From 30c3d429306bb4afe71c18db92816b981f7b6d9d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 9 May 2000 11:02:59 +1000 Subject: - OpenBSD CVS update - markus@cvs.openbsd.org [cipher.h myproposal.h readconf.c readconf.h servconf.c ssh.1 ssh.c] [ssh.h sshconnect1.c sshconnect2.c sshd.8] - complain about invalid ciphers in SSH1 (e.g. arcfour is SSH2 only) - hugh@cvs.openbsd.org [ssh.1] - zap typo [ssh-keygen.1] - One last nit fix. (markus approved) [sshd.8] - some markus certified spelling adjustments - markus@cvs.openbsd.org [auth2.c channels.c clientloop.c compat compat.h dsa.c kex.c] [sshconnect2.c ] - bug compat w/ ssh-2.0.13 x11, split out bugs [nchan.c] - no drain if ibuf_empty, fixes x11fwd problems; tests by fries@ [ssh-keygen.c] - handle escapes in real and original key format, ok millert@ [version.h] - OpenSSH-2.1 --- dsa.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) (limited to 'dsa.c') diff --git a/dsa.c b/dsa.c index 58059080..51d7ff28 100644 --- a/dsa.c +++ b/dsa.c @@ -28,7 +28,7 @@ */ #include "includes.h" -RCSID("$Id: dsa.c,v 1.6 2000/05/04 22:37:59 markus Exp $"); +RCSID("$Id: dsa.c,v 1.7 2000/05/08 17:42:24 markus Exp $"); #include "ssh.h" #include "xmalloc.h" @@ -162,7 +162,7 @@ dsa_sign( BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); DSA_SIG_free(sig); - if (datafellows) { + if (datafellows & SSH_BUG_SIGBLOB) { debug("datafellows"); ret = xmalloc(SIGBLOB_LEN); memcpy(ret, sigblob, SIGBLOB_LEN); @@ -209,15 +209,20 @@ dsa_verify( return -1; } - if (datafellows && signaturelen != SIGBLOB_LEN) { - log("heh? datafellows ssh2 complies with ietf-drafts????"); - datafellows = 0; + if (!(datafellows & SSH_BUG_SIGBLOB) && + signaturelen == SIGBLOB_LEN) { + datafellows |= ~SSH_BUG_SIGBLOB; + log("autodetect SSH_BUG_SIGBLOB"); + } else if ((datafellows & SSH_BUG_SIGBLOB) && + signaturelen != SIGBLOB_LEN) { + log("autoremove SSH_BUG_SIGBLOB"); + datafellows &= ~SSH_BUG_SIGBLOB; } debug("len %d datafellows %d", signaturelen, datafellows); /* fetch signature */ - if (datafellows) { + if (datafellows & SSH_BUG_SIGBLOB) { sigblob = signature; len = signaturelen; } else { @@ -242,7 +247,8 @@ dsa_verify( sig->s = BN_new(); BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); - if (!datafellows) { + + if (!(datafellows & SSH_BUG_SIGBLOB)) { memset(sigblob, 0, len); xfree(sigblob); } -- cgit v1.2.3