From: Ivo Timmermans <ivo@lychnis.net>
Date: Fri, 14 Mar 2003 09:43:10 +0000 (+0000)
Subject: Call RSA_blinding_on(), as advised in the paper on
X-Git-Tag: release-1.0~102
X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=2fff0a91a7e3e5f44e97255b6dd5807656b255a8

Call RSA_blinding_on(), as advised in the paper on
http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
to offer some resistance against timing attacks.
---

diff --git a/src/net_setup.c b/src/net_setup.c
index acb156cc..0eef4289 100644
--- a/src/net_setup.c
+++ b/src/net_setup.c
@@ -17,7 +17,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-    $Id: net_setup.c,v 1.1.2.28 2003/01/14 12:53:59 guus Exp $
+    $Id: net_setup.c,v 1.1.2.29 2003/03/14 09:43:10 zarq Exp $
 */
 
 #include "config.h"
@@ -85,8 +85,10 @@ int read_rsa_public_key(connection_t *c)
 
 	cp();
 
-	if(!c->rsa_key)
+	if(!c->rsa_key) {
 		c->rsa_key = RSA_new();
+		RSA_blinding_on(c->rsa_key, NULL);
+	}
 
 	/* First, check for simple PublicKey statement */
 
@@ -132,8 +134,10 @@ int read_rsa_public_key(connection_t *c)
 			c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
 			fclose(fp);
 
-			if(c->rsa_key)
+			if(c->rsa_key) {
+				RSA_blinding_on(c->rsa_key, NULL);
 				return 0;
+			}
 
 			syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"),
 				   fname, strerror(errno));
@@ -166,6 +170,7 @@ int read_rsa_public_key(connection_t *c)
 
 	if(fp) {
 		c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
+		RSA_blinding_on(c->rsa_key, NULL);
 		fclose(fp);
 	}
 
@@ -188,6 +193,7 @@ int read_rsa_private_key(void)
 
 	if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
 		myself->connection->rsa_key = RSA_new();
+		RSA_blinding_on(myself->connection->rsa_key, NULL);
 		BN_hex2bn(&myself->connection->rsa_key->d, key);
 		BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
 		free(key);