diff options
author | Damien Miller <djm@mindrot.org> | 2003-03-15 11:37:09 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-03-15 11:37:09 +1100 |
commit | c51d0735a4a68ddcd927f003ffb3fc917cb207c2 (patch) | |
tree | 6d3aa9d416598357278077245ffa31af13ae5292 | |
parent | ed33d3b4d229b0e815f43d8a3192047ef161dcd7 (diff) |
- markus@cvs.openbsd.org 2003/03/13 11:44:50
[ssh-agent.c]
ssh-agent is similar to ssh-keysign (allows other processes to use
private rsa keys). however, it gets key over socket and not from
a file, so we have to do blinding here as well.
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | ssh-agent.c | 13 |
2 files changed, 18 insertions, 2 deletions
@@ -3,6 +3,11 @@ - markus@cvs.openbsd.org 2003/03/13 11:42:19 [authfile.c ssh-keysign.c] move RSA_blinding_on to generic key load method + - markus@cvs.openbsd.org 2003/03/13 11:44:50 + [ssh-agent.c] + ssh-agent is similar to ssh-keysign (allows other processes to use + private rsa keys). however, it gets key over socket and not from + a file, so we have to do blinding here as well. 20030310 - (djm) OpenBSD CVS Sync @@ -1209,4 +1214,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2628 2003/03/15 00:36:18 djm Exp $ +$Id: ChangeLog,v 1.2629 2003/03/15 00:37:09 djm Exp $ diff --git a/ssh-agent.c b/ssh-agent.c index b18dd980..eb593de7 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.107 2003/01/23 13:50:27 markus Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -483,6 +483,17 @@ process_add_identity(SocketEntry *e, int version) } break; } + /* enable blinding */ + switch (k->type) { + case KEY_RSA: + case KEY_RSA1: + if (RSA_blinding_on(k->rsa, NULL) != 1) { + error("process_add_identity: RSA_blinding_on failed"); + key_free(k); + goto send; + } + break; + } comment = buffer_get_string(&e->request, NULL); if (k == NULL) { xfree(comment); |