From 8f75480ebc3578529a55a717577100ea7ce8bf47 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Fri, 8 Jul 2005 13:19:10 +0000 Subject: [PATCH] * move RSA_BLINDING to options.h --HG-- extra : convert_revision : e3f32a86aafc1d806b2bee9405020368f9706d85 --- options.h | 5 +++++ rsa.c | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/options.h b/options.h index d75ee09..7fa2ea0 100644 --- a/options.h +++ b/options.h @@ -90,6 +90,11 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define DROPBEAR_RSA #define DROPBEAR_DSS +/* RSA can be vulnerable to timing attacks which use the time required for + * signing to guess the private key. Blinding avoids this attack, though makes + * signing operations slightly slower. */ +#define RSA_BLINDING + /* Define DSS_PROTOK to use PuTTY's method of generating the value k for dss, * rather than just from the random byte source. Undefining this will save you * ~4k in binary size with static uclibc, but your DSS hostkey could be exposed diff --git a/rsa.c b/rsa.c index f86fdd9..7248bed 100644 --- a/rsa.c +++ b/rsa.c @@ -275,7 +275,6 @@ void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data, /* the actual signing of the padded data */ -#define RSA_BLINDING #ifdef RSA_BLINDING /* With blinding, s = (r^(-1))((em)*r^e)^d mod n */