summaryrefslogtreecommitdiffstats
path: root/ssh-keysign.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-07-04 02:17:33 +0200
committerBen Lindstrom <mouring@eviladmin.org>2002-07-04 02:17:33 +0200
commit43ce2c86a89a512e3c9361b40155db8bbef3f441 (patch)
treeebbfbba5ed85155906c280a230943ccb306e8c48 /ssh-keysign.c
parent - markus@cvs.openbsd.org 2002/07/01 19:48:46 (diff)
downloadopenssh-43ce2c86a89a512e3c9361b40155db8bbef3f441.tar.xz
openssh-43ce2c86a89a512e3c9361b40155db8bbef3f441.zip
- markus@cvs.openbsd.org 2002/07/03 09:55:38
[ssh-keysign.c] use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@
Diffstat (limited to '')
-rw-r--r--ssh-keysign.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 6a435684b..bed2b9874 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -22,9 +22,11 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.5 2002/06/26 22:27:32 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $");
#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
#include "log.h"
#include "key.h"
@@ -140,6 +142,7 @@ main(int argc, char **argv)
u_char *signature, *data;
char *host;
u_int slen, dlen;
+ u_int32_t rnd[256];
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
@@ -163,6 +166,9 @@ main(int argc, char **argv)
pw = pwcopy(pw);
SSLeay_add_all_algorithms();
+ for (i = 0; i < 256; i++)
+ rnd[i] = arc4random();
+ RAND_seed(rnd, sizeof(rnd));
found = 0;
for (i = 0; i < 2; i++) {
@@ -172,6 +178,13 @@ main(int argc, char **argv)
keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
NULL, NULL);
close(key_fd[i]);
+ if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
+ if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
+ error("RSA_blinding_on failed");
+ key_free(keys[i]);
+ keys[i] = NULL;
+ }
+ }
if (keys[i] != NULL)
found = 1;
}