diff options
author | Damien Miller <djm@mindrot.org> | 2001-01-30 09:27:26 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2001-01-30 09:27:26 +1100 |
commit | 7650bc68420a227212ba0ff5cd4a0d133471b872 (patch) | |
tree | 55d8d15e4cdd7407b7086e9c3cf9597539c81071 /ssh-agent.c | |
parent | d83ff35d66e11978e0b821ecbfa07011ddcb8868 (diff) |
- (djm) OpenBSD CVS Sync:
- markus@cvs.openbsd.org 2001/01/29 12:47:32
[rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
handle rsa_private_decrypt failures; helps against the Bleichenbacher
pkcs#1 attack
Diffstat (limited to 'ssh-agent.c')
-rw-r--r-- | ssh-agent.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ssh-agent.c b/ssh-agent.c index 539f8ce7d..deed3ecae 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.48 2001/01/25 08:06:33 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.49 2001/01/29 19:47:31 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.48 2001/01/25 08:06:33 deraadt Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.49 2001/01/29 19:47:31 markus Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -198,7 +198,8 @@ process_authentication_challenge1(SocketEntry *e) private = lookup_private_key(key, NULL, 1); if (private != NULL) { /* Decrypt the challenge using the private key. */ - rsa_private_decrypt(challenge, challenge, private->rsa); + if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) + goto failure; /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); |