[src/trunk]: src/crypto/dist/ssh >use RSA_blinding_on() for rsa hostkeys (sug...

[itojun <itojun%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/0b92fee155ea
branches:  trunk
changeset: 533524:0b92fee155ea
user:      itojun <itojun%NetBSD.org@localhost>
date:      Wed Jul 03 10:06:39 2002 +0000

description:
>use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld)
>in order to avoid a possible Kocher timing attack pointed out by Charles
>Hannum; ok provos@

diffstat:

 crypto/dist/ssh/ssh-keysign.c |  17 +++++++++++++++--
 1 files changed, 15 insertions(+), 2 deletions(-)

diffs (54 lines):

diff -r d8e19a850d75 -r 0b92fee155ea crypto/dist/ssh/ssh-keysign.c
--- a/crypto/dist/ssh/ssh-keysign.c     Wed Jul 03 10:05:58 2002 +0000
+++ b/crypto/dist/ssh/ssh-keysign.c     Wed Jul 03 10:06:39 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ssh-keysign.c,v 1.2 2002/07/01 05:54:03 itojun Exp $   */
+/*     $NetBSD: ssh-keysign.c,v 1.3 2002/07/03 10:06:39 itojun Exp $   */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -23,9 +23,11 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keysign.c,v 1.5 2002/06/26 22:27:32 markus Exp $");
+RCSID("$OpenBSD: ssh-keysign.c,v 1.6 2002/07/03 09:55:38 markus Exp $");
 
 #include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
 
 #include "log.h"
 #include "key.h"
@@ -135,6 +137,7 @@
        u_char *signature, *data;
        char *host;
        u_int slen, dlen;
+       u_int32_t rnd[256];
 
        key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
        key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
@@ -154,6 +157,9 @@
        pw = pwcopy(pw);
 
        SSLeay_add_all_algorithms();
+       for (i = 0; i < 256; i++)
+               rnd[i] = arc4random();
+       RAND_seed(rnd, sizeof(rnd));
 
        found = 0;
        for (i = 0; i < 2; i++) {
@@ -163,6 +169,13 @@
                keys[i] = key_load_private_pem(key_fd[i], KEY_UNSPEC,
                    NULL, NULL);
                close(key_fd[i]);
+               if (keys[i] != NULL && keys[i]->type == KEY_RSA) {
+                       if (RSA_blinding_on(keys[i]->rsa, NULL) != 1) {
+                               error("RSA_blinding_on failed");
+                               key_free(keys[i]);
+                               keys[i] = NULL;
+                       }
+               }
                if (keys[i] != NULL)
                        found = 1;
        }