@hyc @carnildo From what I can tell, the check for permitted algorithms is after RSA_public_decrypt() has already been called, at least on some relevant paths.

I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates.

Really required a lot of coincidences.

I accidentally found a security issue while benchmarking postgres changes.

If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.

https://www.openwall.com/lists/oss-security/2024/03/29/4

@praseodym Hah. I've apparently been doing this stuff for a while.

I wholeheartedly agree with what Russ wrote here:

"Also if there's anything the community can do for Lasse personally, please pass that along."

"Anyone can be the victim of social engineering."

"I suspect many of us here have had nightmares about being in Lasse's
position, and probably will have more of them in the future."

Indeed.

https://www.openwall.com/lists/oss-security/2024/03/30/25