ssh-dss.c (261320) | ssh-dss.c (263712) |
---|---|
1/* $OpenBSD: ssh-dss.c,v 1.30 2014/01/09 23:20:00 djm Exp $ */ | 1/* $OpenBSD: ssh-dss.c,v 1.31 2014/02/02 03:44:31 djm Exp $ */ |
2/* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. --- 50 unchanged lines hidden (view full) --- 60 61 if (ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, 62 digest, sizeof(digest)) != 0) { 63 error("%s: ssh_digest_memory failed", __func__); 64 return -1; 65 } 66 67 sig = DSA_do_sign(digest, dlen, key->dsa); | 2/* 3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. --- 50 unchanged lines hidden (view full) --- 60 61 if (ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, 62 digest, sizeof(digest)) != 0) { 63 error("%s: ssh_digest_memory failed", __func__); 64 return -1; 65 } 66 67 sig = DSA_do_sign(digest, dlen, key->dsa); |
68 memset(digest, 'd', sizeof(digest)); | 68 explicit_bzero(digest, sizeof(digest)); |
69 70 if (sig == NULL) { 71 error("ssh_dss_sign: sign failed"); 72 return -1; 73 } 74 75 rlen = BN_num_bytes(sig->r); 76 slen = BN_num_bytes(sig->s); 77 if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { 78 error("bad sig size %u %u", rlen, slen); 79 DSA_SIG_free(sig); 80 return -1; 81 } | 69 70 if (sig == NULL) { 71 error("ssh_dss_sign: sign failed"); 72 return -1; 73 } 74 75 rlen = BN_num_bytes(sig->r); 76 slen = BN_num_bytes(sig->s); 77 if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { 78 error("bad sig size %u %u", rlen, slen); 79 DSA_SIG_free(sig); 80 return -1; 81 } |
82 memset(sigblob, 0, SIGBLOB_LEN); | 82 explicit_bzero(sigblob, SIGBLOB_LEN); |
83 BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); 84 BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); 85 DSA_SIG_free(sig); 86 87 if (datafellows & SSH_BUG_SIGBLOB) { 88 if (lenp != NULL) 89 *lenp = SIGBLOB_LEN; 90 if (sigp != NULL) { --- 72 unchanged lines hidden (view full) --- 163 fatal("%s: BN_new failed", __func__); 164 if ((sig->s = BN_new()) == NULL) 165 fatal("ssh_dss_verify: BN_new failed"); 166 if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || 167 (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) 168 fatal("%s: BN_bin2bn failed", __func__); 169 170 /* clean up */ | 83 BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); 84 BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); 85 DSA_SIG_free(sig); 86 87 if (datafellows & SSH_BUG_SIGBLOB) { 88 if (lenp != NULL) 89 *lenp = SIGBLOB_LEN; 90 if (sigp != NULL) { --- 72 unchanged lines hidden (view full) --- 163 fatal("%s: BN_new failed", __func__); 164 if ((sig->s = BN_new()) == NULL) 165 fatal("ssh_dss_verify: BN_new failed"); 166 if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || 167 (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) 168 fatal("%s: BN_bin2bn failed", __func__); 169 170 /* clean up */ |
171 memset(sigblob, 0, len); | 171 explicit_bzero(sigblob, len); |
172 free(sigblob); 173 174 /* sha1 the data */ 175 if (ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, 176 digest, sizeof(digest)) != 0) { 177 error("%s: digest_memory failed", __func__); 178 return -1; 179 } 180 181 ret = DSA_do_verify(digest, dlen, sig, key->dsa); | 172 free(sigblob); 173 174 /* sha1 the data */ 175 if (ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, 176 digest, sizeof(digest)) != 0) { 177 error("%s: digest_memory failed", __func__); 178 return -1; 179 } 180 181 ret = DSA_do_verify(digest, dlen, sig, key->dsa); |
182 memset(digest, 'd', sizeof(digest)); | 182 explicit_bzero(digest, sizeof(digest)); |
183 184 DSA_SIG_free(sig); 185 186 debug("%s: signature %s", __func__, 187 ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); 188 return ret; 189} | 183 184 DSA_SIG_free(sig); 185 186 debug("%s: signature %s", __func__, 187 ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); 188 return ret; 189} |