merge from main

--HG--
branch : fuzz

configure.ac

@@ -56,10 +56,18 @@ if test "$hardenbuild" -eq 1; then
 	OLDLDFLAGS="$LDFLAGS"
 	TESTFLAGS="-Wl,-pie"
 	LDFLAGS="$LDFLAGS $TESTFLAGS"
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
+	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		[
+			LDFLAGS="$OLDLDFLAGS"
+			TESTFLAGS="-pie"
+			LDFLAGS="$LDFLAGS $TESTFLAGS"
 			AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
 				[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
 				[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
 				)
+		]
+	    )
 	# readonly elf relocation sections (relro)
 	OLDLDFLAGS="$LDFLAGS"
 	TESTFLAGS="-Wl,-z,now -Wl,-z,relro"

dss.c

@@ -61,16 +61,14 @@ int buf_get_dss_pub_key(buffer* buf, dropbear_dss_key *key) {
 		goto out;
 	}
 
-	if (mp_count_bits(key->p) < DSS_P_BITS) {
+	if (mp_count_bits(key->p) != DSS_P_BITS) {
 		dropbear_log(LOG_WARNING, "Bad DSS p");
-		TRACE(("leave buf_get_dss_pub_key: short key"))
 		ret = DROPBEAR_FAILURE;
 		goto out;
 	}
 
-	if (mp_count_bits(key->q) < DSS_Q_BITS) {
+	if (mp_count_bits(key->q) != DSS_Q_BITS) {
 		dropbear_log(LOG_WARNING, "Bad DSS q");
-		TRACE(("leave buf_get_dss_pub_key: short key"))
 		ret = DROPBEAR_FAILURE;
 		goto out;
 	}