+ memset(&sig, 0, sizeof(sig));
+
+ /* DSS signature must be formatted to PKIX compliant format since our
+ implementation expects that. */
+ if (!strcmp(signame, "ssh-dss")) {
+ /* The integers must be 160 bits each */
+ if (signature_len != 40) {
+ verify_cb(FALSE, context);
+ silc_free(signame);
+ return NULL;
+ }
+
+ silc_buffer_set(&r, signature, 20);
+ silc_buffer_set(&s, signature + 20, 20);
+
+ stack = silc_stack_alloc(0, silc_crypto_stack());
+
+ asn1 = silc_asn1_alloc(stack);
+ if (!asn1) {
+ verify_cb(FALSE, context);
+ silc_free(signame);
+ silc_stack_free(stack);
+ return NULL;
+ }
+
+ /* Encode signature to PKIX compliant format. */
+ if (!silc_asn1_encode(asn1, &sig,
+ SILC_ASN1_OPTS(SILC_ASN1_ALLOC),
+ SILC_ASN1_SEQUENCE,
+ SILC_ASN1_ANY_PRIMITIVE(SILC_ASN1_TAG_INTEGER, &r),
+ SILC_ASN1_ANY_PRIMITIVE(SILC_ASN1_TAG_INTEGER, &s),
+ SILC_ASN1_END, SILC_ASN1_END)) {
+ verify_cb(FALSE, context);
+ silc_free(signame);
+ silc_asn1_free(asn1);
+ silc_stack_free(stack);
+ return NULL;
+ }
+
+ signature = silc_buffer_steal(&sig, &signature_len);
+
+ silc_asn1_free(asn1);
+ }