diff options
| author | Martin Willi <martin@strongswan.org> | 2010-02-18 17:38:59 +0100 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2010-02-18 17:38:59 +0100 |
| commit | 3e35a6e7a1b01f53f75c6020184845c3129db1ac (patch) | |
| tree | a7920a1d9013934b0fe3a9c1bda4b0bb31cacc0c | |
| parent | 7d3a830a71001f24fc25a194df4aab257817dca9 (diff) | |
| download | strongswan-3e35a6e7a1b01f53f75c6020184845c3129db1ac.tar.bz2 strongswan-3e35a6e7a1b01f53f75c6020184845c3129db1ac.tar.xz | |
Use side-channel secured mpz_powm_sec of libgmp 5, if available
| -rw-r--r-- | configure.in | 17 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 4 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c | 5 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 5 |
4 files changed, 30 insertions, 1 deletions
diff --git a/configure.in b/configure.in index be76ae851..5bf99545f 100644 --- a/configure.in +++ b/configure.in @@ -41,6 +41,7 @@ ARG_WITH_SUBST([routing-table], [220], [set routing table to use for IPsec ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table]) ARG_WITH_SET([capabilities], [no], [set capability dropping library. Currently only the value "libcap" is supported]) +ARG_WITH_SET([mpz_powm_sec], [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available]) AC_ARG_WITH( [xauth-module], @@ -432,7 +433,21 @@ if test x$vstr = xtrue; then fi if test x$gmp = xtrue; then - AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])]) + saved_LIBS=$LIBS + AC_HAVE_LIBRARY([gmp],,[AC_MSG_ERROR([GNU Multi Precision library gmp not found])]) + AC_MSG_CHECKING([mpz_powm_sec]) + if test x$mpz_powm_sec = xyes; then + AC_TRY_COMPILE( + [#include "gmp.h"], + [ + void *x = mpz_powm_sec; + ], + [AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_MPZ_POWM_SEC)], [AC_MSG_RESULT([no])] + ) + else + AC_MSG_RESULT([disabled]) + fi + LIBS=$saved_LIBS AC_MSG_CHECKING([gmp.h version >= 4.1.4]) AC_TRY_COMPILE( [#include "gmp.h"], diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c index ea7e6fdd2..862386e95 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c @@ -22,6 +22,10 @@ #include <debug.h> +#ifdef HAVE_MPZ_POWM_SEC +# undef mpz_powm +# define mpz_powm mpz_powm_sec +#endif /** * Modulus of Group 1 (MODP_768_BIT). diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 1829bd459..c58097f88 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -27,6 +27,11 @@ #include <asn1/asn1.h> #include <asn1/asn1_parser.h> +#ifdef HAVE_MPZ_POWM_SEC +# undef mpz_powm +# define mpz_powm mpz_powm_sec +#endif + /** * Public exponent to use for key generation. */ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 5fea69131..d20767177 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -28,6 +28,11 @@ #include <asn1/asn1_parser.h> #include <crypto/hashers/hasher.h> +#ifdef HAVE_MPZ_POWM_SEC +# undef mpz_powm +# define mpz_powm mpz_powm_sec +#endif + typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t; /** |