Merge remote-tracking branch 'upstream-public/pr/1027' into development
diff --git a/ChangeLog b/ChangeLog
index 2284f34..54a740a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,12 @@
MBEDTLS_CMAC_ALT). Submitted by Steve Cooreman, Silicon Labs.
* Add support for alternative implementations of GCM, selected by the
configuration flag MBEDTLS_GCM_ALT.
+ * Add support for alternative implementations for ECDSA, controlled by new
+ configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and
+ MBEDTLS_ECDSDA_GENKEY_AT in config.h.
+ The following functions from the ECDSA module can be replaced
+ with alternative implementation:
+ mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey().
New deprecations
* Deprecate usage of RSA primitives with non-matching key-type
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 7c06815..1848ac1 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -332,6 +332,9 @@
//#define MBEDTLS_AES_SETKEY_DEC_ALT
//#define MBEDTLS_AES_ENCRYPT_ALT
//#define MBEDTLS_AES_DECRYPT_ALT
+//#define MBEDTLS_ECDSA_VERIFY_ALT
+//#define MBEDTLS_ECDSA_SIGN_ALT
+//#define MBEDTLS_ECDSA_GENKEY_ALT
/**
* \def MBEDTLS_ECP_INTERNAL_ALT
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 8892317..826fefe 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -65,6 +65,7 @@
return( ret );
}
+#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
/*
* Compute ECDSA signature of a hashed message (SEC1 4.1.3)
* Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
@@ -157,6 +158,7 @@
return( ret );
}
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/*
@@ -196,6 +198,7 @@
}
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
/*
* Verify ECDSA signature of hashed message (SEC1 4.1.4)
* Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
@@ -281,6 +284,7 @@
return( ret );
}
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
/*
* Convert a signature (given by context) to ASN.1
@@ -406,6 +410,7 @@
return( ret );
}
+#if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
/*
* Generate key pair
*/
@@ -415,6 +420,7 @@
return( mbedtls_ecp_group_load( &ctx->grp, gid ) ||
mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) );
}
+#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
/*
* Set context from an mbedtls_ecp_keypair
diff --git a/library/version_features.c b/library/version_features.c
index 49bba11..ceebcb0 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -177,6 +177,15 @@
#if defined(MBEDTLS_AES_DECRYPT_ALT)
"MBEDTLS_AES_DECRYPT_ALT",
#endif /* MBEDTLS_AES_DECRYPT_ALT */
+#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
+ "MBEDTLS_ECDSA_VERIFY_ALT",
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
+#if defined(MBEDTLS_ECDSA_SIGN_ALT)
+ "MBEDTLS_ECDSA_SIGN_ALT",
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
+#if defined(MBEDTLS_ECDSA_GENKEY_ALT)
+ "MBEDTLS_ECDSA_GENKEY_ALT",
+#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
#if defined(MBEDTLS_ECP_INTERNAL_ALT)
"MBEDTLS_ECP_INTERNAL_ALT",
#endif /* MBEDTLS_ECP_INTERNAL_ALT */