|
@@ -1,50 +0,0 @@
|
|
|
-Since commit 6467de5a8840 ("Randomize z ordinates in scalar
|
|
|
-mult when timing resistant") wolfssl requires a RNG for an EC
|
|
|
-key when the hardened built option is selected.
|
|
|
-
|
|
|
-wc_ecc_set_rng is only available when built hardened, so there
|
|
|
-is no safe way to install the RNG to the key regardless whether
|
|
|
-or not wolfssl is compiled hardened.
|
|
|
-
|
|
|
-Always export wc_ecc_set_rng so tools such as hostapd can install
|
|
|
-RNG regardless of the built settings for wolfssl.
|
|
|
-
|
|
|
---- a/wolfcrypt/src/ecc.c
|
|
|
-+++ b/wolfcrypt/src/ecc.c
|
|
|
-@@ -12348,21 +12348,21 @@ void wc_ecc_fp_free(void)
|
|
|
-
|
|
|
- #endif /* FP_ECC */
|
|
|
-
|
|
|
--#ifdef ECC_TIMING_RESISTANT
|
|
|
- int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
|
|
|
- {
|
|
|
- int err = 0;
|
|
|
-
|
|
|
-+#ifdef ECC_TIMING_RESISTANT
|
|
|
- if (key == NULL) {
|
|
|
- err = BAD_FUNC_ARG;
|
|
|
- }
|
|
|
- else {
|
|
|
- key->rng = rng;
|
|
|
- }
|
|
|
-+#endif
|
|
|
-
|
|
|
- return err;
|
|
|
- }
|
|
|
--#endif
|
|
|
-
|
|
|
- #ifdef HAVE_ECC_ENCRYPT
|
|
|
-
|
|
|
---- a/wolfssl/wolfcrypt/ecc.h
|
|
|
-+++ b/wolfssl/wolfcrypt/ecc.h
|
|
|
-@@ -650,10 +650,8 @@ WOLFSSL_ABI WOLFSSL_API
|
|
|
- void wc_ecc_fp_free(void);
|
|
|
- WOLFSSL_LOCAL
|
|
|
- void wc_ecc_fp_init(void);
|
|
|
--#ifdef ECC_TIMING_RESISTANT
|
|
|
- WOLFSSL_API
|
|
|
- int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
|
|
|
--#endif
|
|
|
-
|
|
|
- WOLFSSL_API
|
|
|
- int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
|