upstream commit

Drop compatibility hacks for some ancient SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The hacks in question aren't necessary for RFC- compliant SSH implementations. ok markus@ OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
author: djm@openbsd.org <djm@openbsd.org> 2018-01-23 05:27:21 +0000
committer: Damien Miller <djm@mindrot.org> 2018-01-23 16:40:29 +1100
commit: 14b5c635d1190633b23ac3372379517fb645b0c2 (patch)
tree: 8ef70b4660b04ba6add4c314d52f84375cb16788 /ssh-dss.c
parent: 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb (diff)
1 files changed, 30 insertions, 51 deletions
diff --git a/ssh-dss.c b/ssh-dss.c
index 7af59fa6e..cda498a87 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.36 2018/01/23 05:27:21 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -86,38 +86,25 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
        BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
        BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
-        if (compat & SSH_BUG_SIGBLOB) {
+        if ((b = sshbuf_new()) == NULL) {
-                if (sigp != NULL) {
+                ret = SSH_ERR_ALLOC_FAIL;
-                        if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) {
+                goto out;
-                                ret = SSH_ERR_ALLOC_FAIL;
+        }
-                                goto out;
+        if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
-                        }
+            (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
-                        memcpy(*sigp, sigblob, SIGBLOB_LEN);
+                goto out;
-                }
-                if (lenp != NULL)
+        len = sshbuf_len(b);
-                        *lenp = SIGBLOB_LEN;
+        if (sigp != NULL) {
-                ret = 0;
+                if ((*sigp = malloc(len)) == NULL) {
-        } else {
-                /* ietf-drafts */
-                if ((b = sshbuf_new()) == NULL) {
                        ret = SSH_ERR_ALLOC_FAIL;
                        goto out;
                }
-                if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
+                memcpy(*sigp, sshbuf_ptr(b), len);
-                    (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
-                        goto out;
-                len = sshbuf_len(b);
-                if (sigp != NULL) {
-                        if ((*sigp = malloc(len)) == NULL) {
-                                ret = SSH_ERR_ALLOC_FAIL;
-                                goto out;
-                        }
-                        memcpy(*sigp, sshbuf_ptr(b), len);
-                }
-                if (lenp != NULL)
-                        *lenp = len;
-                ret = 0;
        }
+        if (lenp != NULL)
+                *lenp = len;
+        ret = 0;
 out:
        explicit_bzero(digest, sizeof(digest));
        if (sig != NULL)
@@ -146,28 +133,20 @@ ssh_dss_verify(const struct sshkey *key,
                return SSH_ERR_INTERNAL_ERROR;
        /* fetch signature */
-        if (compat & SSH_BUG_SIGBLOB) {
+        if ((b = sshbuf_from(signature, signaturelen)) == NULL)
-                if ((sigblob = malloc(signaturelen)) == NULL)
+                return SSH_ERR_ALLOC_FAIL;
-                        return SSH_ERR_ALLOC_FAIL;
+        if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
-                memcpy(sigblob, signature, signaturelen);
+            sshbuf_get_string(b, &sigblob, &len) != 0) {
-                len = signaturelen;
+                ret = SSH_ERR_INVALID_FORMAT;
-        } else {
+                goto out;
-                /* ietf-drafts */
+        }
-                if ((b = sshbuf_from(signature, signaturelen)) == NULL)
+        if (strcmp("ssh-dss", ktype) != 0) {
-                        return SSH_ERR_ALLOC_FAIL;
+                ret = SSH_ERR_KEY_TYPE_MISMATCH;
-                if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
+                goto out;
-                    sshbuf_get_string(b, &sigblob, &len) != 0) {
+        }
-                        ret = SSH_ERR_INVALID_FORMAT;
+        if (sshbuf_len(b) != 0) {
-                        goto out;
+                ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
-                }
+                goto out;
-                if (strcmp("ssh-dss", ktype) != 0) {
-                        ret = SSH_ERR_KEY_TYPE_MISMATCH;
-                        goto out;
-                }
-                if (sshbuf_len(b) != 0) {
-                        ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
-                        goto out;
-                }
        }
        if (len != SIGBLOB_LEN) {
author	djm@openbsd.org <djm@openbsd.org>	2018-01-23 05:27:21 +0000
committer	Damien Miller <djm@mindrot.org>	2018-01-23 16:40:29 +1100
commit	14b5c635d1190633b23ac3372379517fb645b0c2 (patch)
tree	8ef70b4660b04ba6add4c314d52f84375cb16788 /ssh-dss.c
parent	7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb (diff)

diff --git a/ssh-dss.c b/ssh-dss.c index 7af59fa6e..cda498a87 100644 --- a/ssh-dss.c +++ b/ssh-dss.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */	1	/* $OpenBSD: ssh-dss.c,v 1.36 2018/01/23 05:27:21 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -86,38 +86,25 @@ ssh_dss_sign(const struct sshkey key, u_char sigp, size_t lenp,
86	BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);	86	BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
87	BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);	87	BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
88		88
89	if (compat & SSH_BUG_SIGBLOB) {	89	if ((b = sshbuf_new()) == NULL) {
90	if (sigp != NULL) {	90	ret = SSH_ERR_ALLOC_FAIL;
91	if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) {	91	goto out;
92	ret = SSH_ERR_ALLOC_FAIL;	92	}
93	goto out;	93	if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 \|\|
94	}	94	(ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
95	memcpy(*sigp, sigblob, SIGBLOB_LEN);	95	goto out;
96	}	96
97	if (lenp != NULL)	97	len = sshbuf_len(b);
98	*lenp = SIGBLOB_LEN;	98	if (sigp != NULL) {
99	ret = 0;	99	if ((*sigp = malloc(len)) == NULL) {
100	} else {
101	/* ietf-drafts */
102	if ((b = sshbuf_new()) == NULL) {
103	ret = SSH_ERR_ALLOC_FAIL;	100	ret = SSH_ERR_ALLOC_FAIL;
104	goto out;	101	goto out;
105	}	102	}
106	if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 \|\|	103	memcpy(*sigp, sshbuf_ptr(b), len);
107	(ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
108	goto out;
109	len = sshbuf_len(b);
110	if (sigp != NULL) {
111	if ((*sigp = malloc(len)) == NULL) {
112	ret = SSH_ERR_ALLOC_FAIL;
113	goto out;
114	}
115	memcpy(*sigp, sshbuf_ptr(b), len);
116	}
117	if (lenp != NULL)
118	*lenp = len;
119	ret = 0;
120	}	104	}
		105	if (lenp != NULL)
		106	*lenp = len;
		107	ret = 0;
121	out:	108	out:
122	explicit_bzero(digest, sizeof(digest));	109	explicit_bzero(digest, sizeof(digest));
123	if (sig != NULL)	110	if (sig != NULL)
@@ -146,28 +133,20 @@ ssh_dss_verify(const struct sshkey *key,
146	return SSH_ERR_INTERNAL_ERROR;	133	return SSH_ERR_INTERNAL_ERROR;
147		134
148	/* fetch signature */	135	/* fetch signature */
149	if (compat & SSH_BUG_SIGBLOB) {	136	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
150	if ((sigblob = malloc(signaturelen)) == NULL)	137	return SSH_ERR_ALLOC_FAIL;
151	return SSH_ERR_ALLOC_FAIL;	138	if (sshbuf_get_cstring(b, &ktype, NULL) != 0 \|\|
152	memcpy(sigblob, signature, signaturelen);	139	sshbuf_get_string(b, &sigblob, &len) != 0) {
153	len = signaturelen;	140	ret = SSH_ERR_INVALID_FORMAT;
154	} else {	141	goto out;
155	/* ietf-drafts */	142	}
156	if ((b = sshbuf_from(signature, signaturelen)) == NULL)	143	if (strcmp("ssh-dss", ktype) != 0) {
157	return SSH_ERR_ALLOC_FAIL;	144	ret = SSH_ERR_KEY_TYPE_MISMATCH;
158	if (sshbuf_get_cstring(b, &ktype, NULL) != 0 \|\|	145	goto out;
159	sshbuf_get_string(b, &sigblob, &len) != 0) {	146	}
160	ret = SSH_ERR_INVALID_FORMAT;	147	if (sshbuf_len(b) != 0) {
161	goto out;	148	ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
162	}	149	goto out;
163	if (strcmp("ssh-dss", ktype) != 0) {
164	ret = SSH_ERR_KEY_TYPE_MISMATCH;
165	goto out;
166	}
167	if (sshbuf_len(b) != 0) {
168	ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
169	goto out;
170	}
171	}	150	}
172		151
173	if (len != SIGBLOB_LEN) {	152	if (len != SIGBLOB_LEN) {