X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/1e3b8b0749ec6793df5d8a9aca41ad4cae79bd4a..da89cf4dea90eaed324c80b9062f1eed13acd107:/ssh-dss.c

diff --git a/ssh-dss.c b/ssh-dss.c
index 96b1565d..adc8f983 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,20 +23,18 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.6 2001/02/08 19:30:52 itojun Exp $");
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
 
-#include "ssh.h"
 #include "xmalloc.h"
 #include "buffer.h"
 #include "bufaux.h"
 #include "compat.h"
-
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
-
+#include "log.h"
 #include "key.h"
+#include "ssh-dss.h"
 
 #define INTBLOB_LEN	20
 #define SIGBLOB_LEN	(2*INTBLOB_LEN)
@@ -54,7 +52,7 @@ ssh_dss_sign(
 	EVP_MD_CTX md;
 	u_int rlen;
 	u_int slen;
-	u_int len;
+	u_int len, dlen;
 	u_char sigblob[SIGBLOB_LEN];
 	Buffer b;
 
@@ -62,15 +60,18 @@ ssh_dss_sign(
 		error("ssh_dss_sign: no DSA key");
 		return -1;
 	}
-	digest = xmalloc(evp_md->md_size);
+	dlen = evp_md->md_size;
+	digest = xmalloc(dlen);
 	EVP_DigestInit(&md, evp_md);
 	EVP_DigestUpdate(&md, data, datalen);
 	EVP_DigestFinal(&md, digest, NULL);
 
-	sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
+	sig = DSA_do_sign(digest, dlen, key->dsa);
 	if (sig == NULL) {
 		fatal("ssh_dss_sign: cannot sign");
 	}
+	memset(digest, 0, dlen);
+	xfree(digest);
 
 	rlen = BN_num_bytes(sig->r);
 	slen = BN_num_bytes(sig->s);
@@ -185,7 +186,7 @@ ssh_dss_verify(
 		memset(sigblob, 0, len);
 		xfree(sigblob);
 	}
-	
+
 	/* sha1 the data */
 	dlen = evp_md->md_size;
 	digest = xmalloc(dlen);