diff options
Diffstat (limited to 'ssh-keysign.c')
-rw-r--r-- | ssh-keysign.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c index 6a435684b..bed2b9874 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c | |||
@@ -22,9 +22,11 @@ | |||
22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 22 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
23 | */ | 23 | */ |
24 | #include "includes.h" | 24 | #include "includes.h" |
25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.5 2002/06/26 22:27:32 markus Exp $"); | 25 | RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $"); |
26 | 26 | ||
27 | #include <openssl/evp.h> | 27 | #include <openssl/evp.h> |
28 | #include <openssl/rand.h> | ||
29 | #include <openssl/rsa.h> | ||
28 | 30 | ||
29 | #include "log.h" | 31 | #include "log.h" |
30 | #include "key.h" | 32 | #include "key.h" |
@@ -140,6 +142,7 @@ main(int argc, char **argv) | |||
140 | u_char *signature, *data; | 142 | u_char *signature, *data; |
141 | char *host; | 143 | char *host; |
142 | u_int slen, dlen; | 144 | u_int slen, dlen; |
145 | u_int32_t rnd[256]; | ||
143 | 146 | ||
144 | key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | 147 | key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
145 | key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); | 148 | key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
@@ -163,6 +166,9 @@ main(int argc, char **argv) | |||
163 | pw = pwcopy(pw); | 166 | pw = pwcopy(pw); |
164 | 167 | ||
165 | SSLeay_add_all_algorithms(); | 168 | SSLeay_add_all_algorithms(); |
169 | for (i = 0; i < 256; i++) | ||
170 | rnd[i] = arc4random(); | ||
171 | RAND_seed(rnd, sizeof(rnd)); | ||
166 | 172 | ||
167 | found = 0; | 173 | found = 0; |
168 | for (i = 0; i < 2; i++) { | 174 | for (i = 0; i < 2; i++) { |
@@ -172,6 +178,13 @@ main(int argc, char **argv) | |||
172 | keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, | 178 | keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, |
173 | NULL, NULL); | 179 | NULL, NULL); |
174 | close(key_fd[i]); | 180 | close(key_fd[i]); |
181 | if (keys[i] != NULL && keys[i]->type == KEY_RSA) { | ||
182 | if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) { | ||
183 | error("RSA_blinding_on failed"); | ||
184 | key_free(keys[i]); | ||
185 | keys[i] = NULL; | ||
186 | } | ||
187 | } | ||
175 | if (keys[i] != NULL) | 188 | if (keys[i] != NULL) |
176 | found = 1; | 189 | found = 1; |
177 | } | 190 | } |