From 44adb8fed9214d209eb8d7d47d5adb053c69f190 Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Mon, 23 Dec 2002 02:00:23 +0000
Subject:    - fgsch@cvs.openbsd.org 2002/11/15 10:03:09      [authfile.c]     
 lseek(2) may return -1 when getting the public/private key lenght.     
 Simplify the code and check for errors using fstat(2).

     Problem reported by Mauricio Sanchez, markus@ ok.
---
 authfile.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

(limited to 'authfile.c')

diff --git a/authfile.c b/authfile.c
index 1fa5d811a..24ae6abd3 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.51 2002/11/15 10:03:09 fgsch Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -232,12 +232,17 @@ key_load_public_rsa1(int fd, const char *filename, char **commentp)
 {
 	Buffer buffer;
 	Key *pub;
+	struct stat st;
 	char *cp;
 	int i;
 	off_t len;
 
-	len = lseek(fd, (off_t) 0, SEEK_END);
-	lseek(fd, (off_t) 0, SEEK_SET);
+	if (fstat(fd, &st) < 0) {
+		error("fstat for key file %.200s failed: %.100s",
+		    filename, strerror(errno));
+		return NULL;
+	}
+	len = st.st_size;
 
 	buffer_init(&buffer);
 	cp = buffer_append_space(&buffer, len);
@@ -318,9 +323,15 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
 	CipherContext ciphercontext;
 	Cipher *cipher;
 	Key *prv = NULL;
+	struct stat st;
 
-	len = lseek(fd, (off_t) 0, SEEK_END);
-	lseek(fd, (off_t) 0, SEEK_SET);
+	if (fstat(fd, &st) < 0) {
+		error("fstat for key file %.200s failed: %.100s",
+		    filename, strerror(errno));
+		close(fd);
+		return NULL;
+	}
+	len = st.st_size;
 
 	buffer_init(&buffer);
 	cp = buffer_append_space(&buffer, len);
-- 
cgit v1.2.3


From ed33d3b4d229b0e815f43d8a3192047ef161dcd7 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 15 Mar 2003 11:36:18 +1100
Subject:  - (djm) OpenBSD CVS Sync    - markus@cvs.openbsd.org 2003/03/13
 11:42:19      [authfile.c ssh-keysign.c]      move RSA_blinding_on to generic
 key load method

---
 ChangeLog     |  8 +++++++-
 authfile.c    | 13 ++++++++++++-
 ssh-keysign.c |  9 +--------
 3 files changed, 20 insertions(+), 10 deletions(-)

(limited to 'authfile.c')

diff --git a/ChangeLog b/ChangeLog
index 7ba6470c1..961f12c7e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20030315
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2003/03/13 11:42:19
+     [authfile.c ssh-keysign.c]
+     move RSA_blinding_on to generic key load method
+
 20030310
 - (djm) OpenBSD CVS Sync
    - markus@cvs.openbsd.org 2003/03/05 22:33:43
@@ -1203,4 +1209,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2627 2003/03/12 22:42:51 djm Exp $
+$Id: ChangeLog,v 1.2628 2003/03/15 00:36:18 djm Exp $
diff --git a/authfile.c b/authfile.c
index 24ae6abd3..90618efde 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.51 2002/11/15 10:03:09 fgsch Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.52 2003/03/13 11:42:18 markus Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -421,6 +421,12 @@ key_load_private_rsa1(int fd, const char *filename, const char *passphrase,
 	rsa_generate_additional_parameters(prv->rsa);
 
 	buffer_free(&decrypted);
+
+	/* enable blinding */
+	if (RSA_blinding_on(prv->rsa, NULL) != 1) {
+		error("key_load_private_rsa1: RSA_blinding_on failed");
+		goto fail;
+	}
 	close(fd);
 	return prv;
 
@@ -460,6 +466,11 @@ key_load_private_pem(int fd, int type, const char *passphrase,
 #ifdef DEBUG_PK
 		RSA_print_fp(stderr, prv->rsa, 8);
 #endif
+		if (RSA_blinding_on(prv->rsa, NULL) != 1) {
+			error("key_load_private_pem: RSA_blinding_on failed");
+			key_free(prv);
+			prv = NULL;
+		}
 	} else if (pk->type == EVP_PKEY_DSA &&
 	    (type == KEY_UNSPEC||type==KEY_DSA)) {
 		prv = key_new(KEY_UNSPEC);
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 46028ae51..26c8faad2 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.9 2002/12/19 00:07:02 djm Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.10 2003/03/13 11:42:19 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -192,13 +192,6 @@ main(int argc, char **argv)
 		keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
 		    NULL, NULL);
 		close(key_fd[i]);
-		if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
-			if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
-				error("RSA_blinding_on failed");
-				key_free(keys[i]);
-				keys[i] = NULL;
-			}
-		}
 		if (keys[i] != NULL)
 			found = 1;
 	}
-- 
cgit v1.2.3