=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-dss.c,v retrieving revision 1.6 retrieving revision 1.6.6.2 diff -u -r1.6 -r1.6.6.2 --- src/usr.bin/ssh/ssh-dss.c 2001/02/08 19:30:52 1.6 +++ src/usr.bin/ssh/ssh-dss.c 2001/11/15 22:51:15 1.6.6.2 @@ -23,7 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-dss.c,v 1.6 2001/02/08 19:30:52 itojun Exp $"); +RCSID("$OpenBSD: ssh-dss.c,v 1.6.6.2 2001/11/15 22:51:15 miod Exp $"); #include #include @@ -45,15 +45,11 @@ u_char **sigp, int *lenp, u_char *data, int datalen) { - u_char *digest; - u_char *ret; DSA_SIG *sig; EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; - u_int rlen; - u_int slen; - u_int len, dlen; - u_char sigblob[SIGBLOB_LEN]; + u_char *digest, *ret, sigblob[SIGBLOB_LEN]; + u_int rlen, slen, len, dlen; Buffer b; if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { @@ -67,11 +63,13 @@ EVP_DigestFinal(&md, digest, NULL); sig = DSA_do_sign(digest, dlen, key->dsa); - if (sig == NULL) { - fatal("ssh_dss_sign: cannot sign"); - } + memset(digest, 0, dlen); xfree(digest); + if (sig == NULL) { + error("ssh_dss_sign: sign failed"); + return -1; + } rlen = BN_num_bytes(sig->r); slen = BN_num_bytes(sig->s); @@ -80,15 +78,12 @@ DSA_SIG_free(sig); return -1; } - debug("sig size %d %d", rlen, slen); - memset(sigblob, 0, SIGBLOB_LEN); BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); DSA_SIG_free(sig); if (datafellows & SSH_BUG_SIGBLOB) { - debug("datafellows"); ret = xmalloc(SIGBLOB_LEN); memcpy(ret, sigblob, SIGBLOB_LEN); if (lenp != NULL) @@ -117,34 +112,19 @@ u_char *signature, int signaturelen, u_char *data, int datalen) { - Buffer b; - u_char *digest; DSA_SIG *sig; EVP_MD *evp_md = EVP_sha1(); EVP_MD_CTX md; - u_char *sigblob; - char *txt; + u_char *digest, *sigblob; u_int len, dlen; - int rlen; - int ret; + int rlen, ret; + Buffer b; if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { error("ssh_dss_verify: no DSA key"); return -1; } - if (!(datafellows & SSH_BUG_SIGBLOB) && - signaturelen == SIGBLOB_LEN) { - datafellows |= ~SSH_BUG_SIGBLOB; - log("autodetect SSH_BUG_SIGBLOB"); - } else if ((datafellows & SSH_BUG_SIGBLOB) && - signaturelen != SIGBLOB_LEN) { - log("autoremove SSH_BUG_SIGBLOB"); - datafellows &= ~SSH_BUG_SIGBLOB; - } - - debug("len %d datafellows %d", signaturelen, datafellows); - /* fetch signature */ if (datafellows & SSH_BUG_SIGBLOB) { sigblob = signature; @@ -153,22 +133,24 @@ /* ietf-drafts */ char *ktype; buffer_init(&b); - buffer_append(&b, (char *) signature, signaturelen); + buffer_append(&b, signature, signaturelen); ktype = buffer_get_string(&b, NULL); if (strcmp("ssh-dss", ktype) != 0) { error("ssh_dss_verify: cannot handle type %s", ktype); buffer_free(&b); + xfree(ktype); return -1; } - sigblob = (u_char *)buffer_get_string(&b, &len); + xfree(ktype); + sigblob = buffer_get_string(&b, &len); rlen = buffer_len(&b); + buffer_free(&b); if(rlen != 0) { - error("remaining bytes in signature %d", rlen); - buffer_free(&b); + error("ssh_dss_verify: " + "remaining bytes in signature %d", rlen); + xfree(sigblob); return -1; } - buffer_free(&b); - xfree(ktype); } if (len != SIGBLOB_LEN) { @@ -200,18 +182,7 @@ xfree(digest); DSA_SIG_free(sig); - switch (ret) { - case 1: - txt = "correct"; - break; - case 0: - txt = "incorrect"; - break; - case -1: - default: - txt = "error"; - break; - } - debug("ssh_dss_verify: signature %s", txt); + debug("ssh_dss_verify: signature %s", + ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); return ret; }