commit 43f9799ce61c6392a014d0a2ea136b4b3a9ee194
author Paul Bakker <p.j.bakker@polarssl.org> Mon Sep 23 11:23:31 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Mon Sep 23 11:23:31 2013 +0200
tree df3b646b6c35db528d1902e4de451699ab6e6ef6
parent 88a2264def143fc9d5b8705bb6aec188ec61061f

RSA blinding on CRT operations to counter timing attacks

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index 4b4be66..2aa0499 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3234,7 +3234,7 @@
 
         x509_hash( crl_list->tbs.p, crl_list->tbs.len, hash_id, hash );
 
-        if( !rsa_pkcs1_verify( &ca->rsa, RSA_PUBLIC, hash_id,
+        if( !rsa_pkcs1_verify( &ca->rsa, NULL, NULL, RSA_PUBLIC, hash_id,
                               0, hash, crl_list->sig.p ) == 0 )
         {
             /*
@@ -3367,7 +3367,7 @@
 
         x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );
 
-        if( rsa_pkcs1_verify( &trust_ca->rsa, RSA_PUBLIC, hash_id,
+        if( rsa_pkcs1_verify( &trust_ca->rsa, NULL, NULL, RSA_PUBLIC, hash_id,
                     0, hash, child->sig.p ) != 0 )
         {
             trust_ca = trust_ca->next;
@@ -3434,8 +3434,8 @@
 
     x509_hash( child->tbs.p, child->tbs.len, hash_id, hash );
 
-    if( rsa_pkcs1_verify( &parent->rsa, RSA_PUBLIC, hash_id, 0, hash,
-                           child->sig.p ) != 0 )
+    if( rsa_pkcs1_verify( &parent->rsa, NULL, NULL, RSA_PUBLIC, hash_id, 0,
+                           hash, child->sig.p ) != 0 )
         *flags |= BADCERT_NOT_TRUSTED;
         
     /* Check trusted CA's CRL for the given crt */