From ed33d3b4d229b0e815f43d8a3192047ef161dcd7 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 15 Mar 2003 11:36:18 +1100
Subject: [PATCH]  - (djm) OpenBSD CVS Sync    - markus@cvs.openbsd.org
 2003/03/13 11:42:19      [authfile.c ssh-keysign.c]      move RSA_blinding_on
 to generic key load method

---
 ChangeLog     |  8 +++++++-
 authfile.c    | 13 ++++++++++++-
 ssh-keysign.c |  9 +--------
 3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7ba6470c1..961f12c7e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20030315
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/03/13 11:42:19
+     [authfile.c ssh-keysign.c]
+     move RSA_blinding_on to generic key load method
+
 20030310
 - (djm) OpenBSD CVS Sync
    - markus@cvs.openbsd.org 2003/03/05 22:33:43
@@ -1203,4 +1209,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2627 2003/03/12 22:42:51 djm Exp $
+$Id: ChangeLog,v 1.2628 2003/03/15 00:36:18 djm Exp $
diff --git a/authfile.c b/authfile.c
index 24ae6abd3..90618efde 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.51 2002/11/15 10:03:09 fgsch Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -421,6 +421,12 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
 	rsa_generate_additional_parameters(prv->rsa);
 
 	buffer_free(&decrypted);
+
+	/* enable blinding */
+	if (RSA_blinding_on(prv->rsa, NULL) != 1) {
+		error("key_load_private_rsa1: RSA_blinding_on failed");
+		goto fail;
+	}
 	close(fd);
 	return prv;
 
@@ -460,6 +466,11 @@ key_load_private_pem(int fd, int type, const char *passphrase,
 #ifdef DEBUG_PK
 		RSA_print_fp(stderr, prv->rsa, 8);
 #endif
+		if (RSA_blinding_on(prv->rsa, NULL) != 1) {
+			error("key_load_private_pem: RSA_blinding_on failed");
+			key_free(prv);
+			prv = NULL;
+		}
 	} else if (pk->type == EVP_PKEY_DSA &&
 	    (type == KEY_UNSPEC||type==KEY_DSA)) {
 		prv = key_new(KEY_UNSPEC);
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 46028ae51..26c8faad2 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.9 2002/12/19 00:07:02 djm Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.10 2003/03/13 11:42:19 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -192,13 +192,6 @@ main(int argc, char **argv)
 		keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
 		    NULL, NULL);
 		close(key_fd[i]);
-		if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
-			if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
-				error("RSA_blinding_on failed");
-				key_free(keys[i]);
-				keys[i] = NULL;
-			}
-		}
 		if (keys[i] != NULL)
 			found = 1;
 	}