1 files changed, 32 insertions, 55 deletions
diff --git a/ssh-dss.c b/ssh-dss.c
index 7af59fa6e..9f832ee2b 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.37 2018/02/07 02:06:51 jsing Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@@ -86,42 +86,28 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
        BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
        BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
-        if (compat & SSH_BUG_SIGBLOB) {
+        if ((b = sshbuf_new()) == NULL) {
-                if (sigp != NULL) {
+                ret = SSH_ERR_ALLOC_FAIL;
-                        if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) {
+                goto out;
-                                ret = SSH_ERR_ALLOC_FAIL;
+        }
-                                goto out;
+        if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
-                        }
+            (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
-                        memcpy(*sigp, sigblob, SIGBLOB_LEN);
+                goto out;
-                }
-                if (lenp != NULL)
+        len = sshbuf_len(b);
-                        *lenp = SIGBLOB_LEN;
+        if (sigp != NULL) {
-                ret = 0;
+                if ((*sigp = malloc(len)) == NULL) {
-        } else {
-                /* ietf-drafts */
-                if ((b = sshbuf_new()) == NULL) {
                        ret = SSH_ERR_ALLOC_FAIL;
                        goto out;
                }
-                if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
+                memcpy(*sigp, sshbuf_ptr(b), len);
-                    (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
-                        goto out;
-                len = sshbuf_len(b);
-                if (sigp != NULL) {
-                        if ((*sigp = malloc(len)) == NULL) {
-                                ret = SSH_ERR_ALLOC_FAIL;
-                                goto out;
-                        }
-                        memcpy(*sigp, sshbuf_ptr(b), len);
-                }
-                if (lenp != NULL)
-                        *lenp = len;
-                ret = 0;
        }
+        if (lenp != NULL)
+                *lenp = len;
+        ret = 0;
 out:
        explicit_bzero(digest, sizeof(digest));
-        if (sig != NULL)
+        DSA_SIG_free(sig);
-                DSA_SIG_free(sig);
        sshbuf_free(b);
        return ret;
 }
@@ -146,28 +132,20 @@ ssh_dss_verify(const struct sshkey *key,
                return SSH_ERR_INTERNAL_ERROR;
        /* fetch signature */
-        if (compat & SSH_BUG_SIGBLOB) {
+        if ((b = sshbuf_from(signature, signaturelen)) == NULL)
-                if ((sigblob = malloc(signaturelen)) == NULL)
+                return SSH_ERR_ALLOC_FAIL;
-                        return SSH_ERR_ALLOC_FAIL;
+        if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
-                memcpy(sigblob, signature, signaturelen);
+            sshbuf_get_string(b, &sigblob, &len) != 0) {
-                len = signaturelen;
+                ret = SSH_ERR_INVALID_FORMAT;
-        } else {
+                goto out;
-                /* ietf-drafts */
+        }
-                if ((b = sshbuf_from(signature, signaturelen)) == NULL)
+        if (strcmp("ssh-dss", ktype) != 0) {
-                        return SSH_ERR_ALLOC_FAIL;
+                ret = SSH_ERR_KEY_TYPE_MISMATCH;
-                if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
+                goto out;
-                    sshbuf_get_string(b, &sigblob, &len) != 0) {
+        }
-                        ret = SSH_ERR_INVALID_FORMAT;
+        if (sshbuf_len(b) != 0) {
-                        goto out;
+                ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
-                }
+                goto out;
-                if (strcmp("ssh-dss", ktype) != 0) {
-                        ret = SSH_ERR_KEY_TYPE_MISMATCH;
-                        goto out;
-                }
-                if (sshbuf_len(b) != 0) {
-                        ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
-                        goto out;
-                }
        }
        if (len != SIGBLOB_LEN) {
@@ -207,8 +185,7 @@ ssh_dss_verify(const struct sshkey *key,
 out:
        explicit_bzero(digest, sizeof(digest));
-        if (sig != NULL)
+        DSA_SIG_free(sig);
-                DSA_SIG_free(sig);
        sshbuf_free(b);
        free(ktype);
        if (sigblob != NULL) {

diff --git a/ssh-dss.c b/ssh-dss.c index 7af59fa6e..9f832ee2b 100644 --- a/ssh-dss.c +++ b/ssh-dss.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */	1	/* $OpenBSD: ssh-dss.c,v 1.37 2018/02/07 02:06:51 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	*	4	*
@@ -86,42 +86,28 @@ ssh_dss_sign(const struct sshkey key, u_char sigp, size_t lenp,
86	BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);	86	BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
87	BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);	87	BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
88		88
89	if (compat & SSH_BUG_SIGBLOB) {	89	if ((b = sshbuf_new()) == NULL) {
90	if (sigp != NULL) {	90	ret = SSH_ERR_ALLOC_FAIL;
91	if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) {	91	goto out;
92	ret = SSH_ERR_ALLOC_FAIL;	92	}
93	goto out;	93	if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 \|\|
94	}	94	(ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
95	memcpy(*sigp, sigblob, SIGBLOB_LEN);	95	goto out;
96	}	96
97	if (lenp != NULL)	97	len = sshbuf_len(b);
98	*lenp = SIGBLOB_LEN;	98	if (sigp != NULL) {
99	ret = 0;	99	if ((*sigp = malloc(len)) == NULL) {
100	} else {
101	/* ietf-drafts */
102	if ((b = sshbuf_new()) == NULL) {
103	ret = SSH_ERR_ALLOC_FAIL;	100	ret = SSH_ERR_ALLOC_FAIL;
104	goto out;	101	goto out;
105	}	102	}
106	if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 \|\|	103	memcpy(*sigp, sshbuf_ptr(b), len);
107	(ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
108	goto out;
109	len = sshbuf_len(b);
110	if (sigp != NULL) {
111	if ((*sigp = malloc(len)) == NULL) {
112	ret = SSH_ERR_ALLOC_FAIL;
113	goto out;
114	}
115	memcpy(*sigp, sshbuf_ptr(b), len);
116	}
117	if (lenp != NULL)
118	*lenp = len;
119	ret = 0;
120	}	104	}
		105	if (lenp != NULL)
		106	*lenp = len;
		107	ret = 0;
121	out:	108	out:
122	explicit_bzero(digest, sizeof(digest));	109	explicit_bzero(digest, sizeof(digest));
123	if (sig != NULL)	110	DSA_SIG_free(sig);
124	DSA_SIG_free(sig);
125	sshbuf_free(b);	111	sshbuf_free(b);
126	return ret;	112	return ret;
127	}	113	}
@@ -146,28 +132,20 @@ ssh_dss_verify(const struct sshkey *key,
146	return SSH_ERR_INTERNAL_ERROR;	132	return SSH_ERR_INTERNAL_ERROR;
147		133
148	/* fetch signature */	134	/* fetch signature */
149	if (compat & SSH_BUG_SIGBLOB) {	135	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
150	if ((sigblob = malloc(signaturelen)) == NULL)	136	return SSH_ERR_ALLOC_FAIL;
151	return SSH_ERR_ALLOC_FAIL;	137	if (sshbuf_get_cstring(b, &ktype, NULL) != 0 \|\|
152	memcpy(sigblob, signature, signaturelen);	138	sshbuf_get_string(b, &sigblob, &len) != 0) {
153	len = signaturelen;	139	ret = SSH_ERR_INVALID_FORMAT;
154	} else {	140	goto out;
155	/* ietf-drafts */	141	}
156	if ((b = sshbuf_from(signature, signaturelen)) == NULL)	142	if (strcmp("ssh-dss", ktype) != 0) {
157	return SSH_ERR_ALLOC_FAIL;	143	ret = SSH_ERR_KEY_TYPE_MISMATCH;
158	if (sshbuf_get_cstring(b, &ktype, NULL) != 0 \|\|	144	goto out;
159	sshbuf_get_string(b, &sigblob, &len) != 0) {	145	}
160	ret = SSH_ERR_INVALID_FORMAT;	146	if (sshbuf_len(b) != 0) {
161	goto out;	147	ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
162	}	148	goto out;
163	if (strcmp("ssh-dss", ktype) != 0) {
164	ret = SSH_ERR_KEY_TYPE_MISMATCH;
165	goto out;
166	}
167	if (sshbuf_len(b) != 0) {
168	ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
169	goto out;
170	}
171	}	149	}
172		150
173	if (len != SIGBLOB_LEN) {	151	if (len != SIGBLOB_LEN) {
@@ -207,8 +185,7 @@ ssh_dss_verify(const struct sshkey *key,
207		185
208	out:	186	out:
209	explicit_bzero(digest, sizeof(digest));	187	explicit_bzero(digest, sizeof(digest));
210	if (sig != NULL)	188	DSA_SIG_free(sig);
211	DSA_SIG_free(sig);
212	sshbuf_free(b);	189	sshbuf_free(b);
213	free(ktype);	190	free(ktype);
214	if (sigblob != NULL) {	191	if (sigblob != NULL) {