diff options
author | kris <kris@FreeBSD.org> | 2001-02-12 06:44:51 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2001-02-12 06:44:51 +0000 |
commit | 94cb6038949d701e15fdcd8a3c53a7c4e6d18488 (patch) | |
tree | 7844f14a2a195a5bf5d54a9da68a9cf9a05b6a2b /crypto/openssh/rsa.c | |
parent | 8befe8802dfa82b634876d02d08448bd076b476b (diff) | |
download | FreeBSD-src-94cb6038949d701e15fdcd8a3c53a7c4e6d18488.zip FreeBSD-src-94cb6038949d701e15fdcd8a3c53a7c4e6d18488.tar.gz |
Patches backported from later development version of OpenSSH which prevent
(instead of just mitigating through connection limits) the Bleichenbacher
attack which can lead to guessing of the server key (not host key) by
regenerating it when an RSA failure is detected.
Reviewed by: rwatson
Diffstat (limited to 'crypto/openssh/rsa.c')
-rw-r--r-- | crypto/openssh/rsa.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/crypto/openssh/rsa.c b/crypto/openssh/rsa.c index 21eec8f..3dabac1 100644 --- a/crypto/openssh/rsa.c +++ b/crypto/openssh/rsa.c @@ -161,7 +161,7 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) xfree(inbuf); } -void +int rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) { unsigned char *inbuf, *outbuf; @@ -175,15 +175,16 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) BN_bn2bin(in, inbuf); if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key, - RSA_PKCS1_PADDING)) <= 0) - fatal("rsa_private_decrypt() failed."); - - BN_bin2bn(outbuf, len, out); - + RSA_PKCS1_PADDING)) <= 0) { + error("rsa_private_decrypt() failed"); + } else { + BN_bin2bn(outbuf, len, out); + } memset(outbuf, 0, olen); memset(inbuf, 0, ilen); xfree(outbuf); xfree(inbuf); + return len; } /* Set whether to output verbose messages during key generation. */ |