merge of 197e1bd25c1741218fbe0d73a1e37d4082054216

and 4dc12a3e22d2e0c63f65a9d48b07b37db7567899 --HG-- extra : convert_revision : dda1c40ce86d3ab6f27279669a5174c945eb7eed
2025-02-07 13:21:15 +00:00 · 2005-07-08 13:19:20 +00:00 · 2005-07-08 13:19:20 +00:00 · 215a369c2b
commit 215a369c2b
parent fb1fd7f6f4 8f75480ebc
2 changed files with 5 additions and 1 deletions
--- a/options.h
+++ b/options.h
@ -90,6 +90,11 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define DROPBEAR_RSA
 #define DROPBEAR_DSS

+/* RSA can be vulnerable to timing attacks which use the time required for
+ * signing to guess the private key. Blinding avoids this attack, though makes
+ * signing operations slightly slower. */
+#define RSA_BLINDING
+
 /* Define DSS_PROTOK to use PuTTY's method of generating the value k for dss,
 * rather than just from the random byte source. Undefining this will save you
 * ~4k in binary size with static uclibc, but your DSS hostkey could be exposed
--- a/rsa.c
+++ b/rsa.c
@ -275,7 +275,6 @@ void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data,

 	/* the actual signing of the padded data */

-#define RSA_BLINDING
 #ifdef RSA_BLINDING

 	/* With blinding, s = (r^(-1))((em)*r^e)^d mod n */