summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog8
-rw-r--r--authfile.c13
-rw-r--r--ssh-keysign.c9
3 files changed, 20 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 7ba6470c1..961f12c7e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
120030315
2 - (djm) OpenBSD CVS Sync
3 - markus@cvs.openbsd.org 2003/03/13 11:42:19
4 [authfile.c ssh-keysign.c]
5 move RSA_blinding_on to generic key load method
6
120030310 720030310
2- (djm) OpenBSD CVS Sync 8- (djm) OpenBSD CVS Sync
3 - markus@cvs.openbsd.org 2003/03/05 22:33:43 9 - markus@cvs.openbsd.org 2003/03/05 22:33:43
@@ -1203,4 +1209,4 @@
1203 save auth method before monitor_reset_key_state(); bugzilla bug #284; 1209 save auth method before monitor_reset_key_state(); bugzilla bug #284;
1204 ok provos@ 1210 ok provos@
1205 1211
1206$Id: ChangeLog,v 1.2627 2003/03/12 22:42:51 djm Exp $ 1212$Id: ChangeLog,v 1.2628 2003/03/15 00:36:18 djm Exp $
diff --git a/authfile.c b/authfile.c
index 24ae6abd3..90618efde 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
36 */ 36 */
37 37
38#include "includes.h" 38#include "includes.h"
39RCSID("$OpenBSD: authfile.c,v 1.51 2002/11/15 10:03:09 fgsch Exp $"); 39RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $");
40 40
41#include <openssl/err.h> 41#include <openssl/err.h>
42#include <openssl/evp.h> 42#include <openssl/evp.h>
@@ -421,6 +421,12 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
421 rsa_generate_additional_parameters(prv->rsa); 421 rsa_generate_additional_parameters(prv->rsa);
422 422
423 buffer_free(&decrypted); 423 buffer_free(&decrypted);
424
425 /* enable blinding */
426 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
427 error("key_load_private_rsa1: RSA_blinding_on failed");
428 goto fail;
429 }
424 close(fd); 430 close(fd);
425 return prv; 431 return prv;
426 432
@@ -460,6 +466,11 @@ key_load_private_pem(int fd, int type, const char *passphrase,
460#ifdef DEBUG_PK 466#ifdef DEBUG_PK
461 RSA_print_fp(stderr, prv->rsa, 8); 467 RSA_print_fp(stderr, prv->rsa, 8);
462#endif 468#endif
469 if (RSA_blinding_on(prv->rsa, NULL) != 1) {
470 error("key_load_private_pem: RSA_blinding_on failed");
471 key_free(prv);
472 prv = NULL;
473 }
463 } else if (pk->type == EVP_PKEY_DSA && 474 } else if (pk->type == EVP_PKEY_DSA &&
464 (type == KEY_UNSPEC||type==KEY_DSA)) { 475 (type == KEY_UNSPEC||type==KEY_DSA)) {
465 prv = key_new(KEY_UNSPEC); 476 prv = key_new(KEY_UNSPEC);
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 46028ae51..26c8faad2 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 22 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23 */ 23 */
24#include "includes.h" 24#include "includes.h"
25RCSID("$OpenBSD: ssh-keysign.c,v 1.9 2002/12/19 00:07:02 djm Exp $"); 25RCSID("$OpenBSD: ssh-keysign.c,v 1.10 2003/03/13 11:42:19 markus Exp $");
26 26
27#include <openssl/evp.h> 27#include <openssl/evp.h>
28#include <openssl/rand.h> 28#include <openssl/rand.h>
@@ -192,13 +192,6 @@ main(int argc, char **argv)
192 keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, 192 keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
193 NULL, NULL); 193 NULL, NULL);
194 close(key_fd[i]); 194 close(key_fd[i]);
195 if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
196 if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
197 error("RSA_blinding_on failed");
198 key_free(keys[i]);
199 keys[i] = NULL;
200 }
201 }
202 if (keys[i] != NULL) 195 if (keys[i] != NULL)
203 found = 1; 196 found = 1;
204 } 197 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 21:14:51 +0000