RSA blinding on CRT operations to counter timing attacks

commit: 43f9799ce61c6392a014d0a2ea136b4b3a9ee194 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Mon Sep 23 11:23:31 2013 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Mon Sep 23 11:23:31 2013 +0200
tree: df3b646b6c35db528d1902e4de451699ab6e6ef6
parent: 88a2264def143fc9d5b8705bb6aec188ec61061f [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 9ba2294..c62c412 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -1376,7 +1376,8 @@
         }
 
         if( ssl->rsa_key ) {
-            ret = ssl->rsa_decrypt( ssl->rsa_key, RSA_PRIVATE,
+            ret = ssl->rsa_decrypt( ssl->rsa_key, ssl->f_rng, ssl->p_rng,
+                                    RSA_PRIVATE,
                                    &ssl->handshake->pmslen,
                                     ssl->in_msg + i,
                                     ssl->handshake->premaster,
@@ -1497,7 +1498,8 @@
         return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY );
     }
 
-    ret = rsa_pkcs1_verify( &ssl->session_negotiate->peer_cert->rsa, RSA_PUBLIC,
+    ret = rsa_pkcs1_verify( &ssl->session_negotiate->peer_cert->rsa, 
+                            NULL, NULL, RSA_PUBLIC,
                             hash_id, hashlen, hash, ssl->in_msg + 6 + n );
     if( ret != 0 )
     {
commit	43f9799ce61c6392a014d0a2ea136b4b3a9ee194	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Mon Sep 23 11:23:31 2013 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Mon Sep 23 11:23:31 2013 +0200
tree	df3b646b6c35db528d1902e4de451699ab6e6ef6
parent	88a2264def143fc9d5b8705bb6aec188ec61061f [diff] [blame]