summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/sshconnect1.c
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2001-02-12 06:44:51 +0000
committerkris <kris@FreeBSD.org>2001-02-12 06:44:51 +0000
commit94cb6038949d701e15fdcd8a3c53a7c4e6d18488 (patch)
tree7844f14a2a195a5bf5d54a9da68a9cf9a05b6a2b /crypto/openssh/sshconnect1.c
parent8befe8802dfa82b634876d02d08448bd076b476b (diff)
downloadFreeBSD-src-94cb6038949d701e15fdcd8a3c53a7c4e6d18488.zip
FreeBSD-src-94cb6038949d701e15fdcd8a3c53a7c4e6d18488.tar.gz
Patches backported from later development version of OpenSSH which prevent
(instead of just mitigating through connection limits) the Bleichenbacher attack which can lead to guessing of the server key (not host key) by regenerating it when an RSA failure is detected. Reviewed by: rwatson
Diffstat (limited to 'crypto/openssh/sshconnect1.c')
-rw-r--r--crypto/openssh/sshconnect1.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/crypto/openssh/sshconnect1.c b/crypto/openssh/sshconnect1.c
index 96439c4..5ae46e0 100644
--- a/crypto/openssh/sshconnect1.c
+++ b/crypto/openssh/sshconnect1.c
@@ -152,14 +152,17 @@ respond_to_rsa_challenge(BIGNUM * challenge, RSA * prv)
int i, len;
/* Decrypt the challenge using the private key. */
- rsa_private_decrypt(challenge, challenge, prv);
+ /* XXX think about Bleichenbacher, too */
+ if (rsa_private_decrypt(challenge, challenge, prv) <= 0)
+ packet_disconnect(
+ "respond_to_rsa_challenge: rsa_private_decrypt failed");
/* Compute the response. */
/* The response is MD5 of decrypted challenge plus session id. */
len = BN_num_bytes(challenge);
if (len <= 0 || len > sizeof(buf))
- packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
- len);
+ packet_disconnect(
+ "respond_to_rsa_challenge: bad challenge length %d", len);
memset(buf, 0, sizeof(buf));
BN_bn2bin(challenge, buf + sizeof(buf) - len);
OpenPOWER on IntegriCloud