diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2001-01-29 19:47:32 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-01-29 19:47:32 +0000 |
commit | 1fc5e1a14c4ba5dccd70fd6870a028c8a8d1f5f4 (patch) | |
tree | 1ddcd979ad0032f04569f4a98208ac97621f3568 /usr.bin/ssh/ssh-agent.c | |
parent | 24f1c20ecb0c06b27d61876bf9523dd73847444e (diff) |
handle rsa_private_decrypt failures; helps against the Bleichenbacher pkcs#1 attack
Diffstat (limited to 'usr.bin/ssh/ssh-agent.c')
-rw-r--r-- | usr.bin/ssh/ssh-agent.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 9eb1615c614..13555c546ee 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-agent.c,v 1.48 2001/01/25 08:06:33 deraadt Exp $ */ +/* $OpenBSD: ssh-agent.c,v 1.49 2001/01/29 19:47:31 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -37,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.48 2001/01/25 08:06:33 deraadt Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.49 2001/01/29 19:47:31 markus Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -194,7 +194,8 @@ process_authentication_challenge1(SocketEntry *e) private = lookup_private_key(key, NULL, 1); if (private != NULL) { /* Decrypt the challenge using the private key. */ - rsa_private_decrypt(challenge, challenge, private->rsa); + if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0) + goto failure; /* The response is MD5 of decrypted challenge plus session id. */ len = BN_num_bytes(challenge); |