diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2002-07-03 09:55:39 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2002-07-03 09:55:39 +0000 |
| commit | 0817a614e6881fafcdb6d01b89d2f8295b231330 (patch) | |
| tree | 4c69b178581d36db67e081d6d43b8fff39cda2f0 /usr.bin | |
| parent | 2698655eb986c23cc9bf17d284ea743cc2d3380f (diff) | |
use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
in order to avoid a possible Kocher timing attack pointed out by Charles
Hannum; ok provos@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/ssh-keysign.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index c7b247cb65a..151981227af 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -22,9 +22,11 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.5 2002/06/26 22:27:32 markus Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $"); #include <openssl/evp.h> +#include <openssl/rand.h> +#include <openssl/rsa.h> #include "log.h" #include "key.h" @@ -134,6 +136,7 @@ main(int argc, char **argv) u_char *signature, *data; char *host; u_int slen, dlen; + u_int32_t rnd[256]; key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); @@ -153,6 +156,9 @@ main(int argc, char **argv) pw = pwcopy(pw); SSLeay_add_all_algorithms(); + for (i = 0; i < 256; i++) + rnd[i] = arc4random(); + RAND_seed(rnd, sizeof(rnd)); found = 0; for (i = 0; i < 2; i++) { @@ -162,6 +168,13 @@ main(int argc, char **argv) keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC, NULL, NULL); close(key_fd[i]); + if (keys[i] != NULL && keys[i]->type == KEY_RSA) { + if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) { + error("RSA_blinding_on failed"); + key_free(keys[i]); + keys[i] = NULL; + } + } if (keys[i] != NULL) found = 1; } |