===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/authfile.c,v
retrieving revision 1.50
retrieving revision 1.50.2.2
diff -u -r1.50 -r1.50.2.2
--- src/usr.bin/ssh/authfile.c	2002/06/24 14:55:38	1.50
+++ src/usr.bin/ssh/authfile.c	2003/09/16 21:20:24	1.50.2.2
@@ -36,7 +36,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.50 2002/06/24 14:55:38 markus Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.50.2.2 2003/09/16 21:20:24 brad Exp $");
 
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -232,12 +232,17 @@
 {
 	Buffer buffer;
 	Key *pub;
+	struct stat st;
 	char *cp;
 	int i;
 	off_t len;
 
-	len = lseek(fd, (off_t) 0, SEEK_END);
-	lseek(fd, (off_t) 0, SEEK_SET);
+	if (fstat(fd, &st) < 0) {
+		error("fstat for key file %.200s failed: %.100s",
+		    filename, strerror(errno));
+		return NULL;
+	}
+	len = st.st_size;
 
 	buffer_init(&buffer);
 	cp = buffer_append_space(&buffer, len);
@@ -318,9 +323,15 @@
 	CipherContext ciphercontext;
 	Cipher *cipher;
 	Key *prv = NULL;
+	struct stat st;
 
-	len = lseek(fd, (off_t) 0, SEEK_END);
-	lseek(fd, (off_t) 0, SEEK_SET);
+	if (fstat(fd, &st) < 0) {
+		error("fstat for key file %.200s failed: %.100s",
+		    filename, strerror(errno));
+		close(fd);
+		return NULL;
+	}
+	len = st.st_size;
 
 	buffer_init(&buffer);
 	cp = buffer_append_space(&buffer, len);
@@ -410,6 +421,12 @@
 	rsa_generate_additional_parameters(prv->rsa);
 
 	buffer_free(&decrypted);
+
+	/* enable blinding */
+	if (RSA_blinding_on(prv->rsa, NULL) != 1) {
+		error("key_load_private_rsa1: RSA_blinding_on failed");
+		goto fail;
+	}
 	close(fd);
 	return prv;
 
@@ -449,6 +466,11 @@
 #ifdef DEBUG_PK
 		RSA_print_fp(stderr, prv->rsa, 8);
 #endif
+		if (RSA_blinding_on(prv->rsa, NULL) != 1) {
+			error("key_load_private_pem: RSA_blinding_on failed");
+			key_free(prv);
+			prv = NULL;
+		}
 	} else if (pk->type == EVP_PKEY_DSA &&
 	    (type == KEY_UNSPEC||type==KEY_DSA)) {
 		prv = key_new(KEY_UNSPEC);
@@ -489,7 +511,7 @@
 		error("@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @");
 		error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 		error("Permissions 0%3.3o for '%s' are too open.",
-		    st.st_mode & 0777, filename);
+		    (u_int)st.st_mode & 0777, filename);
 		error("It is recommended that your private key files are NOT accessible by others.");
 		error("This private key will be ignored.");
 		return 0;
@@ -604,9 +626,18 @@
 	Key *pub;
 	char file[MAXPATHLEN];
 
+	/* try rsa1 private key */
 	pub = key_load_public_type(KEY_RSA1, filename, commentp);
 	if (pub != NULL)
 		return pub;
+
+	/* try rsa1 public key */
+	pub = key_new(KEY_RSA1);
+	if (key_try_load_public(pub, filename, commentp) == 1)
+		return pub;
+	key_free(pub);
+
+	/* try ssh2 public key */
 	pub = key_new(KEY_UNSPEC);
 	if (key_try_load_public(pub, filename, commentp) == 1)
 		return pub;