1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
diff -cr stunnel-4.04/src/client.c stunnel-4.04.new/src/client.c
*** stunnel-4.04/src/client.c Wed Jan 1 11:04:39 2003
--- stunnel-4.04.new/src/client.c Fri Mar 21 09:21:38 2003
***************
*** 234,239 ****
--- 234,246 ----
sslerror("SSL_new");
return -1;
}
+
+ /* Set blinding iff it's not built into our OpenSSL version */
+ #if SSLEAY_VERSION_NUMBER <= 0x0090701fL
+ set_rsa_blinding(c->ssl);
+ #endif
+
+
#if SSLEAY_VERSION_NUMBER >= 0x0922
SSL_set_session_id_context(c->ssl, sid_ctx, strlen(sid_ctx));
#endif
***************
*** 913,917 ****
--- 920,957 ----
if(setsockopt(fd, SOL_SOCKET, SO_LINGER, (void *)&l, sizeof(l)))
log_error(LOG_DEBUG, get_last_socket_error(), txt);
}
+
+
+ int set_rsa_blinding(SSL *ssl) {
+ #ifndef NO_RSA
+
+ /* Turn on blinding iff using RSA */
+
+ RSA *rsa;
+ EVP_PKEY *pkey;
+
+ if ( (pkey = SSL_get_privatekey(ssl)) ) {
+ if ( (rsa = EVP_PKEY_get1_RSA(pkey)) ) {
+ if ( RSA_blinding_on(rsa,NULL) ) {
+ log(LOG_DEBUG, "RSA blinding enabled");
+ } else {
+ log(LOG_ERR, "Unable to set RSA blinding");
+ sslerror("RSA_blinding_on");
+ exit(1);
+ }
+ /* EVP_PKEY_get1_RSA ups the count for rsa - free extra */
+ RSA_free(rsa);
+ } else {
+ log(LOG_DEBUG, "Private key is not RSA, no blinding needed");
+ }
+ } else {
+ log(LOG_ERR, "Unable to get access to the SSL private key.");
+ sslerror("SSL_get_privatekey");
+ exit(1);
+ }
+ #endif
+ return(1);
+ }
+
/* End of client.c */
diff -cr stunnel-4.04/src/prototypes.h stunnel-4.04.new/src/prototypes.h
*** stunnel-4.04/src/prototypes.h Thu Mar 20 11:55:05 2003
--- stunnel-4.04.new/src/prototypes.h Thu Mar 20 11:55:31 2003
***************
*** 242,247 ****
--- 242,248 ----
void *alloc_client_session(LOCAL_OPTIONS *, int, int);
void *client(void *);
+ int set_rsa_blinding(SSL *);
/**************************************** Prototype for protocol.c */
diff -cr stunnel-4.04/src/ssl.c stunnel-4.04.new/src/ssl.c
*** stunnel-4.04/src/ssl.c Wed Jan 1 06:07:08 2003
--- stunnel-4.04.new/src/ssl.c Fri Mar 21 09:18:28 2003
***************
*** 367,372 ****
--- 367,378 ----
result=RSA_generate_key(keylen, RSA_F4, NULL);
#endif
log(LOG_DEBUG, "Temporary RSA key created");
+
+ /* Set blinding iff it's not built into our OpenSSL version */
+ #if SSLEAY_VERSION_NUMBER <= 0x0090701fL
+ RSA_blinding_on(result,NULL);
+ #endif
+
return result;
}
|
GitWeb