The current signature verification sample supports OpenSSL-based verification, while non-OpenSSL builds fall back to a temporary stub implementation.
For platforms or build environments where MbedTLS is used instead of OpenSSL, the project should provide an actual signature verification implementation.
Current behavior
When OPENSSL is defined, signature_verify() performs real signature verification.
When OpenSSL is not used, the code currently falls back to a temporary stub implementation. This means that builds using MbedTLS do not currently perform real signature verification.
Proposed change
Add an MbedTLS-based implementation of signature_verify() guarded by MBEDTLS.
The implementation should:
- calculate a SHA-256 hash of the input data,
- load the ECDSA curve group,
- retrieve and load the public key,
- parse the ECDSA signature in DER format,
- verify the signature using MbedTLS.
Motivation
Some embedded targets use MbedTLS instead of OpenSSL. Adding MbedTLS support allows these targets to perform real signature verification without depending on OpenSSL.
Expected impact
When MBEDTLS is defined, signature_verify() should perform real ECDSA signature verification instead of using the temporary stub.
The existing OpenSSL implementation should remain unchanged.
Builds without OpenSSL or MbedTLS can continue to use the existing fallback behavior.
The current signature verification sample supports OpenSSL-based verification, while non-OpenSSL builds fall back to a temporary stub implementation.
For platforms or build environments where MbedTLS is used instead of OpenSSL, the project should provide an actual signature verification implementation.
Current behavior
When
OPENSSLis defined,signature_verify()performs real signature verification.When OpenSSL is not used, the code currently falls back to a temporary stub implementation. This means that builds using MbedTLS do not currently perform real signature verification.
Proposed change
Add an MbedTLS-based implementation of
signature_verify()guarded byMBEDTLS.The implementation should:
Motivation
Some embedded targets use MbedTLS instead of OpenSSL. Adding MbedTLS support allows these targets to perform real signature verification without depending on OpenSSL.
Expected impact
When
MBEDTLSis defined,signature_verify()should perform real ECDSA signature verification instead of using the temporary stub.The existing OpenSSL implementation should remain unchanged.
Builds without OpenSSL or MbedTLS can continue to use the existing fallback behavior.