diff --git a/ChangeLog b/ChangeLog index 7ba6470c1..961f12c7e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20030315 + - (djm) OpenBSD CVS Sync + - markus@cvs.openbsd.org 2003/03/13 11:42:19 + [authfile.c ssh-keysign.c] + move RSA_blinding_on to generic key load method + 20030310 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/03/05 22:33:43 @@ -1203,4 +1209,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2627 2003/03/12 22:42:51 djm Exp $ +$Id: ChangeLog,v 1.2628 2003/03/15 00:36:18 djm Exp $ diff --git a/authfile.c b/authfile.c index 24ae6abd3..90618efde 100644 --- a/authfile.c +++ b/authfile.c @@ -36,7 +36,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.51 2002/11/15 10:03:09 fgsch Exp $"); +RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $"); #include #include @@ -421,6 +421,12 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, rsa_generate_additional_parameters(prv->rsa); buffer_free(&decrypted); + + /* enable blinding */ + if (RSA_blinding_on(prv->rsa, NULL) != 1) { + error("key_load_private_rsa1: RSA_blinding_on failed"); + goto fail; + } close(fd); return prv; @@ -460,6 +466,11 @@ key_load_private_pem(int fd, int type, const char *passphrase, #ifdef DEBUG_PK RSA_print_fp(stderr, prv->rsa, 8); #endif + if (RSA_blinding_on(prv->rsa, NULL) != 1) { + error("key_load_private_pem: RSA_blinding_on failed"); + key_free(prv); + prv = NULL; + } } else if (pk->type == EVP_PKEY_DSA && (type == KEY_UNSPEC||type==KEY_DSA)) { prv = key_new(KEY_UNSPEC); diff --git a/ssh-keysign.c b/ssh-keysign.c index 46028ae51..26c8faad2 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.9 2002/12/19 00:07:02 djm Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.10 2003/03/13 11:42:19 markus Exp $"); #include #include @@ -192,13 +192,6 @@ main(int argc, char **argv) keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, NULL, NULL); close(key_fd[i]); - if (keys[i] != NULL && keys[i]->type == KEY_RSA) { - if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) { - error("RSA_blinding_on failed"); - key_free(keys[i]); - keys[i] = NULL; - } - } if (keys[i] != NULL) found = 1; }