pk_sign() now requires non-NONE md_alg for ECDSA

2015-03-31 11:04:45 +02:00 · 2015-03-31 11:04:45 +02:00 · b8cfe3f0d9
commit b8cfe3f0d9
parent fa44f20b9f
5 changed files with 11 additions and 42 deletions
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@ -52,6 +52,8 @@ extern "C" {
 /**
 * \brief           Compute ECDSA signature of a previously hashed message
 *
+ * \note            The deterministic version is usually prefered.
+ *
 * \param grp       ECP group
 * \param r         First output integer
 * \param s         Second output integer
@ -70,8 +72,8 @@ int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,

 #if defined(POLARSSL_ECDSA_DETERMINISTIC)
 /**
- * \brief           Compute ECDSA signature of a previously hashed message
- *                  (deterministic version)
+ * \brief           Compute ECDSA signature of a previously hashed message,
+ *                  deterministic version (RFC 6979).
 *
 * \param grp       ECP group
 * \param r         First output integer
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -377,7 +377,8 @@ int pk_verify_ext( pk_type_t type, const void *options,
 * \note            If hash_len is 0, then the length associated with md_alg
 *                  is used instead, or an error returned if it is invalid.
 *
- * \note            md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
+ * \note            For RSA, md_alg may be POLARSSL_MD_NONE if hash_len != 0.
+ *                  For ECDSA, md_alg may never be POLARSSL_MD_NONE.
 */
 int pk_sign( pk_context *ctx, md_type_t md_alg,
             const unsigned char *hash, size_t hash_len,