diff --git a/IDE/WIN10/user_settings.h b/IDE/WIN10/user_settings.h old mode 100755 new mode 100644 index f1ad214ea..15476f9e2 --- a/IDE/WIN10/user_settings.h +++ b/IDE/WIN10/user_settings.h @@ -32,13 +32,16 @@ #define ECC_SHAMIR #define HAVE_ECC_CDH #define ECC_TIMING_RESISTANT + #define TFM_TIMING_RESISTANT #define WOLFSSL_AES_COUNTER #define WOLFSSL_AES_DIRECT #define HAVE_AES_ECB #define HAVE_AESCCM #define WOLFSSL_CMAC #define HAVE_HKDF - #define WOLFSSL_PUBLIC_MP + #define WOLFSSL_VALIDATE_ECC_IMPORT + #define WOLFSSL_VALIDATE_FFC_IMPORT + #define HAVE_FFDHE_Q #endif /* FIPS v2 */ #else /* Enables blinding mode, to prevent timing attacks */ diff --git a/configure.ac b/configure.ac index 36f33f096..53f5247cf 100644 --- a/configure.ac +++ b/configure.ac @@ -2060,7 +2060,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" # Add the FIPS flag. AS_IF([test "x$FIPS_VERSION" = "xv2"], - [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144 -DWOLFSSL_VALIDATE_FFC_IMPORT" + [AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS_VERSION=2 -DWOLFSSL_KEY_GEN -DWOLFSSL_SHA224 -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DHAVE_ECC_CDH -DWC_RSA_NO_PADDING -DFP_MAX_BITS=6144 -DWOLFSSL_VALIDATE_FFC_IMPORT -DHAVE_FFDHE_Q" ENABLED_KEYGEN="yes" ENABLED_SHA224="yes" AS_IF([test "x$ENABLED_AESCCM" != "xyes"], @@ -2073,7 +2073,8 @@ then [ENABLED_ECC="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256 -DWOLFSSL_VALIDATE_ECC_IMPORT" AS_IF([test "x$ENABLED_ECC_SHAMIR" = "xyes"], - [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])]) + [AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR"])], + [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VALIDATE_ECC_IMPORT"]) AS_IF([test "x$ENABLED_AESCTR" != "xyes"], [ENABLED_AESCTR="yes" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_COUNTER"]) diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h old mode 100755 new mode 100644