mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 12:20:52 +02:00
Extend check to cover ECC and Curve25519 blinding + no RNG as well.
This commit is contained in:
@@ -4202,7 +4202,8 @@ extern void uITRON4_free(void *p) ;
|
||||
#if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \
|
||||
!defined(FREESCALE_LTC_ECC) && !defined(WOLFSSL_ARMASM) && \
|
||||
(!defined(USE_INTEL_SPEEDUP) || defined(NO_CURVED25519_X64)) && \
|
||||
!defined(WOLFSSL_CURVE25519_BLINDING) && !defined(NO_CURVE25519_BLINDING)
|
||||
!defined(WOLFSSL_CURVE25519_BLINDING) && !defined(NO_CURVE25519_BLINDING) \
|
||||
&& !defined(WC_NO_RNG)
|
||||
#define WOLFSSL_CURVE25519_BLINDING
|
||||
#endif
|
||||
|
||||
@@ -4225,14 +4226,14 @@ extern void uITRON4_free(void *p) ;
|
||||
/* WC_NO_RNG silently removes RSA blinding, as blinding depends on the RNG.
|
||||
* Refuse to build until the conflict is resolved or the loss of hardening is
|
||||
* explicitly acknowledged via WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS. */
|
||||
#if defined(WC_NO_RNG) && defined(WC_RSA_BLINDING) && !defined(NO_RSA) && \
|
||||
!defined(WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS)
|
||||
#error "WC_NO_RNG combined with WC_RSA_BLINDING silently disables RSA \
|
||||
blinding as well as OAEP and PSS padding support, weakening RSA against \
|
||||
side-channel and chosen-ciphertext attacks. Resolve the conflict by \
|
||||
removing WC_NO_RNG, undefining WC_RSA_BLINDING, or defining NO_RSA. \
|
||||
To proceed anyway and accept the loss of RSA hardening, \
|
||||
define WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS."
|
||||
#if defined(WC_NO_RNG) && ((defined(WC_RSA_BLINDING) && !defined(NO_RSA)) || \
|
||||
(defined(HAVE_CURVE25519) && defined(WOLFSSL_CURVE25519_BLINDING)) || \
|
||||
(defined(HAVE_ECC) && defined(WOLFSSL_ECC_BLIND_K))) && \
|
||||
!defined(WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS)
|
||||
#error "Blinding is enabled but the RNG is disabled. Either remove \
|
||||
WC_NO_RNG to enable the RNG, disable blinding by removing WC_RSA_BLINDING/\
|
||||
WOLFSSL_CURVE25519_BLINDING/WOLFSSL_ECC_BLIND_K, or acknowledge the loss of \
|
||||
blinding by defining WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS."
|
||||
#endif
|
||||
|
||||
#ifdef OPENSSL_COEXIST
|
||||
|
||||
Reference in New Issue
Block a user