Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 14b5c635d1190633b23ac3372379517fb645b0c2^! / . / ssh-dss.c
commit14b5c635d1190633b23ac3372379517fb645b0c2[log] [tgz]
authordjm@openbsd.org <djm@openbsd.org>Tue Jan 23 05:27:21 2018 +0000
committerDamien Miller <djm@mindrot.org>Tue Jan 23 16:40:29 2018 +1100
tree8ef70b4660b04ba6add4c314d52f84375cb16788
parent7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb [diff] [blame]
upstream commit

Drop compatibility hacks for some ancient SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*.

These versions were all released in or before 2001 and predate the
final SSH RFCs. The hacks in question aren't necessary for RFC-
compliant SSH implementations.

ok markus@

OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138

diff --git a/ssh-dss.c b/ssh-dss.c
index 7af59fa..cda498a 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.35 2016/04/21 06:08:02 djm Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.36 2018/01/23 05:27:21 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -86,38 +86,25 @@
 	BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
 	BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
 
-	if (compat & SSH_BUG_SIGBLOB) {
-		if (sigp != NULL) {
-			if ((*sigp = malloc(SIGBLOB_LEN)) == NULL) {
-				ret = SSH_ERR_ALLOC_FAIL;
-				goto out;
-			}
-			memcpy(*sigp, sigblob, SIGBLOB_LEN);
-		}
-		if (lenp != NULL)
-			*lenp = SIGBLOB_LEN;
-		ret = 0;
-	} else {
-		/* ietf-drafts */
-		if ((b = sshbuf_new()) == NULL) {
+	if ((b = sshbuf_new()) == NULL) {
+		ret = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
+	    (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
+		goto out;
+
+	len = sshbuf_len(b);
+	if (sigp != NULL) {
+		if ((*sigp = malloc(len)) == NULL) {
 			ret = SSH_ERR_ALLOC_FAIL;
 			goto out;
 		}
-		if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
-		    (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
-			goto out;
-		len = sshbuf_len(b);
-		if (sigp != NULL) {
-			if ((*sigp = malloc(len)) == NULL) {
-				ret = SSH_ERR_ALLOC_FAIL;
-				goto out;
-			}
-			memcpy(*sigp, sshbuf_ptr(b), len);
-		}
-		if (lenp != NULL)
-			*lenp = len;
-		ret = 0;
+		memcpy(*sigp, sshbuf_ptr(b), len);
 	}
+	if (lenp != NULL)
+		*lenp = len;
+	ret = 0;
  out:
 	explicit_bzero(digest, sizeof(digest));
 	if (sig != NULL)
@@ -146,28 +133,20 @@
 		return SSH_ERR_INTERNAL_ERROR;
 
 	/* fetch signature */
-	if (compat & SSH_BUG_SIGBLOB) {
-		if ((sigblob = malloc(signaturelen)) == NULL)
-			return SSH_ERR_ALLOC_FAIL;
-		memcpy(sigblob, signature, signaturelen);
-		len = signaturelen;
-	} else {
-		/* ietf-drafts */
-		if ((b = sshbuf_from(signature, signaturelen)) == NULL)
-			return SSH_ERR_ALLOC_FAIL;
-		if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
-		    sshbuf_get_string(b, &sigblob, &len) != 0) {
-			ret = SSH_ERR_INVALID_FORMAT;
-			goto out;
-		}
-		if (strcmp("ssh-dss", ktype) != 0) {
-			ret = SSH_ERR_KEY_TYPE_MISMATCH;
-			goto out;
-		}
-		if (sshbuf_len(b) != 0) {
-			ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
-			goto out;
-		}
+	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
+	    sshbuf_get_string(b, &sigblob, &len) != 0) {
+		ret = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	if (strcmp("ssh-dss", ktype) != 0) {
+		ret = SSH_ERR_KEY_TYPE_MISMATCH;
+		goto out;
+	}
+	if (sshbuf_len(b) != 0) {
+		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
+		goto out;
 	}
 
 	if (len != SIGBLOB_LEN) {