- (djm) OpenBSD CVS Sync: - markus@cvs.openbsd.org 2001/01/29 12:47:32 [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c] handle rsa_private_decrypt failures; helps against the Bleichenbacher pkcs#1 attack

commit: 7650bc68420a227212ba0ff5cd4a0d133471b872 [log] [tgz]
author: Damien Miller <djm@mindrot.org> Tue Jan 30 09:27:26 2001 +1100
committer: Damien Miller <djm@mindrot.org> Tue Jan 30 09:27:26 2001 +1100
tree: 55d8d15e4cdd7407b7086e9c3cf9597539c81071
parent: d83ff35d66e11978e0b821ecbfa07011ddcb8868 [diff] [blame]
diff --git a/ssh-agent.c b/ssh-agent.c
index 539f8ce..deed3ec 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssh-agent.c,v 1.48 2001/01/25 08:06:33 deraadt Exp $	*/
+/*	$OpenBSD: ssh-agent.c,v 1.49 2001/01/29 19:47:31 markus Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.48 2001/01/25 08:06:33 deraadt Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.49 2001/01/29 19:47:31 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -198,7 +198,8 @@
 	private = lookup_private_key(key, NULL, 1);
 	if (private != NULL) {
 		/* Decrypt the challenge using the private key. */
-		rsa_private_decrypt(challenge, challenge, private->rsa);
+		if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0)
+			goto failure;
 
 		/* The response is MD5 of decrypted challenge plus session id. */
 		len = BN_num_bytes(challenge);
commit	7650bc68420a227212ba0ff5cd4a0d133471b872	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Tue Jan 30 09:27:26 2001 +1100
committer	Damien Miller <djm@mindrot.org>	Tue Jan 30 09:27:26 2001 +1100
tree	55d8d15e4cdd7407b7086e9c3cf9597539c81071
parent	d83ff35d66e11978e0b821ecbfa07011ddcb8868 [diff] [blame]