diff options
Diffstat (limited to 'authfile.c')
-rw-r--r-- | authfile.c | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/authfile.c b/authfile.c index 1fa5d811a..90618efde 100644 --- a/authfile.c +++ b/authfile.c | |||
@@ -36,7 +36,7 @@ | |||
36 | */ | 36 | */ |
37 | 37 | ||
38 | #include "includes.h" | 38 | #include "includes.h" |
39 | RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $"); | 39 | RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $"); |
40 | 40 | ||
41 | #include <openssl/err.h> | 41 | #include <openssl/err.h> |
42 | #include <openssl/evp.h> | 42 | #include <openssl/evp.h> |
@@ -232,12 +232,17 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp) | |||
232 | { | 232 | { |
233 | Buffer buffer; | 233 | Buffer buffer; |
234 | Key *pub; | 234 | Key *pub; |
235 | struct stat st; | ||
235 | char *cp; | 236 | char *cp; |
236 | int i; | 237 | int i; |
237 | off_t len; | 238 | off_t len; |
238 | 239 | ||
239 | len = lseek(fd, (off_t) 0, SEEK_END); | 240 | if (fstat(fd, &st) < 0) { |
240 | lseek(fd, (off_t) 0, SEEK_SET); | 241 | error("fstat for key file %.200s failed: %.100s", |
242 | filename, strerror(errno)); | ||
243 | return NULL; | ||
244 | } | ||
245 | len = st.st_size; | ||
241 | 246 | ||
242 | buffer_init(&buffer); | 247 | buffer_init(&buffer); |
243 | cp = buffer_append_space(&buffer, len); | 248 | cp = buffer_append_space(&buffer, len); |
@@ -318,9 +323,15 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, | |||
318 | CipherContext ciphercontext; | 323 | CipherContext ciphercontext; |
319 | Cipher *cipher; | 324 | Cipher *cipher; |
320 | Key *prv = NULL; | 325 | Key *prv = NULL; |
326 | struct stat st; | ||
321 | 327 | ||
322 | len = lseek(fd, (off_t) 0, SEEK_END); | 328 | if (fstat(fd, &st) < 0) { |
323 | lseek(fd, (off_t) 0, SEEK_SET); | 329 | error("fstat for key file %.200s failed: %.100s", |
330 | filename, strerror(errno)); | ||
331 | close(fd); | ||
332 | return NULL; | ||
333 | } | ||
334 | len = st.st_size; | ||
324 | 335 | ||
325 | buffer_init(&buffer); | 336 | buffer_init(&buffer); |
326 | cp = buffer_append_space(&buffer, len); | 337 | cp = buffer_append_space(&buffer, len); |
@@ -410,6 +421,12 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase, | |||
410 | rsa_generate_additional_parameters(prv->rsa); | 421 | rsa_generate_additional_parameters(prv->rsa); |
411 | 422 | ||
412 | buffer_free(&decrypted); | 423 | buffer_free(&decrypted); |
424 | |||
425 | /* enable blinding */ | ||
426 | if (RSA_blinding_on(prv->rsa, NULL) != 1) { | ||
427 | error("key_load_private_rsa1: RSA_blinding_on failed"); | ||
428 | goto fail; | ||
429 | } | ||
413 | close(fd); | 430 | close(fd); |
414 | return prv; | 431 | return prv; |
415 | 432 | ||
@@ -449,6 +466,11 @@ key_load_private_pem(int fd, int type, const char *passphrase, | |||
449 | #ifdef DEBUG_PK | 466 | #ifdef DEBUG_PK |
450 | RSA_print_fp(stderr, prv->rsa, 8); | 467 | RSA_print_fp(stderr, prv->rsa, 8); |
451 | #endif | 468 | #endif |
469 | if (RSA_blinding_on(prv->rsa, NULL) != 1) { | ||
470 | error("key_load_private_pem: RSA_blinding_on failed"); | ||
471 | key_free(prv); | ||
472 | prv = NULL; | ||
473 | } | ||
452 | } else if (pk->type == EVP_PKEY_DSA && | 474 | } else if (pk->type == EVP_PKEY_DSA && |
453 | (type == KEY_UNSPEC||type==KEY_DSA)) { | 475 | (type == KEY_UNSPEC||type==KEY_DSA)) { |
454 | prv = key_new(KEY_UNSPEC); | 476 | prv = key_new(KEY_UNSPEC); |