Fix bug in Uppity RSA kex with short secret values.

In ssh_rsakex_decrypt, the code that decodes the buffer after it's been through RSA decryption and had the OAEP masking undone would never have worked if there were any padding 0 bytes between the prefix and suffix of the OAEP preimage. I must have not noticed before because PuTTY's RSA kex client code always makes the biggest possible secret integer, so it never _does_ need any padding!
2025-01-09 17:38:00 +00:00 · 2019-12-15 20:12:59 +00:00 · 2019-12-15 20:12:59 +00:00 · e47a337dd7
commit e47a337dd7
parent 873ec97302
1 changed files with 1 additions and 1 deletions
--- a/sshrsa.c
+++ b/sshrsa.c
@ -998,7 +998,7 @@ mp_int *ssh_rsakex_decrypt(
        if (out[i] == 1) {
            i++;  /* skip over the 1 byte */
            break;
-        } else if (out[i] != 1) {
+        } else if (out[i] != 0) {
            sfree(out);
            return NULL;
        }