Add minified HMAC_DRBG for deterministic ECDSA

2025-07-28 00:21:48 +03:00 · 2014-01-06 10:16:28 +01:00
parent e7072f8d11
commit 461d416892
2 changed files with 135 additions and 0 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -278,6 +278,18 @@
 */
 #define POLARSSL_ECP_NIST_OPTIM

+/**
+ * \def POLARSSL_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define POLARSSL_ECDSA_DETERMINISTIC
+
 /**
 * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
 *