X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/087dea86e8a9fd730eec6b80cf16e4b860377188..9c54c067cca6a1d021a6d5120e0adc05f3252a97:/ssh-dss.c

diff --git a/ssh-dss.c b/ssh-dss.c
index b81b8347..381b7ded 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.12 2002/01/25 21:42:11 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.19 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -34,21 +34,18 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.12 2002/01/25 21:42:11 markus Exp $");
 #include "compat.h"
 #include "log.h"
 #include "key.h"
-#include "ssh-dss.h"
 
 #define INTBLOB_LEN	20
 #define SIGBLOB_LEN	(2*INTBLOB_LEN)
 
 int
-ssh_dss_sign(
-    Key *key,
-    u_char **sigp, int *lenp,
-    u_char *data, int datalen)
+ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+    const u_char *data, u_int datalen)
 {
 	DSA_SIG *sig;
-	EVP_MD *evp_md = EVP_sha1();
+	const EVP_MD *evp_md = EVP_sha1();
 	EVP_MD_CTX md;
-	u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
+	u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
 	u_int rlen, slen, len, dlen;
 	Buffer b;
 
@@ -71,7 +68,7 @@ ssh_dss_sign(
 	rlen = BN_num_bytes(sig->r);
 	slen = BN_num_bytes(sig->s);
 	if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
-		error("bad sig size %d %d", rlen, slen);
+		error("bad sig size %u %u", rlen, slen);
 		DSA_SIG_free(sig);
 		return -1;
 	}
@@ -81,36 +78,34 @@ ssh_dss_sign(
 	DSA_SIG_free(sig);
 
 	if (datafellows & SSH_BUG_SIGBLOB) {
-		ret = xmalloc(SIGBLOB_LEN);
-		memcpy(ret, sigblob, SIGBLOB_LEN);
 		if (lenp != NULL)
 			*lenp = SIGBLOB_LEN;
-		if (sigp != NULL)
-			*sigp = ret;
+		if (sigp != NULL) {
+			*sigp = xmalloc(SIGBLOB_LEN);
+			memcpy(*sigp, sigblob, SIGBLOB_LEN);
+		}
 	} else {
 		/* ietf-drafts */
 		buffer_init(&b);
 		buffer_put_cstring(&b, "ssh-dss");
 		buffer_put_string(&b, sigblob, SIGBLOB_LEN);
 		len = buffer_len(&b);
-		ret = xmalloc(len);
-		memcpy(ret, buffer_ptr(&b), len);
-		buffer_free(&b);
 		if (lenp != NULL)
 			*lenp = len;
-		if (sigp != NULL)
-			*sigp = ret;
+		if (sigp != NULL) {
+			*sigp = xmalloc(len);
+			memcpy(*sigp, buffer_ptr(&b), len);
+		}
+		buffer_free(&b);
 	}
 	return 0;
 }
 int
-ssh_dss_verify(
-    Key *key,
-    u_char *signature, int signaturelen,
-    u_char *data, int datalen)
+ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
 	DSA_SIG *sig;
-	EVP_MD *evp_md = EVP_sha1();
+	const EVP_MD *evp_md = EVP_sha1();
 	EVP_MD_CTX md;
 	u_char digest[EVP_MAX_MD_SIZE], *sigblob;
 	u_int len, dlen;
@@ -124,7 +119,8 @@ ssh_dss_verify(
 
 	/* fetch signature */
 	if (datafellows & SSH_BUG_SIGBLOB) {
-		sigblob = signature;
+		sigblob = xmalloc(signaturelen);
+		memcpy(sigblob, signature, signaturelen);
 		len = signaturelen;
 	} else {
 		/* ietf-drafts */
@@ -151,7 +147,7 @@ ssh_dss_verify(
 	}
 
 	if (len != SIGBLOB_LEN) {
-		fatal("bad sigbloblen %d != SIGBLOB_LEN", len);
+		fatal("bad sigbloblen %u != SIGBLOB_LEN", len);
 	}
 
 	/* parse signature */
@@ -164,10 +160,9 @@ ssh_dss_verify(
 	BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
 	BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
 
-	if (!(datafellows & SSH_BUG_SIGBLOB)) {
-		memset(sigblob, 0, len);
-		xfree(sigblob);
-	}
+	/* clean up */
+	memset(sigblob, 0, len);
+	xfree(sigblob);
 
 	/* sha1 the data */
 	EVP_DigestInit(&md, evp_md);