diff options
| author | Damien Miller <djm@mindrot.org> | 2001-01-30 09:27:26 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2001-01-30 09:27:26 +1100 |
| commit | 7650bc68420a227212ba0ff5cd4a0d133471b872 (patch) | |
| tree | 55d8d15e4cdd7407b7086e9c3cf9597539c81071 /sshconnect1.c | |
| parent | d83ff35d66e11978e0b821ecbfa07011ddcb8868 (diff) | |
- (djm) OpenBSD CVS Sync:
- markus@cvs.openbsd.org 2001/01/29 12:47:32
[rsa.c rsa.h ssh-agent.c sshconnect1.c sshd.c]
handle rsa_private_decrypt failures; helps against the Bleichenbacher
pkcs#1 attack
Diffstat (limited to 'sshconnect1.c')
| -rw-r--r-- | sshconnect1.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/sshconnect1.c b/sshconnect1.c index 5a5a22227..e732806f3 100644 --- a/sshconnect1.c +++ b/sshconnect1.c @@ -13,7 +13,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect1.c,v 1.20 2001/01/22 23:06:40 markus Exp $"); +RCSID("$OpenBSD: sshconnect1.c,v 1.21 2001/01/29 19:47:31 markus Exp $"); #include <openssl/bn.h> #include <openssl/evp.h> @@ -163,14 +163,17 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv) int i, len; /* Decrypt the challenge using the private key. */ - rsa_private_decrypt(challenge, challenge, prv); + /* XXX think about Bleichenbacher, too */ + if (rsa_private_decrypt(challenge, challenge, prv) <= 0) + packet_disconnect( + "respond_to_rsa_challenge: rsa_private_decrypt failed"); /* Compute the response. */ /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); if (len <= 0 || len > sizeof(buf)) - packet_disconnect("respond_to_rsa_challenge: bad challenge length %d", - len); + packet_disconnect( + "respond_to_rsa_challenge: bad challenge length %d", len); memset(buf, 0, sizeof(buf)); BN_bn2bin(challenge, buf + sizeof(buf) - len); |