Disable MBEDTLS_RSA_FORCE_BLINDING by default This commit disables the new MBEDTLS_RSA_FORCE_BLINDING option by default to preserve backwards compatibility. Further, it deprecates disabling to prepare for a future release in which blinding will be unconditionally enforced.

commit: 936f72c641c0953cc288d01de30a2dd811b5f8ac [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Thu Sep 07 10:56:10 2017 +0100
committer: Hanno Becker <hanno.becker@arm.com> Thu Sep 07 13:09:58 2017 +0100
tree: 2274c21873495b3e4e59083e0d24a51aa5a1876d
parent: cc209ca56d0592404f5019a03f4887e383f956d0 [diff] [blame]
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index d54f0c3..741ce41 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h

@@ -980,6 +980,11 @@
  * Comment this macro to allow RSA private key operations
  * without blinding.
  *
+ * \deprecated Disabling this option is deprecated and only
+ *             disabled by default for backwards compatibility.
+ *             Future versions of Mbed TLS will remove this
+ *             option and enforce blinding unconditionally.
+ *
  * \warning   Disabling this can be a security risk!
  *            Blinding RSA private key operations is a way
  *            to prevent statistical timing attacks as in
@@ -998,7 +1003,7 @@
  *            private key operations, see the documentation
  *            of \c mbedtls_rsa_private.
  */
-#define MBEDTLS_RSA_FORCE_BLINDING
+//#define MBEDTLS_RSA_FORCE_BLINDING
 
 /**
  * \def MBEDTLS_RSA_NO_CRT
commit	936f72c641c0953cc288d01de30a2dd811b5f8ac	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Thu Sep 07 10:56:10 2017 +0100
committer	Hanno Becker <hanno.becker@arm.com>	Thu Sep 07 13:09:58 2017 +0100
tree	2274c21873495b3e4e59083e0d24a51aa5a1876d
parent	cc209ca56d0592404f5019a03f4887e383f956d0 [diff] [blame]