Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src/crypto/dist/ssh Pull up revision 1.3 (requested by itoj...
details: https://anonhg.NetBSD.org/src/rev/6d10db52eeeb
branches: netbsd-1-6
changeset: 528333:6d10db52eeeb
user: lukem <lukem%NetBSD.org@localhost>
date: Wed Jul 03 11:49:17 2002 +0000
description:
Pull up revision 1.3 (requested by itojun in ticket #426):
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
in order to avoid a possible Kocher timing attack pointed out by Charles
Hannum; ok provos@
diffstat:
crypto/dist/ssh/ssh-keysign.c | 17 +++++++++++++++--
1 files changed, 15 insertions(+), 2 deletions(-)
diffs (54 lines):
diff -r e62fde97d8d1 -r 6d10db52eeeb crypto/dist/ssh/ssh-keysign.c
--- a/crypto/dist/ssh/ssh-keysign.c Wed Jul 03 02:31:10 2002 +0000
+++ b/crypto/dist/ssh/ssh-keysign.c Wed Jul 03 11:49:17 2002 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ssh-keysign.c,v 1.1.1.1.2.3 2002/07/02 06:33:50 lukem Exp $ */
+/* $NetBSD: ssh-keysign.c,v 1.1.1.1.2.4 2002/07/03 11:49:17 lukem Exp $ */
/*
* Copyright (c) 2002 Markus Friedl. All rights reserved.
*
@@ -23,9 +23,11 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.5 2002/06/26 22:27:32 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $");
#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
#include "log.h"
#include "key.h"
@@ -135,6 +137,7 @@
u_char *signature, *data;
char *host;
u_int slen, dlen;
+ u_int32_t rnd[256];
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
@@ -154,6 +157,9 @@
pw = pwcopy(pw);
SSLeay_add_all_algorithms();
+ for (i = 0; i < 256; i++)
+ rnd[i] = arc4random();
+ RAND_seed(rnd, sizeof(rnd));
found = 0;
for (i = 0; i < 2; i++) {
@@ -163,6 +169,13 @@
keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
NULL, NULL);
close(key_fd[i]);
+ if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
+ if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
+ error("RSA_blinding_on failed");
+ key_free(keys[i]);
+ keys[i] = NULL;
+ }
+ }
if (keys[i] != NULL)
found = 1;
}
Home |
Main Index |
Thread Index |
Old Index