From: Andre Noll <maan@systemlinux.org>
Date: Sat, 5 Sep 2009 11:16:53 +0000 (+0200)
Subject: Use RSA key blinding to protect against timing attacks.
X-Git-Tag: v0.4.0~29
X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=153bf6c6f74b8c951a8b2a13b0224f460148531e;hp=2a31b78a03eeec52eb8e7d8d4d43e5f9d4315df2

Use RSA key blinding to protect against timing attacks.

Not that it matters much, but it doesn't hurt either.
---

diff --git a/audiod.c b/audiod.c
index 0479e1e1..e0a455d2 100644
--- a/audiod.c
+++ b/audiod.c
@@ -1203,6 +1203,7 @@ int main(int argc, char *argv[])
 	drop_privileges_or_die(conf.user_arg, conf.group_arg);
 	parse_config_or_die();
 	init_colors_or_die();
+	init_random_seed_or_die();
 	daemon_set_flag(DF_LOG_TIME);
 	daemon_set_flag(DF_LOG_HOSTNAME);
 	daemon_set_flag(DF_LOG_LL);
diff --git a/client.c b/client.c
index b7c1644c..ebe33898 100644
--- a/client.c
+++ b/client.c
@@ -82,6 +82,7 @@ int main(int argc, char *argv[])
 	int ret;
 	static struct sched s;
 
+	init_random_seed_or_die();
 	s.default_timeout.tv_sec = 1;
 	s.default_timeout.tv_usec = 0;
 	ret = client_open(argc, argv, &ct, &client_loglevel);
diff --git a/crypt.c b/crypt.c
index 352c5b8d..1172ddc3 100644
--- a/crypt.c
+++ b/crypt.c
@@ -146,9 +146,20 @@ int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *in
 	ret = get_rsa_key(key_file, &rsa, LOAD_PRIVATE_KEY);
 	if (ret < 0)
 		return ret;
+	/*
+	 * RSA is vulnerable to timing attacks. Generate a random blinding
+	 * factor to protect against this kind of attack.
+	 */
+	ret = -E_BLINDING;
+	if (RSA_blinding_on(rsa, NULL) == 0)
+		goto out;
 	ret = RSA_private_decrypt(inlen, inbuf, outbuf, rsa, RSA_PKCS1_OAEP_PADDING);
+	RSA_blinding_off(rsa);
+	if (ret <= 0)
+		ret = -E_DECRYPT;
+out:
 	rsa_free(rsa);
-	return (ret > 0)? ret : -E_DECRYPT;
+	return ret;
 }
 
 /**
diff --git a/error.h b/error.h
index 7416be57..4639cf78 100644
--- a/error.h
+++ b/error.h
@@ -323,6 +323,7 @@ extern const char **para_errlist[];
 	PARA_ERROR(ENCRYPT, "encrypt error"), \
 	PARA_ERROR(DECRYPT, "decrypt error"), \
 	PARA_ERROR(CHALLENGE, "failed to read challenge"), \
+	PARA_ERROR(BLINDING, "failed to activate key blinding"), \
 
 
 #define COMMAND_ERRORS \