- (djm) OpenBSD CVS Sync: - markus@cvs.openbsd.org 2001/01/29 12:47:32 [rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c] handle rsa_private_decrypt failures; helps against the Bleichenbacher pkcs#1 attack

commit: 7650bc68420a227212ba0ff5cd4a0d133471b872 [log] [tgz]
author: Damien Miller <djm@mindrot.org> Tue Jan 30 09:27:26 2001 +1100
committer: Damien Miller <djm@mindrot.org> Tue Jan 30 09:27:26 2001 +1100
tree: 55d8d15e4cdd7407b7086e9c3cf9597539c81071
parent: d83ff35d66e11978e0b821ecbfa07011ddcb8868 [diff] [blame]
diff --git a/sshconnect1.c b/sshconnect1.c
index 5a5a222..e732806 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c

@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.20 2001/01/22 23:06:40 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.21 2001/01/29 19:47:31 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -163,14 +163,17 @@
 	int i, len;
 
 	/* Decrypt the challenge using the private key. */
-	rsa_private_decrypt(challenge, challenge, prv);
+	/* XXX think about Bleichenbacher, too */
+	if (rsa_private_decrypt(challenge, challenge, prv) <= 0)
+		packet_disconnect(
+		    "respond_to_rsa_challenge: rsa_private_decrypt failed");
 
 	/* Compute the response. */
 	/* The response is MD5 of decrypted challenge plus session id. */
 	len = BN_num_bytes(challenge);
 	if (len <= 0 || len > sizeof(buf))
-		packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
-				  len);
+		packet_disconnect(
+		    "respond_to_rsa_challenge: bad challenge length %d", len);
 
 	memset(buf, 0, sizeof(buf));
 	BN_bn2bin(challenge, buf + sizeof(buf) - len);
commit	7650bc68420a227212ba0ff5cd4a0d133471b872	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Tue Jan 30 09:27:26 2001 +1100
committer	Damien Miller <djm@mindrot.org>	Tue Jan 30 09:27:26 2001 +1100
tree	55d8d15e4cdd7407b7086e9c3cf9597539c81071
parent	d83ff35d66e11978e0b821ecbfa07011ddcb8868 [diff] [blame]