Fix to not warn about `WC_RSA_BLINDING` in FIPS mode. Add `WC_RSA_BLINDING` to Windows `user_settings.h`.

2017-07-10 18:41:22 -07:00 · 2017-07-10 18:41:22 -07:00 · 792fcefbb7
parent 171796e8e2
commit 792fcefbb7
2 changed files with 19 additions and 14 deletions
--- a/IDE/WIN/user_settings.h
+++ b/IDE/WIN/user_settings.h
@ -22,20 +22,25 @@
    #define NO_RABBIT
    #define NO_DSA
    #define NO_MD4
-#elif defined(WOLFSSL_LIB)
-    /* The lib */
-    #define OPENSSL_EXTRA
-    #define WOLFSSL_RIPEMD
-    #define WOLFSSL_SHA512
-    #define NO_PSK
-    #define HAVE_EXTENDED_MASTER
-    #define WOLFSSL_SNIFFER
-    #define HAVE_TLS_EXTENSIONS
-    #define HAVE_SECURE_RENEGOTIATION
 #else
-    /* The servers and clients */
-    #define OPENSSL_EXTRA
-    #define NO_PSK
+    /* Enables blinding mode, to prevent timing attacks */
+    #define WC_RSA_BLINDING
+
+    #if defined(WOLFSSL_LIB)
+        /* The lib */
+        #define OPENSSL_EXTRA
+        #define WOLFSSL_RIPEMD
+        #define WOLFSSL_SHA512
+        #define NO_PSK
+        #define HAVE_EXTENDED_MASTER
+        #define WOLFSSL_SNIFFER
+        #define HAVE_TLS_EXTENSIONS
+        #define HAVE_SECURE_RENEGOTIATION
+    #else
+        /* The servers and clients */
+        #define OPENSSL_EXTRA
+        #define NO_PSK
+    #endif
 #endif /* HAVE_FIPS */

 #endif /* _WIN_USER_SETTINGS_H_ */
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -1601,7 +1601,7 @@ extern void uITRON4_free(void *p) ;
 #ifndef WC_NO_HARDEN
    #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \
        (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \
-        (!defined(NO_RSA) && !defined(WC_RSA_BLINDING))
+        (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS))

        #ifndef _MSC_VER
            #warning "For timing resistance / side-channel attack prevention consider using harden options"