1 Since commit 6467de5a8840 ("Randomize z ordinates in scalar
2 mult when timing resistant") wolfssl requires a RNG for an EC
3 key when the hardened built option is selected.
5 wc_ecc_set_rng is only available when built hardened, so there
6 is no safe way to install the RNG to the key regardless whether
7 or not wolfssl is compiled hardened.
9 Always export wc_ecc_set_rng so tools such as hostapd can install
10 RNG regardless of the built settings for wolfssl.
12 --- a/wolfcrypt/src/ecc.c
13 +++ b/wolfcrypt/src/ecc.c
14 @@ -12505,21 +12505,21 @@ void wc_ecc_fp_free(void)
18 -#ifdef ECC_TIMING_RESISTANT
19 int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
23 +#ifdef ECC_TIMING_RESISTANT
36 #ifdef HAVE_ECC_ENCRYPT
38 --- a/wolfssl/wolfcrypt/ecc.h
39 +++ b/wolfssl/wolfcrypt/ecc.h
40 @@ -656,10 +656,8 @@ WOLFSSL_ABI WOLFSSL_API
41 void wc_ecc_fp_free(void);
43 void wc_ecc_fp_init(void);
44 -#ifdef ECC_TIMING_RESISTANT
46 int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
50 int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);