- (djm) OpenBSD CVS Sync

- markus@cvs.openbsd.org 2003/03/13 11:42:19
     [authfile.c ssh-keysign.c]
     move RSA_blinding_on to generic key load method
This commit is contained in:
Damien Miller 2003-03-15 11:36:18 +11:00
parent c1365e19b0
commit ed33d3b4d2
3 changed files with 20 additions and 10 deletions

View File

@ -1,3 +1,9 @@
20030315
- (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/13 11:42:19
[authfile.c ssh-keysign.c]
move RSA_blinding_on to generic key load method
20030310 20030310
- (djm) OpenBSD CVS Sync - (djm) OpenBSD CVS Sync
- markus@cvs.openbsd.org 2003/03/05 22:33:43 - markus@cvs.openbsd.org 2003/03/05 22:33:43
@ -1203,4 +1209,4 @@
save auth method before monitor_reset_key_state(); bugzilla bug #284; save auth method before monitor_reset_key_state(); bugzilla bug #284;
ok provos@ ok provos@
$Id: ChangeLog,v 1.2627 2003/03/12 22:42:51 djm Exp $ $Id: ChangeLog,v 1.2628 2003/03/15 00:36:18 djm Exp $

View File

@ -36,7 +36,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: authfile.c,v 1.51 2002/11/15 10:03:09 fgsch Exp $"); RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $");
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/evp.h> #include <openssl/evp.h>
@ -421,6 +421,12 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
rsa_generate_additional_parameters(prv->rsa); rsa_generate_additional_parameters(prv->rsa);
buffer_free(&decrypted); buffer_free(&decrypted);
/* enable blinding */
if (RSA_blinding_on(prv->rsa, NULL) != 1) {
error("key_load_private_rsa1: RSA_blinding_on failed");
goto fail;
}
close(fd); close(fd);
return prv; return prv;
@ -460,6 +466,11 @@ key_load_private_pem(int fd, int type, const char *passphrase,
#ifdef DEBUG_PK #ifdef DEBUG_PK
RSA_print_fp(stderr, prv->rsa, 8); RSA_print_fp(stderr, prv->rsa, 8);
#endif #endif
if (RSA_blinding_on(prv->rsa, NULL) != 1) {
error("key_load_private_pem: RSA_blinding_on failed");
key_free(prv);
prv = NULL;
}
} else if (pk->type == EVP_PKEY_DSA && } else if (pk->type == EVP_PKEY_DSA &&
(type == KEY_UNSPEC||type==KEY_DSA)) { (type == KEY_UNSPEC||type==KEY_DSA)) {
prv = key_new(KEY_UNSPEC); prv = key_new(KEY_UNSPEC);

View File

@ -22,7 +22,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: ssh-keysign.c,v 1.9 2002/12/19 00:07:02 djm Exp $"); RCSID("$OpenBSD: ssh-keysign.c,v 1.10 2003/03/13 11:42:19 markus Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/rand.h> #include <openssl/rand.h>
@ -192,13 +192,6 @@ main(int argc, char **argv)
keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
NULL, NULL); NULL, NULL);
close(key_fd[i]); close(key_fd[i]);
if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
error("RSA_blinding_on failed");
key_free(keys[i]);
keys[i] = NULL;
}
}
if (keys[i] != NULL) if (keys[i] != NULL)
found = 1; found = 1;
} }