Add RSA blinding for private keys. markus@ ok.

author: ho <ho@openbsd.org> 2003-03-14 09:28:14 +0000
committer: ho <ho@openbsd.org> 2003-03-14 09:28:14 +0000
commit: a58b886268f503566215296a9d98996c53f63e4e (patch)
tree: 94ef2c43cfee7d3f43b85f019e81ab94f61984d8 /usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
parent: Zombies on the bridge, captain. (diff)
download: wireguard-openbsd-a58b886268f503566215296a9d98996c53f63e4e.tar.xz
wireguard-openbsd-a58b886268f503566215296a9d98996c53f63e4e.zip
1 files changed, 15 insertions, 1 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
index c09c8e33358..e30c6d9fa5e 100644
--- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
+++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_engine_init.c,v 1.20 2002/10/07 20:23:06 henning Exp $ */
+/* $OpenBSD: ssl_engine_init.c,v 1.21 2003/03/14 09:28:14 ho Exp $ */
 
 /*                      _             _
 **  _ __ ___   ___   __| |    ___ ___| |  mod_ssl
@@ -478,6 +478,10 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, pool *p)
                 ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 512 bit RSA private key");
                 ssl_die();
             }
+	    if (RSA_blinding_on ((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA512], NULL) != 1) {
+		ssl_log(s, SSL_LOG_ERROR, "Init: Failed to add blinding for temporary 512 bit RSA private key");
+                ssl_die();
+	    }
         }
 
         /* allocate 1024 bit RSA key */
@@ -492,6 +496,10 @@ void ssl_init_TmpKeysHandle(int action, server_rec *s, pool *p)
                 ssl_log(s, SSL_LOG_ERROR, "Init: Failed to load temporary 1024 bit RSA private key");
                 ssl_die();
             }
+	    if (RSA_blinding_on ((RSA *)mc->pTmpKeys[SSL_TKPIDX_RSA1024], NULL) != 1) {
+		ssl_log(s, SSL_LOG_ERROR, "Init: Failed to add blinding for temporary 1024 bit RSA private key");
+                ssl_die();
+	    }
         }
 
         ssl_log(s, SSL_LOG_INFO, "Init: Configuring temporary DH parameters (512/1024 bits)");
@@ -824,6 +832,12 @@ void ssl_init_ConfigureServer(server_rec *s, pool *p, SSLSrvConfigRec *sc)
                     cpVHostID);
             ssl_die();
         }
+	if (RSA_blinding_on (sc->pPrivateKey[SSL_AIDX_RSA]->pkey.rsa, NULL) != 1) {
+            ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
+                    "Init: (%s) Unable to add blinding for RSA server private key",
+                    cpVHostID);
+            ssl_die();
+        }
         if (SSL_CTX_use_PrivateKey(ctx, sc->pPrivateKey[SSL_AIDX_RSA]) <= 0) {
             ssl_log(s, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                     "Init: (%s) Unable to configure RSA server private key",
author	ho <ho@openbsd.org>	2003-03-14 09:28:14 +0000
committer	ho <ho@openbsd.org>	2003-03-14 09:28:14 +0000
commit	a58b886268f503566215296a9d98996c53f63e4e (patch)
tree	94ef2c43cfee7d3f43b85f019e81ab94f61984d8 /usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c
parent	Zombies on the bridge, captain. (diff)
download	wireguard-openbsd-a58b886268f503566215296a9d98996c53f63e4e.tar.xz wireguard-openbsd-a58b886268f503566215296a9d98996c53f63e4e.zip