1*2175Sjp161948=pod 2*2175Sjp161948 3*2175Sjp161948=head1 NAME 4*2175Sjp161948 5*2175Sjp161948RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks 6*2175Sjp161948 7*2175Sjp161948=head1 SYNOPSIS 8*2175Sjp161948 9*2175Sjp161948 #include <openssl/rsa.h> 10*2175Sjp161948 11*2175Sjp161948 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); 12*2175Sjp161948 13*2175Sjp161948 void RSA_blinding_off(RSA *rsa); 14*2175Sjp161948 15*2175Sjp161948=head1 DESCRIPTION 16*2175Sjp161948 17*2175Sjp161948RSA is vulnerable to timing attacks. In a setup where attackers can 18*2175Sjp161948measure the time of RSA decryption or signature operations, blinding 19*2175Sjp161948must be used to protect the RSA operation from that attack. 20*2175Sjp161948 21*2175Sjp161948RSA_blinding_on() turns blinding on for key B<rsa> and generates a 22*2175Sjp161948random blinding factor. B<ctx> is B<NULL> or a pre-allocated and 23*2175Sjp161948initialized B<BN_CTX>. The random number generator must be seeded 24*2175Sjp161948prior to calling RSA_blinding_on(). 25*2175Sjp161948 26*2175Sjp161948RSA_blinding_off() turns blinding off and frees the memory used for 27*2175Sjp161948the blinding factor. 28*2175Sjp161948 29*2175Sjp161948=head1 RETURN VALUES 30*2175Sjp161948 31*2175Sjp161948RSA_blinding_on() returns 1 on success, and 0 if an error occurred. 32*2175Sjp161948 33*2175Sjp161948RSA_blinding_off() returns no value. 34*2175Sjp161948 35*2175Sjp161948=head1 SEE ALSO 36*2175Sjp161948 37*2175Sjp161948L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)> 38*2175Sjp161948 39*2175Sjp161948=head1 HISTORY 40*2175Sjp161948 41*2175Sjp161948RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0. 42*2175Sjp161948 43*2175Sjp161948=cut 44