Mercurial > dropbear

comparison dss.c @ 640:76097ec1a29a dropbear-tfm

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
- Bring in original tomsfastmath patch against 0.52 from Peter Turczak in 2008
author Matt Johnston <matt@ucc.asn.au>
date Mon, 21 Nov 2011 19:19:57 +0800
parents a124aff0cbf1
children 2b1bb792cd4d
comparison
equal deleted inserted replaced
518:ce104c8b0be1 640:76097ec1a29a
45 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ 45 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
46 int buf_get_dss_pub_key(buffer* buf, dss_key *key) { 46 int buf_get_dss_pub_key(buffer* buf, dss_key *key) {
47 47
48 TRACE(("enter buf_get_dss_pub_key")) 48 TRACE(("enter buf_get_dss_pub_key"))
49 dropbear_assert(key != NULL); 49 dropbear_assert(key != NULL);
50 key->p = m_malloc(sizeof(mp_int)); 50 key->p = m_malloc(sizeof(fp_int));
51 key->q = m_malloc(sizeof(mp_int)); 51 key->q = m_malloc(sizeof(fp_int));
52 key->g = m_malloc(sizeof(mp_int)); 52 key->g = m_malloc(sizeof(fp_int));
53 key->y = m_malloc(sizeof(mp_int)); 53 key->y = m_malloc(sizeof(fp_int));
54 m_mp_init_multi(key->p, key->q, key->g, key->y, NULL); 54 fp_init(key->p);
55 fp_init(key->q);
56 fp_init(key->g);
57 fp_init(key->y);
55 key->x = NULL; 58 key->x = NULL;
56 59
57 buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */ 60 buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */
58 if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE 61 if (buf_getfpint(buf, key->p) == DROPBEAR_FAILURE
59 || buf_getmpint(buf, key->q) == DROPBEAR_FAILURE 62 || buf_getfpint(buf, key->q) == DROPBEAR_FAILURE
60 || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE 63 || buf_getfpint(buf, key->g) == DROPBEAR_FAILURE
61 || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) { 64 || buf_getfpint(buf, key->y) == DROPBEAR_FAILURE) {
62 TRACE(("leave buf_get_dss_pub_key: failed reading mpints")) 65 TRACE(("leave buf_get_dss_pub_key: failed reading fpints"))
63 return DROPBEAR_FAILURE; 66 return DROPBEAR_FAILURE;
64 } 67 }
65 68
66 if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) { 69 if (fp_count_bits(key->p) < MIN_DSS_KEYLEN) {
67 dropbear_log(LOG_WARNING, "DSS key too short"); 70 dropbear_log(LOG_WARNING, "DSS key too short");
68 TRACE(("leave buf_get_dss_pub_key: short key")) 71 TRACE(("leave buf_get_dss_pub_key: short key"))
69 return DROPBEAR_FAILURE; 72 return DROPBEAR_FAILURE;
70 } 73 }
71 74
85 ret = buf_get_dss_pub_key(buf, key); 88 ret = buf_get_dss_pub_key(buf, key);
86 if (ret == DROPBEAR_FAILURE) { 89 if (ret == DROPBEAR_FAILURE) {
87 return DROPBEAR_FAILURE; 90 return DROPBEAR_FAILURE;
88 } 91 }
89 92
90 key->x = m_malloc(sizeof(mp_int)); 93 key->x = m_malloc(sizeof(fp_int));
91 m_mp_init(key->x); 94 m_fp_init(key->x);
92 ret = buf_getmpint(buf, key->x); 95 ret = buf_getfpint(buf, key->x);
93 if (ret == DROPBEAR_FAILURE) { 96 if (ret == DROPBEAR_FAILURE) {
94 m_free(key->x); 97 m_free(key->x);
95 } 98 }
96 99
97 return ret; 100 return ret;
105 if (key == NULL) { 108 if (key == NULL) {
106 TRACE(("enter dsa_key_free: key == NULL")) 109 TRACE(("enter dsa_key_free: key == NULL"))
107 return; 110 return;
108 } 111 }
109 if (key->p) { 112 if (key->p) {
110 mp_clear(key->p); 113 fp_zero(key->p);
111 m_free(key->p); 114 m_free(key->p);
112 } 115 }
113 if (key->q) { 116 if (key->q) {
114 mp_clear(key->q); 117 fp_zero(key->q);
115 m_free(key->q); 118 m_free(key->q);
116 } 119 }
117 if (key->g) { 120 if (key->g) {
118 mp_clear(key->g); 121 fp_zero(key->g);
119 m_free(key->g); 122 m_free(key->g);
120 } 123 }
121 if (key->y) { 124 if (key->y) {
122 mp_clear(key->y); 125 fp_zero(key->y);
123 m_free(key->y); 126 m_free(key->y);
124 } 127 }
125 if (key->x) { 128 if (key->x) {
126 mp_clear(key->x); 129 fp_zero(key->x);
127 m_free(key->x); 130 m_free(key->x);
128 } 131 }
129 m_free(key); 132 m_free(key);
130 TRACE(("leave dsa_key_free")) 133 TRACE(("leave dsa_key_free"))
131 } 134 }
132 135
133 /* put the dss public key into the buffer in the required format: 136 /* put the dss public key into the buffer in the required format:
134 * 137 *
135 * string "ssh-dss" 138 * string "ssh-dss"
136 * mpint p 139 * fpint p
137 * mpint q 140 * fpint q
138 * mpint g 141 * fpint g
139 * mpint y 142 * fpint y
140 */ 143 */
141 void buf_put_dss_pub_key(buffer* buf, dss_key *key) { 144 void buf_put_dss_pub_key(buffer* buf, dss_key *key) {
142 145
143 dropbear_assert(key != NULL); 146 dropbear_assert(key != NULL);
144 buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); 147 buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
145 buf_putmpint(buf, key->p); 148 buf_putfpint(buf, key->p);
146 buf_putmpint(buf, key->q); 149 buf_putfpint(buf, key->q);
147 buf_putmpint(buf, key->g); 150 buf_putfpint(buf, key->g);
148 buf_putmpint(buf, key->y); 151 buf_putfpint(buf, key->y);
149 152
150 } 153 }
151 154
152 /* Same as buf_put_dss_pub_key, but with the private "x" key appended */ 155 /* Same as buf_put_dss_pub_key, but with the private "x" key appended */
153 void buf_put_dss_priv_key(buffer* buf, dss_key *key) { 156 void buf_put_dss_priv_key(buffer* buf, dss_key *key) {
154 157
155 dropbear_assert(key != NULL); 158 dropbear_assert(key != NULL);
156 buf_put_dss_pub_key(buf, key); 159 buf_put_dss_pub_key(buf, key);
157 buf_putmpint(buf, key->x); 160 buf_putfpint(buf, key->x);
158 161
159 } 162 }
160 163
161 #ifdef DROPBEAR_SIGNKEY_VERIFY 164 #ifdef DROPBEAR_SIGNKEY_VERIFY
162 /* Verify a DSS signature (in buf) made on data by the key given. 165 /* Verify a DSS signature (in buf) made on data by the key given.
165 unsigned int len) { 168 unsigned int len) {
166 169
167 unsigned char msghash[SHA1_HASH_SIZE]; 170 unsigned char msghash[SHA1_HASH_SIZE];
168 hash_state hs; 171 hash_state hs;
169 int ret = DROPBEAR_FAILURE; 172 int ret = DROPBEAR_FAILURE;
170 DEF_MP_INT(val1); 173 DEF_FP_INT(val1);
171 DEF_MP_INT(val2); 174 DEF_FP_INT(val2);
172 DEF_MP_INT(val3); 175 DEF_FP_INT(val3);
173 DEF_MP_INT(val4); 176 DEF_FP_INT(val4);
174 char * string = NULL; 177 char * string = NULL;
175 int stringlen; 178 int stringlen;
176 179
177 TRACE(("enter buf_dss_verify")) 180 TRACE(("enter buf_dss_verify"))
178 dropbear_assert(key != NULL); 181 dropbear_assert(key != NULL);
179 182
180 m_mp_init_multi(&val1, &val2, &val3, &val4, NULL); 183 fp_init(&val1);
184 fp_init(&val2);
185 fp_init(&val3);
186 fp_init(&val4);
181 187
182 /* get blob, check length */ 188 /* get blob, check length */
183 string = buf_getstring(buf, &stringlen); 189 string = buf_getstring(buf, &stringlen);
184 if (stringlen != 2*SHA1_HASH_SIZE) { 190 if (stringlen != 2*SHA1_HASH_SIZE) {
185 goto out; 191 goto out;
191 sha1_done(&hs, msghash); 197 sha1_done(&hs, msghash);
192 198
193 /* create the signature - s' and r' are the received signatures in buf */ 199 /* create the signature - s' and r' are the received signatures in buf */
194 /* w = (s')-1 mod q */ 200 /* w = (s')-1 mod q */
195 /* let val1 = s' */ 201 /* let val1 = s' */
196 bytes_to_mp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE); 202 bytes_to_fp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE);
197 203
198 if (mp_cmp(&val1, key->q) != MP_LT) { 204 if (fp_cmp(&val1, key->q) != FP_LT) {
199 TRACE(("verify failed, s' >= q")) 205 TRACE(("verify failed, s' >= q"))
200 goto out; 206 goto out;
201 } 207 }
202 /* let val2 = w = (s')^-1 mod q*/ 208 /* let val2 = w = (s')^-1 mod q*/
203 if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) { 209 if (fp_invmod(&val1, key->q, &val2) != FP_OKAY) {
204 goto out; 210 goto out;
205 } 211 }
206 212
207 /* u1 = ((SHA(M')w) mod q */ 213 /* u1 = ((SHA(M')w) mod q */
208 /* let val1 = SHA(M') = msghash */ 214 /* let val1 = SHA(M') = msghash */
209 bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE); 215 bytes_to_fp(&val1, msghash, SHA1_HASH_SIZE);
210 216
211 /* let val3 = u1 = ((SHA(M')w) mod q */ 217 /* let val3 = u1 = ((SHA(M')w) mod q */
212 if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) { 218 if (fp_mulmod(&val1, &val2, key->q, &val3) != FP_OKAY) {
213 goto out; 219 goto out;
214 } 220 }
215 221
216 /* u2 = ((r')w) mod q */ 222 /* u2 = ((r')w) mod q */
217 /* let val1 = r' */ 223 /* let val1 = r' */
218 bytes_to_mp(&val1, &string[0], SHA1_HASH_SIZE); 224 bytes_to_fp(&val1, &string[0], SHA1_HASH_SIZE);
219 if (mp_cmp(&val1, key->q) != MP_LT) { 225 if (fp_cmp(&val1, key->q) != FP_LT) {
220 TRACE(("verify failed, r' >= q")) 226 TRACE(("verify failed, r' >= q"))
221 goto out; 227 goto out;
222 } 228 }
223 /* let val4 = u2 = ((r')w) mod q */ 229 /* let val4 = u2 = ((r')w) mod q */
224 if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) { 230 if (fp_mulmod(&val1, &val2, key->q, &val4) != FP_OKAY) {
225 goto out; 231 goto out;
226 } 232 }
227 233
228 /* v = (((g)^u1 (y)^u2) mod p) mod q */ 234 /* v = (((g)^u1 (y)^u2) mod p) mod q */
229 /* val2 = g^u1 mod p */ 235 /* val2 = g^u1 mod p */
230 if (mp_exptmod(key->g, &val3, key->p, &val2) != MP_OKAY) { 236 if (fp_exptmod(key->g, &val3, key->p, &val2) != FP_OKAY) {
231 goto out; 237 goto out;
232 } 238 }
233 /* val3 = y^u2 mod p */ 239 /* val3 = y^u2 mod p */
234 if (mp_exptmod(key->y, &val4, key->p, &val3) != MP_OKAY) { 240 if (fp_exptmod(key->y, &val4, key->p, &val3) != FP_OKAY) {
235 goto out; 241 goto out;
236 } 242 }
237 /* val4 = ((g)^u1 (y)^u2) mod p */ 243 /* val4 = ((g)^u1 (y)^u2) mod p */
238 if (mp_mulmod(&val2, &val3, key->p, &val4) != MP_OKAY) { 244 if (fp_mulmod(&val2, &val3, key->p, &val4) != FP_OKAY) {
239 goto out; 245 goto out;
240 } 246 }
241 /* val2 = v = (((g)^u1 (y)^u2) mod p) mod q */ 247 /* val2 = v = (((g)^u1 (y)^u2) mod p) mod q */
242 if (mp_mod(&val4, key->q, &val2) != MP_OKAY) { 248 if (fp_mod(&val4, key->q, &val2) != FP_OKAY) {
243 goto out; 249 goto out;
244 } 250 }
245 251
246 /* check whether signatures verify */ 252 /* check whether signatures verify */
247 if (mp_cmp(&val2, &val1) == MP_EQ) { 253 if (fp_cmp(&val2, &val1) == FP_EQ) {
248 /* good sig */ 254 /* good sig */
249 ret = DROPBEAR_SUCCESS; 255 ret = DROPBEAR_SUCCESS;
250 } 256 }
251 257
252 out: 258 out:
253 mp_clear_multi(&val1, &val2, &val3, &val4, NULL); 259 m_fp_zero_multi(&val1, &val2, &val3, &val4, NULL);
254 m_free(string); 260 m_free(string);
255 261
256 return ret; 262 return ret;
257 263
258 } 264 }
260 266
261 #ifdef DSS_PROTOK 267 #ifdef DSS_PROTOK
262 /* convert an unsigned mp into an array of bytes, malloced. 268 /* convert an unsigned mp into an array of bytes, malloced.
263 * This array must be freed after use, len contains the length of the array, 269 * This array must be freed after use, len contains the length of the array,
264 * if len != NULL */ 270 * if len != NULL */
265 static unsigned char* mptobytes(mp_int *mp, int *len) { 271 static unsigned char* fptobytes(fp_int *mp, int *len) {
266 272
267 unsigned char* ret; 273 unsigned char* ret;
268 int size; 274 int size;
269 275
270 size = mp_unsigned_bin_size(mp); 276 size = fp_unsigned_bin_size(mp);
271 ret = m_malloc(size); 277 ret = m_malloc(size);
272 if (mp_to_unsigned_bin(mp, ret) != MP_OKAY) { 278 fp_to_unsigned_bin(mp, ret);
273 dropbear_exit("mem alloc error");
274 }
275 if (len != NULL) { 279 if (len != NULL) {
276 *len = size; 280 *len = size;
277 } 281 }
278 return ret; 282 return ret;
279 } 283 }
300 unsigned int i; 304 unsigned int i;
301 #ifdef DSS_PROTOK 305 #ifdef DSS_PROTOK
302 unsigned char privkeyhash[SHA512_HASH_SIZE]; 306 unsigned char privkeyhash[SHA512_HASH_SIZE];
303 unsigned char *privkeytmp; 307 unsigned char *privkeytmp;
304 unsigned char proto_k[SHA512_HASH_SIZE]; 308 unsigned char proto_k[SHA512_HASH_SIZE];
305 DEF_MP_INT(dss_protok); 309 DEF_FP_INT(dss_protok);
306 #endif 310 #endif
307 DEF_MP_INT(dss_k); 311 DEF_FP_INT(dss_k);
308 DEF_MP_INT(dss_m); 312 DEF_FP_INT(dss_m);
309 DEF_MP_INT(dss_temp1); 313 DEF_FP_INT(dss_temp1);
310 DEF_MP_INT(dss_temp2); 314 DEF_FP_INT(dss_temp2);
311 DEF_MP_INT(dss_r); 315 DEF_FP_INT(dss_r);
312 DEF_MP_INT(dss_s); 316 DEF_FP_INT(dss_s);
313 hash_state hs; 317 hash_state hs;
314 318
315 TRACE(("enter buf_put_dss_sign")) 319 TRACE(("enter buf_put_dss_sign"))
316 dropbear_assert(key != NULL); 320 dropbear_assert(key != NULL);
317 321
318 /* hash the data */ 322 /* hash the data */
319 sha1_init(&hs); 323 sha1_init(&hs);
320 sha1_process(&hs, data, len); 324 sha1_process(&hs, data, len);
321 sha1_done(&hs, msghash); 325 sha1_done(&hs, msghash);
322 326
323 m_mp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s, 327 m_fp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
324 &dss_m, NULL); 328 &dss_m, NULL);
325 #ifdef DSS_PROTOK 329 #ifdef DSS_PROTOK
326 /* hash the privkey */ 330 /* hash the privkey */
327 privkeytmp = mptobytes(key->x, &i); 331 privkeytmp = fptobytes(key->x, &i);
328 sha512_init(&hs); 332 sha512_init(&hs);
329 sha512_process(&hs, "the quick brown fox jumped over the lazy dog", 44); 333 sha512_process(&hs, "the quick brown fox jumped over the lazy dog", 44);
330 sha512_process(&hs, privkeytmp, i); 334 sha512_process(&hs, privkeytmp, i);
331 sha512_done(&hs, privkeyhash); 335 sha512_done(&hs, privkeyhash);
332 m_burn(privkeytmp, i); 336 m_burn(privkeytmp, i);
337 sha512_process(&hs, privkeyhash, SHA512_HASH_SIZE); 341 sha512_process(&hs, privkeyhash, SHA512_HASH_SIZE);
338 sha512_process(&hs, msghash, SHA1_HASH_SIZE); 342 sha512_process(&hs, msghash, SHA1_HASH_SIZE);
339 sha512_done(&hs, proto_k); 343 sha512_done(&hs, proto_k);
340 344
341 /* generate k */ 345 /* generate k */
342 m_mp_init(&dss_protok); 346 m_fp_init(&dss_protok);
343 bytes_to_mp(&dss_protok, proto_k, SHA512_HASH_SIZE); 347 bytes_to_fp(&dss_protok, proto_k, SHA512_HASH_SIZE);
344 if (mp_mod(&dss_protok, key->q, &dss_k) != MP_OKAY) { 348 if (fp_mod(&dss_protok, key->q, &dss_k) != FP_OKAY) {
345 dropbear_exit("dss error"); 349 dropbear_exit("dss error");
346 } 350 }
347 mp_clear(&dss_protok); 351 m_fp_zero(&dss_protok);
348 m_burn(proto_k, SHA512_HASH_SIZE); 352 m_burn(proto_k, SHA512_HASH_SIZE);
349 #else /* DSS_PROTOK not defined*/ 353 #else /* DSS_PROTOK not defined*/
350 gen_random_mpint(key->q, &dss_k); 354 gen_random_fpint(key->q, &dss_k);
351 #endif 355 #endif
352 356
353 /* now generate the actual signature */ 357 /* now generate the actual signature */
354 bytes_to_mp(&dss_m, msghash, SHA1_HASH_SIZE); 358 bytes_to_fp(&dss_m, msghash, SHA1_HASH_SIZE);
355 359
356 /* g^k mod p */ 360 /* g^k mod p */
357 if (mp_exptmod(key->g, &dss_k, key->p, &dss_temp1) != MP_OKAY) { 361 if (fp_exptmod(key->g, &dss_k, key->p, &dss_temp1) != FP_OKAY) {
358 dropbear_exit("dss error"); 362 dropbear_exit("dss error");
359 } 363 }
360 /* r = (g^k mod p) mod q */ 364 /* r = (g^k mod p) mod q */
361 if (mp_mod(&dss_temp1, key->q, &dss_r) != MP_OKAY) { 365 if (fp_mod(&dss_temp1, key->q, &dss_r) != FP_OKAY) {
362 dropbear_exit("dss error"); 366 dropbear_exit("dss error");
363 } 367 }
364 368
365 /* x*r mod q */ 369 /* x*r mod q */
366 if (mp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != MP_OKAY) { 370 if (fp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != FP_OKAY) {
367 dropbear_exit("dss error"); 371 dropbear_exit("dss error");
368 } 372 }
369 /* (SHA1(M) + xr) mod q) */ 373 /* (SHA1(M) + xr) mod q) */
370 if (mp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != MP_OKAY) { 374 if (fp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != FP_OKAY) {
371 dropbear_exit("dss error"); 375 dropbear_exit("dss error");
372 } 376 }
373 377
374 /* (k^-1) mod q */ 378 /* (k^-1) mod q */
375 if (mp_invmod(&dss_k, key->q, &dss_temp1) != MP_OKAY) { 379 if (fp_invmod(&dss_k, key->q, &dss_temp1) != FP_OKAY) {
376 dropbear_exit("dss error"); 380 dropbear_exit("dss error");
377 } 381 }
378 382
379 /* s = (k^-1(SHA1(M) + xr)) mod q */ 383 /* s = (k^-1(SHA1(M) + xr)) mod q */
380 if (mp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != MP_OKAY) { 384 if (fp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != FP_OKAY) {
381 dropbear_exit("dss error"); 385 dropbear_exit("dss error");
382 } 386 }
383 387
384 buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); 388 buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
385 buf_putint(buf, 2*SHA1_HASH_SIZE); 389 buf_putint(buf, 2*SHA1_HASH_SIZE);
386 390
387 writelen = mp_unsigned_bin_size(&dss_r); 391 writelen = fp_unsigned_bin_size(&dss_r);
388 dropbear_assert(writelen <= SHA1_HASH_SIZE); 392 dropbear_assert(writelen <= SHA1_HASH_SIZE);
389 /* need to pad to 160 bits with leading zeros */ 393 /* need to pad to 160 bits with leading zeros */
390 for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) { 394 for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
391 buf_putbyte(buf, 0); 395 buf_putbyte(buf, 0);
392 } 396 }
393 if (mp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen)) 397 fp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen));
394 != MP_OKAY) { 398 fp_zero(&dss_r);
395 dropbear_exit("dss error");
396 }
397 mp_clear(&dss_r);
398 buf_incrwritepos(buf, writelen); 399 buf_incrwritepos(buf, writelen);
399 400
400 writelen = mp_unsigned_bin_size(&dss_s); 401 writelen = fp_unsigned_bin_size(&dss_s);
401 dropbear_assert(writelen <= SHA1_HASH_SIZE); 402 dropbear_assert(writelen <= SHA1_HASH_SIZE);
402 /* need to pad to 160 bits with leading zeros */ 403 /* need to pad to 160 bits with leading zeros */
403 for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) { 404 for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
404 buf_putbyte(buf, 0); 405 buf_putbyte(buf, 0);
405 } 406 }
406 if (mp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen)) 407 fp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen));
407 != MP_OKAY) { 408 fp_zero(&dss_s);
408 dropbear_exit("dss error");
409 }
410 mp_clear(&dss_s);
411 buf_incrwritepos(buf, writelen); 409 buf_incrwritepos(buf, writelen);
412 410
413 mp_clear_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s, 411 m_fp_zero_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
414 &dss_m, NULL); 412 &dss_m, NULL);
415 413
416 /* create the signature to return */ 414 /* create the signature to return */
417 415
418 TRACE(("leave buf_put_dss_sign")) 416 TRACE(("leave buf_put_dss_sign"))