1 files changed, 11 insertions, 11 deletions
diff --git a/ssh-dss.c b/ssh-dss.c
index 96b1565d2..2366c2117 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -23,19 +23,16 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-dss.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: ssh-dss.c,v 1.4 2001/01/21 19:05:57 markus Exp $");
+#include <openssl/bn.h>
+#include <openssl/evp.h>
-#include "ssh.h"
 #include "xmalloc.h"
 #include "buffer.h"
 #include "bufaux.h"
 #include "compat.h"
+#include "log.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
-#include <openssl/evp.h>
 #include "key.h"
 #define INTBLOB_LEN     20
@@ -54,7 +51,7 @@ ssh_dss_sign(
        EVP_MD_CTX md;
        u_int rlen;
        u_int slen;
-        u_int len;
+        u_int len, dlen;
        u_char sigblob[SIGBLOB_LEN];
        Buffer b;
@@ -62,15 +59,18 @@ ssh_dss_sign(
                error("ssh_dss_sign: no DSA key");
                return -1;
        }
-        digest = xmalloc(evp_md->md_size);
+        dlen = evp_md->md_size;
+        digest = xmalloc(dlen);
        EVP_DigestInit(&md, evp_md);
        EVP_DigestUpdate(&md, data, datalen);
        EVP_DigestFinal(&md, digest, NULL);
-        sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);
+        sig = DSA_do_sign(digest, dlen, key->dsa);
        if (sig == NULL) {
                fatal("ssh_dss_sign: cannot sign");
        }
+        memset(digest, 0, dlen);
+        xfree(digest);
        rlen = BN_num_bytes(sig->r);
        slen = BN_num_bytes(sig->s);

diff --git a/ssh-dss.c b/ssh-dss.c index 96b1565d2..2366c2117 100644 --- a/ssh-dss.c +++ b/ssh-dss.c
@@ -23,19 +23,16 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: ssh-dss.c,v 1.2 2000/12/19 23:17:58 markus Exp $");	26	RCSID("$OpenBSD: ssh-dss.c,v 1.4 2001/01/21 19:05:57 markus Exp $");
		27
		28	#include <openssl/bn.h>
		29	#include <openssl/evp.h>
27		30
28	#include "ssh.h"
29	#include "xmalloc.h"	31	#include "xmalloc.h"
30	#include "buffer.h"	32	#include "buffer.h"
31	#include "bufaux.h"	33	#include "bufaux.h"
32	#include "compat.h"	34	#include "compat.h"
33		35	#include "log.h"
34	#include <openssl/bn.h>
35	#include <openssl/rsa.h>
36	#include <openssl/dsa.h>
37	#include <openssl/evp.h>
38
39	#include "key.h"	36	#include "key.h"
40		37
41	#define INTBLOB_LEN 20	38	#define INTBLOB_LEN 20
@@ -54,7 +51,7 @@ ssh_dss_sign(
54	EVP_MD_CTX md;	51	EVP_MD_CTX md;
55	u_int rlen;	52	u_int rlen;
56	u_int slen;	53	u_int slen;
57	u_int len;	54	u_int len, dlen;
58	u_char sigblob[SIGBLOB_LEN];	55	u_char sigblob[SIGBLOB_LEN];
59	Buffer b;	56	Buffer b;
60		57
@@ -62,15 +59,18 @@ ssh_dss_sign(
62	error("ssh_dss_sign: no DSA key");	59	error("ssh_dss_sign: no DSA key");
63	return -1;	60	return -1;
64	}	61	}
65	digest = xmalloc(evp_md->md_size);	62	dlen = evp_md->md_size;
		63	digest = xmalloc(dlen);
66	EVP_DigestInit(&md, evp_md);	64	EVP_DigestInit(&md, evp_md);
67	EVP_DigestUpdate(&md, data, datalen);	65	EVP_DigestUpdate(&md, data, datalen);
68	EVP_DigestFinal(&md, digest, NULL);	66	EVP_DigestFinal(&md, digest, NULL);
69		67
70	sig = DSA_do_sign(digest, evp_md->md_size, key->dsa);	68	sig = DSA_do_sign(digest, dlen, key->dsa);
71	if (sig == NULL) {	69	if (sig == NULL) {
72	fatal("ssh_dss_sign: cannot sign");	70	fatal("ssh_dss_sign: cannot sign");
73	}	71	}
		72	memset(digest, 0, dlen);
		73	xfree(digest);
74		74
75	rlen = BN_num_bytes(sig->r);	75	rlen = BN_num_bytes(sig->r);
76	slen = BN_num_bytes(sig->s);	76	slen = BN_num_bytes(sig->s);