summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/ssh-agent.c
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2001-01-29 19:47:32 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2001-01-29 19:47:32 +0000
commit1fc5e1a14c4ba5dccd70fd6870a028c8a8d1f5f4 (patch)
tree1ddcd979ad0032f04569f4a98208ac97621f3568 /usr.bin/ssh/ssh-agent.c
parent24f1c20ecb0c06b27d61876bf9523dd73847444e (diff)
handle rsa_private_decrypt failures; helps against the Bleichenbacher pkcs#1 attack
Diffstat (limited to 'usr.bin/ssh/ssh-agent.c')
-rw-r--r--usr.bin/ssh/ssh-agent.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index 9eb1615c614..13555c546ee 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.48 2001/01/25 08:06:33 deraadt Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.49 2001/01/29 19:47:31 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -37,7 +37,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.48 2001/01/25 08:06:33 deraadt Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.49 2001/01/29 19:47:31 markus Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
@@ -194,7 +194,8 @@ process_authentication_challenge1(SocketEntry *e)
private = lookup_private_key(key, NULL, 1);
if (private != NULL) {
/* Decrypt the challenge using the private key. */
- rsa_private_decrypt(challenge, challenge, private->rsa);
+ if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0)
+ goto failure;
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);