Add minified HMAC_DRBG for deterministic ECDSA

commit: 461d416892d77efe44b8bb073d80043c2c531064 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jan 06 10:16:28 2014 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon Jan 06 11:01:38 2014 +0100
tree: 881123dbdc1d47c7b3de2f3369f0784ffb04fcdc
parent: e7072f8d1171a7e6e5ec1f7c15030a884f1933e2 [diff] [blame]
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index ca0c176..f4f5f77 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h

@@ -279,6 +279,18 @@
 #define POLARSSL_ECP_NIST_OPTIM
 
 /**
+ * \def POLARSSL_ECDSA_DETERMINISTIC
+ *
+ * Enable deterministic ECDSA (RFC 6979).
+ * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
+ * may result in a compromise of the long-term signing key. This is avoided by
+ * the deterministic variant.
+ *
+ * Comment this macro to disable deterministic ECDSA.
+ */
+#define POLARSSL_ECDSA_DETERMINISTIC
+
+/**
  * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
  *
  * Enable the PSK based ciphersuite modes in SSL / TLS.
commit	461d416892d77efe44b8bb073d80043c2c531064	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Jan 06 10:16:28 2014 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon Jan 06 11:01:38 2014 +0100
tree	881123dbdc1d47c7b3de2f3369f0784ffb04fcdc
parent	e7072f8d1171a7e6e5ec1f7c15030a884f1933e2 [diff] [blame]