From: Ivo Timmermans Date: Fri, 14 Mar 2003 09:43:10 +0000 (+0000) Subject: Call RSA_blinding_on(), as advised in the paper on X-Git-Tag: release-1.0~102 X-Git-Url: https://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=2fff0a91a7e3e5f44e97255b6dd5807656b255a8;p=tinc Call RSA_blinding_on(), as advised in the paper on http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html to offer some resistance against timing attacks. --- diff --git a/src/net_setup.c b/src/net_setup.c index acb156cc..0eef4289 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.28 2003/01/14 12:53:59 guus Exp $ + $Id: net_setup.c,v 1.1.2.29 2003/03/14 09:43:10 zarq Exp $ */ #include "config.h" @@ -85,8 +85,10 @@ int read_rsa_public_key(connection_t *c) cp(); - if(!c->rsa_key) + if(!c->rsa_key) { c->rsa_key = RSA_new(); + RSA_blinding_on(c->rsa_key, NULL); + } /* First, check for simple PublicKey statement */ @@ -132,8 +134,10 @@ int read_rsa_public_key(connection_t *c) c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); fclose(fp); - if(c->rsa_key) + if(c->rsa_key) { + RSA_blinding_on(c->rsa_key, NULL); return 0; + } syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), fname, strerror(errno)); @@ -166,6 +170,7 @@ int read_rsa_public_key(connection_t *c) if(fp) { c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + RSA_blinding_on(c->rsa_key, NULL); fclose(fp); } @@ -188,6 +193,7 @@ int read_rsa_private_key(void) if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { myself->connection->rsa_key = RSA_new(); + RSA_blinding_on(myself->connection->rsa_key, NULL); BN_hex2bn(&myself->connection->rsa_key->d, key); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); free(key);