Fix the ECDSA timing attack mentioned in the paper at:

[oweals/openssl.git] / Configure

diff --git a/Configure b/Configure
index 98e52c1543d1c5897b80078e3dac48474fc944da..a91ba80db64a5fa0ed8c33dc3571b19dc190dc4f 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -667,6 +667,7 @@ my $perl;
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+                "ec-nistp224-64-gcc-128" => "default",
                 "gmp"            => "default",
                  "jpake"          => "experimental",
                  "md2"            => "default",
@@ -946,6 +947,12 @@ if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
        $disabled{"gost"} = "forced";
        }
 
+# SRP requires TLSEXT
+if (defined($disabled{"tlsext"}))
+       {
+       $disabled{"srp"} = "forced";
+       }
+
 if ($target eq "TABLE") {
        foreach $target (sort keys %table) {
                print_table_entry($target);
@@ -995,7 +1002,7 @@ foreach (sort (keys %disabled))
        else
                {
                my ($ALGO, $algo);
-               ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/;
+               ($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
 
                if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
                        {
@@ -1111,6 +1118,12 @@ my ($prelflags,$postlflags)=split('%',$lflags);
 if (defined($postlflags))      { $lflags=$postlflags;  }
 else                           { $lflags=$prelflags; undef $prelflags; }
 
+if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
+       {
+       $cflags =~ s/\-mno\-cygwin\s*//;
+       $shared_ldflag =~ s/\-mno\-cygwin\s*//;
+       }
+
 my $no_shared_warn=0;
 my $no_user_cflags=0;