Use side-channel secured mpz_powm_sec of libgmp 5, if available

diff --git a/configure.in b/configure.in
index be76ae8..5bf9954 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -41,6 +41,7 @@ ARG_WITH_SUBST([routing-table],      [220], [set routing table to use for IPsec
 ARG_WITH_SUBST([routing-table-prio], [220], [set priority for IPsec routing table])
 
 ARG_WITH_SET([capabilities],         [no], [set capability dropping library. Currently only the value "libcap" is supported])
+ARG_WITH_SET([mpz_powm_sec],         [yes], [use the more side-channel resistant mpz_powm_sec in libgmp, if available])
 
 AC_ARG_WITH(
        [xauth-module],
@@ -432,7 +433,21 @@ if test x$vstr = xtrue; then
 fi
 
 if test x$gmp = xtrue; then
-       AC_HAVE_LIBRARY([gmp],[LIBS="$LIBS"],[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])
+       saved_LIBS=$LIBS
+       AC_HAVE_LIBRARY([gmp],,[AC_MSG_ERROR([GNU Multi Precision library gmp not found])])
+       AC_MSG_CHECKING([mpz_powm_sec])
+       if test x$mpz_powm_sec = xyes; then
+               AC_TRY_COMPILE(
+                       [#include "gmp.h"],
+                       [
+                               void *x = mpz_powm_sec;
+                       ],
+                       [AC_MSG_RESULT([yes]); AC_DEFINE(HAVE_MPZ_POWM_SEC)], [AC_MSG_RESULT([no])]
+               )
+       else
+               AC_MSG_RESULT([disabled])
+       fi
+       LIBS=$saved_LIBS
        AC_MSG_CHECKING([gmp.h version >= 4.1.4])
        AC_TRY_COMPILE(
                [#include "gmp.h"],

diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index ea7e6fd..862386e 100644 (file)
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -22,6 +22,10 @@
 
 #include <debug.h>
 
+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
 
 /**
  * Modulus of Group 1 (MODP_768_BIT).

diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index 1829bd4..c58097f 100644 (file)
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -27,6 +27,11 @@
 #include <asn1/asn1.h>
 #include <asn1/asn1_parser.h>
 
+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
+
 /**
  *  Public exponent to use for key generation.
  */

diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 5fea691..d207671 100644 (file)
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -28,6 +28,11 @@
 #include <asn1/asn1_parser.h>
 #include <crypto/hashers/hasher.h>
 
+#ifdef HAVE_MPZ_POWM_SEC
+# undef mpz_powm
+# define mpz_powm mpz_powm_sec
+#endif
+
 typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t;
 
 /**