diff options
| author | Hakan Olsson <ho@cvs.openbsd.org> | 2003-03-14 09:28:15 +0000 |
|---|---|---|
| committer | Hakan Olsson <ho@cvs.openbsd.org> | 2003-03-14 09:28:15 +0000 |
| commit | 97f32e67494eb654811699db0c48a1763d4c9edf (patch) | |
| tree | bffe8af21e77869a44a6c6c2ef19dfdcc6165f2a | |
| parent | 4bde3eb8d3b612d700f3df8da15d48aa1ae4a32f (diff) | |
Add RSA blinding for private keys. markus@ ok.
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c index c09c8e33358..e30c6d9fa5e 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_engine_init.c,v 1.20 2002/10/07 20:23:06 henning Exp $ */ +/* $OpenBSD: ssl_engine_init.c,v 1.21 2003/03/14 09:28:14 ho Exp $ */ /* _ _ ** _ __ ___ ___ __| | ___ ___| | mod_ssl @@ -478,6 +478,10 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, pool *p) ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 512 bit RSA private key"); ssl_die(); } + if (RSA_blinding_on ((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA512], NULL) != 1) { + ssl_log(s, SSL_LOG_ERROR, "Init: Failed to add blinding for temporary 512 bit RSA private key"); + ssl_die(); + } } /* allocate 1024 bit RSA key */ @@ -492,6 +496,10 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, pool *p) ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 1024 bit RSA private key"); ssl_die(); } + if (RSA_blinding_on ((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024], NULL) != 1) { + ssl_log(s, SSL_LOG_ERROR, "Init: Failed to add blinding for temporary 1024 bit RSA private key"); + ssl_die(); + } } ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary DH parameters (512/1024 bits)"); @@ -824,6 +832,12 @@ void ssl_init_ConfigureServer(server_rec *s, pool *p, SSLSrvConfigRec *sc) cpVHostID); ssl_die(); } + if (RSA_blinding_on (sc->pPrivateKey[SSL_AIDX_RSA]->pkey.rsa, NULL) != 1) { + ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, + "Init: (%s) Unable to add blinding for RSA server private key", + cpVHostID); + ssl_die(); + } if (SSL_CTX_use_PrivateKey(ctx, sc->pPrivateKey[SSL_AIDX_RSA]) <= 0) { ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR, "Init: (%s) Unable to configure RSA server private key", |