-int read_rsa_public_key(connection_t *c)
-{
- FILE *fp;
- char *fname;
- char *key;
-cp
- if(!c->rsa_key)
- c->rsa_key = RSA_new();
-
- /* First, check for simple PublicKey statement */
-
- if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key))
- {
- BN_hex2bn(&c->rsa_key->n, key);
- BN_hex2bn(&c->rsa_key->e, "FFFF");
- free(key);
- return 0;
- }
-
- /* Else, check for PublicKeyFile statement and read it */
-
- if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname))
- {
- if(is_safe_path(fname))
- {
- if((fp = fopen(fname, "r")) == NULL)
- {
- syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"),
- fname, strerror(errno));
- free(fname);
- return -1;
- }
- free(fname);
- c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
- fclose(fp);
- if(c->rsa_key)
- return 0; /* Woohoo. */
-
- /* If it fails, try PEM_read_RSA_PUBKEY. */
- if((fp = fopen(fname, "r")) == NULL)
- {
- syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"),
- fname, strerror(errno));
- free(fname);
- return -1;
- }
- free(fname);
- c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
- fclose(fp);
- if(c->rsa_key)
- return 0;
-
- syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"),
- fname, strerror(errno));
- return -1;
- }
- else
- {
- free(fname);
- return -1;
- }
- }
-
- /* Else, check if a harnessed public key is in the config file */
-
- asprintf(&fname, "%s/hosts/%s", confbase, c->name);
- if((fp = fopen(fname, "r")))
- {
- c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
- fclose(fp);
- }
-
- free(fname);
-
- if(c->rsa_key)
- return 0;
-
- /* Try again with PEM_read_RSA_PUBKEY. */
-
- asprintf(&fname, "%s/hosts/%s", confbase, c->name);
- if((fp = fopen(fname, "r")))
- {
- c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
- fclose(fp);
- }
-
- free(fname);
-
- if(c->rsa_key)
- return 0;
-
- syslog(LOG_ERR, _("No public key for %s specified!"), c->name);
- return -1;
+bool read_rsa_public_key(connection_t *c) {
+ FILE *fp;
+ char *fname;
+ char *key;
+
+ if(!c->rsa_key) {
+ c->rsa_key = RSA_new();
+// RSA_blinding_on(c->rsa_key, NULL);
+ }
+
+ /* First, check for simple PublicKey statement */
+
+ if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) {
+ BN_hex2bn(&c->rsa_key->n, key);
+ BN_hex2bn(&c->rsa_key->e, "FFFF");
+ free(key);
+ return true;
+ }
+
+ /* Else, check for PublicKeyFile statement and read it */
+
+ if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) {
+ fp = fopen(fname, "r");
+
+ if(!fp) {
+ logger(LOG_ERR, "Error reading RSA public key file `%s': %s",
+ fname, strerror(errno));
+ free(fname);
+ return false;
+ }
+
+ free(fname);
+ c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
+ fclose(fp);
+
+ if(c->rsa_key)
+ return true; /* Woohoo. */
+
+ /* If it fails, try PEM_read_RSA_PUBKEY. */
+ fp = fopen(fname, "r");
+
+ if(!fp) {
+ logger(LOG_ERR, "Error reading RSA public key file `%s': %s",
+ fname, strerror(errno));
+ free(fname);
+ return false;
+ }
+
+ free(fname);
+ c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
+ fclose(fp);
+
+ if(c->rsa_key) {
+// RSA_blinding_on(c->rsa_key, NULL);
+ return true;
+ }
+
+ logger(LOG_ERR, "Reading RSA public key file `%s' failed: %s",
+ fname, strerror(errno));
+ return false;
+ }
+
+ /* Else, check if a harnessed public key is in the config file */
+
+ xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
+ fp = fopen(fname, "r");
+
+ if(fp) {
+ c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL);
+ fclose(fp);
+ }
+
+ free(fname);
+
+ if(c->rsa_key)
+ return true;
+
+ /* Try again with PEM_read_RSA_PUBKEY. */
+
+ xasprintf(&fname, "%s/hosts/%s", confbase, c->name);
+ fp = fopen(fname, "r");
+
+ if(fp) {
+ c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL);
+// RSA_blinding_on(c->rsa_key, NULL);
+ fclose(fp);
+ }
+
+ free(fname);
+
+ if(c->rsa_key)
+ return true;
+
+ logger(LOG_ERR, "No public key for %s specified!", c->name);
+
+ return false;
+}
+
+bool read_rsa_private_key(void) {
+ FILE *fp;
+ char *fname, *key, *pubkey;
+ struct stat s;
+
+ if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) {
+ if(!get_config_string(lookup_config(config_tree, "PublicKey"), &pubkey)) {
+ logger(LOG_ERR, "PrivateKey used but no PublicKey found!");
+ return false;
+ }
+ myself->connection->rsa_key = RSA_new();
+// RSA_blinding_on(myself->connection->rsa_key, NULL);
+ BN_hex2bn(&myself->connection->rsa_key->d, key);
+ BN_hex2bn(&myself->connection->rsa_key->n, pubkey);
+ BN_hex2bn(&myself->connection->rsa_key->e, "FFFF");
+ free(key);
+ free(pubkey);
+ return true;
+ }
+
+ if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname))
+ xasprintf(&fname, "%s/rsa_key.priv", confbase);
+
+ fp = fopen(fname, "r");
+
+ if(!fp) {
+ logger(LOG_ERR, "Error reading RSA private key file `%s': %s",
+ fname, strerror(errno));
+ free(fname);
+ return false;
+ }
+
+#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN)
+ if(fstat(fileno(fp), &s)) {
+ logger(LOG_ERR, "Could not stat RSA private key file `%s': %s'",
+ fname, strerror(errno));
+ free(fname);
+ return false;
+ }
+
+ if(s.st_mode & ~0100700)
+ logger(LOG_WARNING, "Warning: insecure file permissions for RSA private key file `%s'!", fname);
+#endif
+
+ myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL);
+ fclose(fp);
+
+ if(!myself->connection->rsa_key) {
+ logger(LOG_ERR, "Reading RSA private key file `%s' failed: %s",
+ fname, strerror(errno));
+ free(fname);
+ return false;
+ }
+
+ free(fname);
+ return true;