- markus@cvs.openbsd.org 2003/03/13 11:44:50

     [ssh-agent.c]
     ssh-agent is similar to ssh-keysign (allows other processes to use
     private rsa keys). however, it gets key over socket and not from
     a file, so we have to do blinding here as well.

diff --git a/ChangeLog b/ChangeLog
index c9433ee2fa3ec527efc76e8cb33598eb56d92111..19c216158c661bc10e89b174bf50f209716725f9 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,11 @@
    - markus@cvs.openbsd.org 2003/03/13 11:42:19
      [authfile.c ssh-keysign.c]
      move RSA_blinding_on to generic key load method
+   - markus@cvs.openbsd.org 2003/03/13 11:44:50
+     [ssh-agent.c]
+     ssh-agent is similar to ssh-keysign (allows other processes to use
+     private rsa keys). however, it gets key over socket and not from
+     a file, so we have to do blinding here as well.
 
 20030310
 - (djm) OpenBSD CVS Sync

diff --git a/ssh-agent.c b/ssh-agent.c
index b18dd980c2a3a8f8fd4f98921fb21803a39770a2..eb593de73f12e7b86e064b12fa100e8298a1e54e 100644 (file)
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.107 2003/01/23 13:50:27 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -483,6 +483,17 @@ process_add_identity(SocketEntry *e, int version)
                }
                break;
        }
+       /* enable blinding */
+       switch (k->type) {
+       case KEY_RSA:
+       case KEY_RSA1:
+               if (RSA_blinding_on(k->rsa, NULL) != 1) {
+                       error("process_add_identity: RSA_blinding_on failed");
+                       key_free(k);
+                       goto send;
+               }
+               break;
+       }
        comment = buffer_get_string(&e->request, NULL);
        if (k == NULL) {
                xfree(comment);