X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/da2499f581b0d057cb8d4d5c3d8494d1ef3b07e6..9c54c067cca6a1d021a6d5120e0adc05f3252a97:/ssh-dss.c

diff --git a/ssh-dss.c b/ssh-dss.c
index 0215f1c9..381b7ded 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.16 2002/07/04 04:15:33 deraadt Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.19 2003/11/10 16:23:41 jakob Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -34,19 +34,18 @@ RCSID("$OpenBSD: ssh-dss.c,v 1.16 2002/07/04 04:15:33 deraadt Exp $");
 #include "compat.h"
 #include "log.h"
 #include "key.h"
-#include "ssh-dss.h"
 
 #define INTBLOB_LEN	20
 #define SIGBLOB_LEN	(2*INTBLOB_LEN)
 
 int
-ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
-    u_char *data, u_int datalen)
+ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+    const u_char *data, u_int datalen)
 {
 	DSA_SIG *sig;
 	const EVP_MD *evp_md = EVP_sha1();
 	EVP_MD_CTX md;
-	u_char *ret, digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
+	u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
 	u_int rlen, slen, len, dlen;
 	Buffer b;
 
@@ -79,35 +78,31 @@ ssh_dss_sign(Key *key, u_char **sigp, u_int *lenp,
 	DSA_SIG_free(sig);
 
 	if (datafellows & SSH_BUG_SIGBLOB) {
-		ret = xmalloc(SIGBLOB_LEN);
-		memcpy(ret, sigblob, SIGBLOB_LEN);
 		if (lenp != NULL)
 			*lenp = SIGBLOB_LEN;
-		if (sigp != NULL)
-			*sigp = ret;
-		else
-			xfree(ret);
+		if (sigp != NULL) {
+			*sigp = xmalloc(SIGBLOB_LEN);
+			memcpy(*sigp, sigblob, SIGBLOB_LEN);
+		}
 	} else {
 		/* ietf-drafts */
 		buffer_init(&b);
 		buffer_put_cstring(&b, "ssh-dss");
 		buffer_put_string(&b, sigblob, SIGBLOB_LEN);
 		len = buffer_len(&b);
-		ret = xmalloc(len);
-		memcpy(ret, buffer_ptr(&b), len);
-		buffer_free(&b);
 		if (lenp != NULL)
 			*lenp = len;
-		if (sigp != NULL)
-			*sigp = ret;
-		else
-			xfree(ret);
+		if (sigp != NULL) {
+			*sigp = xmalloc(len);
+			memcpy(*sigp, buffer_ptr(&b), len);
+		}
+		buffer_free(&b);
 	}
 	return 0;
 }
 int
-ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
-    u_char *data, u_int datalen)
+ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+    const u_char *data, u_int datalen)
 {
 	DSA_SIG *sig;
 	const EVP_MD *evp_md = EVP_sha1();
@@ -124,7 +119,8 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
 
 	/* fetch signature */
 	if (datafellows & SSH_BUG_SIGBLOB) {
-		sigblob = signature;
+		sigblob = xmalloc(signaturelen);
+		memcpy(sigblob, signature, signaturelen);
 		len = signaturelen;
 	} else {
 		/* ietf-drafts */
@@ -164,10 +160,9 @@ ssh_dss_verify(Key *key, u_char *signature, u_int signaturelen,
 	BN_bin2bn(sigblob, INTBLOB_LEN, sig->r);
 	BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s);
 
-	if (!(datafellows & SSH_BUG_SIGBLOB)) {
-		memset(sigblob, 0, len);
-		xfree(sigblob);
-	}
+	/* clean up */
+	memset(sigblob, 0, len);
+	xfree(sigblob);
 
 	/* sha1 the data */
 	EVP_DigestInit(&md, evp_md);