECDSA clients in parallel. This should never happen, and we need to figure out what's causing it, but hanging the HSM when it happens does not help very much. assert() is somewhat problematic in an embedded environment in any case, since anything that can go wrong really should have some kind of recovery action, but in some of the low-probability cases it's far from obvious what sane recovery action we could possibly take.
Diffstat (limited to 'rsa.c')
0 files changed, 0 insertions, 0 deletions