feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #1016 from dgarske/fix_harden

Browse Source 
Warn if hardening options are not defined and not disabled using `WC_NO_HARDEN`
This commit is contained in:
toddouska
2017-07-12 09:27:32 -06:00
committed by GitHub
parent dc5e6f789d 792fcefbb7
commit 43ad30d364
4 changed files with 40 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
View File

@ -120,6 +120,11 @@ extern "C" {
/* half as much memory but twice as slow */ /* half as much memory but twice as slow */
#undef RSA_LOW_MEM #undef RSA_LOW_MEM
//#define RSA_LOW_MEM //#define RSA_LOW_MEM
/* Enables blinding mode, to prevent timing attacks */
#undef WC_RSA_BLINDING
#define WC_RSA_BLINDING
#else #else
#define NO_RSA #define NO_RSA
#endif #endif

31
IDE/WIN/user_settings.h
View File

@ -22,20 +22,25 @@
#define NO_RABBIT #define NO_RABBIT
#define NO_DSA #define NO_DSA
#define NO_MD4 #define NO_MD4
#elif defined(WOLFSSL_LIB)
/* The lib */
#define OPENSSL_EXTRA
#define WOLFSSL_RIPEMD
#define WOLFSSL_SHA512
#define NO_PSK
#define HAVE_EXTENDED_MASTER
#define WOLFSSL_SNIFFER
#define HAVE_TLS_EXTENSIONS
#define HAVE_SECURE_RENEGOTIATION
#else #else
/* The servers and clients */ /* Enables blinding mode, to prevent timing attacks */
#define OPENSSL_EXTRA #define WC_RSA_BLINDING
#define NO_PSK
#if defined(WOLFSSL_LIB)
/* The lib */
#define OPENSSL_EXTRA
#define WOLFSSL_RIPEMD
#define WOLFSSL_SHA512
#define NO_PSK
#define HAVE_EXTENDED_MASTER
#define WOLFSSL_SNIFFER
#define HAVE_TLS_EXTENSIONS
#define HAVE_SECURE_RENEGOTIATION
#else
/* The servers and clients */
#define OPENSSL_EXTRA
#define NO_PSK
#endif
#endif /* HAVE_FIPS */ #endif /* HAVE_FIPS */
#endif /* _WIN_USER_SETTINGS_H_ */ #endif /* _WIN_USER_SETTINGS_H_ */

2
configure.ac
View File

@ -408,6 +408,8 @@ AC_ARG_ENABLE([harden],
if test "$ENABLED_HARDEN" = "yes" if test "$ENABLED_HARDEN" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING" AM_CFLAGS="$AM_CFLAGS -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING"
else
AM_CFLAGS="$AM_CFLAGS -DWC_NO_HARDEN"
fi fi

15
wolfssl/wolfcrypt/settings.h
View File

@ -1596,6 +1596,21 @@ extern void uITRON4_free(void *p) ;
#define ED25519_SMALL #define ED25519_SMALL
#endif #endif
/* warning for not using harden build options (default with ./configure) */
#ifndef WC_NO_HARDEN
#if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
(defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
(!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS))
#ifndef _MSC_VER
#warning "For timing resistance / side-channel attack prevention consider using harden options"
#else
#pragma message("Warning: For timing resistance / side-channel attack prevention consider using harden options")
#endif
#endif
#endif
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif