# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1120828760 0
# Node ID 29f8b18cf7944e1aed2f213cf1b9ea06263e744f
# Parent  aad4b3f58556e42d9db8f11b6b639343dd115d3a# Parent  ea9277442ef2e4e958b8047c5ec3395018f3166d
merge of 197e1bd25c1741218fbe0d73a1e37d4082054216
     and 4dc12a3e22d2e0c63f65a9d48b07b37db7567899

diff -r aad4b3f58556 -r 29f8b18cf794 options.h
--- a/options.h	Fri Jul 08 11:32:09 2005 +0000
+++ b/options.h	Fri Jul 08 13:19:20 2005 +0000
@@ -90,6 +90,11 @@
 #define DROPBEAR_RSA
 #define DROPBEAR_DSS
 
+/* RSA can be vulnerable to timing attacks which use the time required for
+ * signing to guess the private key. Blinding avoids this attack, though makes
+ * signing operations slightly slower. */
+#define RSA_BLINDING
+
 /* Define DSS_PROTOK to use PuTTY's method of generating the value k for dss,
  * rather than just from the random byte source. Undefining this will save you
  * ~4k in binary size with static uclibc, but your DSS hostkey could be exposed
diff -r aad4b3f58556 -r 29f8b18cf794 rsa.c
--- a/rsa.c	Fri Jul 08 11:32:09 2005 +0000
+++ b/rsa.c	Fri Jul 08 13:19:20 2005 +0000
@@ -275,7 +275,6 @@
 
 	/* the actual signing of the padded data */
 
-#define RSA_BLINDING
 #ifdef RSA_BLINDING
 
 	/* With blinding, s = (r^(-1))((em)*r^e)^d mod n */