Force WolfSSL side-channel resistance
There seems to be some build-bug in WolfSSL, such that even though --enable-harden (HARDEN) is default, it's not set correctly in options.h . So we define it correctly just after parsing all other config options BUT BEFORE we load the rest of WolfSSL headers. These will be defined no matter what options are given to wolfssl ./configure: ECC_TIMING_RESISTANT TFM_TIMING_RESISTANT
This commit is contained in:
Duke Leto
@@ -42,9 +42,13 @@
|
||||
#include <boost/filesystem/path.hpp>
|
||||
#include <boost/foreach.hpp>
|
||||
#include <boost/signals2/signal.hpp>
|
||||
// Enable side-channel resistant WolfSSL Support for Hush
|
||||
#define ECC_TIMING_RESISTANT 420
|
||||
// Enable WolfSSL Support for Hush
|
||||
#include <wolfssl/options.h>
|
||||
// TODO: these are not set correctly by wolfssl for some reason. Ja bless.
|
||||
#undef ECC_TIMING_RESISTANT
|
||||
#undef TFM_TIMING_RESISTANT
|
||||
#define ECC_TIMING_RESISTANT 420
|
||||
#define TFM_TIMING_RESISTANT 420
|
||||
#include <wolfssl/ssl.h>
|
||||
|
||||
class CAddrMan;
|
||||
|
||||
Reference in New Issue
Block a user