X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/512d319a81897cd105ee44f0f5b1ff93e6867c2c..b6c7b7b7b23695d52c8ec1a8d394d9a6945f7e9b:/ssh-dss.c

diff --git a/ssh-dss.c b/ssh-dss.c
index 6cedcc4d..381b7ded 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.19 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -39,8 +39,8 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.18 2003/02/12 09:33:04 markus Exp $");
 #define SIGBLOB_LEN	(2*INTBLOB_LEN)
 
 int
-ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+    const u_char *data, u_int datalen)
 {
 	DSA_SIG *sig;
 	const EVP_MD *evp_md = EVP_sha1();
@@ -101,8 +101,8 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
 	return 0;
 }
 int
-ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
 	DSA_SIG *sig;
 	const EVP_MD *evp_md = EVP_sha1();
@@ -119,7 +119,8 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
 
 	/* fetch signature */
 	if (datafellows & SSH_BUG_SIGBLOB) {
-		sigblob = signature;
+		sigblob = xmalloc(signaturelen);
+		memcpy(sigblob, signature, signaturelen);
 		len = signaturelen;
 	} else {
 		/* ietf-drafts */
@@ -159,10 +160,9 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
 	BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
 	BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
 
-	if (!(datafellows & SSH_BUG_SIGBLOB)) {
-		memset(sigblob, 0, len);
-		xfree(sigblob);
-	}
+	/* clean up */
+	memset(sigblob, 0, len);
+	xfree(sigblob);
 
 	/* sha1 the data */
 	EVP_DigestInit(&md, evp_md);