/*
- * Copyright (C) 2005-2009 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2005-2010 Andre Noll <maan@systemlinux.org>
*
* Licensed under the GPL v2. For licencing details see COPYING.
*/
srandom(seed);
}
+static int check_key_file(const char *file, int private)
+{
+ struct stat st;
+
+ if (stat(file, &st) != 0)
+ return -ERRNO_TO_PARA_ERROR(errno);
+ if (private != LOAD_PRIVATE_KEY)
+ return 0;
+ if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0)
+ return -E_KEY_PERM;
+ return 1;
+}
+
static EVP_PKEY *load_key(const char *file, int private)
{
BIO *key;
EVP_PKEY *pkey = NULL;
+ int ret = check_key_file(file, private);
+ if (ret < 0) {
+ PARA_ERROR_LOG("%s\n", para_strerror(-ret));
+ return NULL;
+ }
key = BIO_new(BIO_s_file());
if (!key)
return NULL;
ret = get_rsa_key(key_file, &rsa, LOAD_PRIVATE_KEY);
if (ret < 0)
return ret;
+ /*
+ * RSA is vulnerable to timing attacks. Generate a random blinding
+ * factor to protect against this kind of attack.
+ */
+ ret = -E_BLINDING;
+ if (RSA_blinding_on(rsa, NULL) == 0)
+ goto out;
ret = RSA_private_decrypt(inlen, inbuf, outbuf, rsa, RSA_PKCS1_OAEP_PADDING);
+ RSA_blinding_off(rsa);
+ if (ret <= 0)
+ ret = -E_DECRYPT;
+out:
rsa_free(rsa);
- return (ret > 0)? ret : -E_DECRYPT;
+ return ret;
}
/**
unsigned char *tmp;
assert(len);
- tmp = para_malloc(len);
+ tmp = para_malloc(len + 8);
RC4(&rc4c->send_key, len, (const unsigned char *)buf, tmp);
ret = write_all(rc4c->fd, (char *)tmp, &len);
free(tmp);