- markus@cvs.openbsd.org 2014/01/27 18:58:14

[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h] replace openssl HMAC with an implementation based on our ssh_digest_* ok and feedback djm@
author: Damien Miller <djm@mindrot.org> 2014-02-04 11:02:42 +1100
committer: Damien Miller <djm@mindrot.org> 2014-02-04 11:02:42 +1100
commit: 4e8d937af79ce4e253f77ec93489d098b25becc3 (patch)
tree: 83b0293313eea8dfebcc7f906c5058f530238e8b /hostfile.c
parent: 69d0d09f76bab5aec86fbf78489169f63bd16475 (diff)
1 files changed, 14 insertions, 15 deletions
diff --git a/hostfile.c b/hostfile.c
index 2778fb5df..0198cd001 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.53 2014/01/09 23:20:00 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.54 2014/01/27 18:58:14 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,9 +42,6 @@
 #include <netinet/in.h>
-#include <openssl/hmac.h>
-#include <openssl/sha.h>
 #include <resolv.h>
 #include <stdarg.h>
 #include <stdio.h>
@@ -58,6 +55,7 @@
 #include "log.h"
 #include "misc.h"
 #include "digest.h"
+#include "hmac.h"
 struct hostkeys {
        struct hostkey_entry *entries;
@@ -102,9 +100,9 @@ extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len)
                debug2("extract_salt: salt decode error");
                return (-1);
        }
-        if (ret != SHA_DIGEST_LENGTH) {
+        if (ret != (int)ssh_hmac_bytes(SSH_DIGEST_SHA1)) {
-                debug2("extract_salt: expected salt len %d, got %d",
+                debug2("extract_salt: expected salt len %zd, got %d",
-                    SHA_DIGEST_LENGTH, ret);
+                    ssh_hmac_bytes(SSH_DIGEST_SHA1), ret);
                return (-1);
        }
@@ -114,14 +112,13 @@ extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len)
 char *
 host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
 {
-        const EVP_MD *md = EVP_sha1();
+        struct ssh_hmac_ctx *ctx;
-        HMAC_CTX mac_ctx;
        u_char salt[256], result[256];
        char uu_salt[512], uu_result[512];
        static char encoded[1024];
        u_int i, len;
-        len = EVP_MD_size(md);
+        len = ssh_digest_bytes(SSH_DIGEST_SHA1);
        if (name_from_hostfile == NULL) {
                /* Create new salt */
@@ -134,14 +131,16 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
                        return (NULL);
        }
-        HMAC_Init(&mac_ctx, salt, len, md);
+        if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL ||
-        HMAC_Update(&mac_ctx, (u_char *)host, strlen(host));
+            ssh_hmac_init(ctx, salt, len) < 0 ||
-        HMAC_Final(&mac_ctx, result, NULL);
+            ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
-        HMAC_cleanup(&mac_ctx);
+            ssh_hmac_final(ctx, result, sizeof(result)))
+                fatal("%s: ssh_hmac failed", __func__);
+        ssh_hmac_free(ctx);
        if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
            __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
-                fatal("host_hash: __b64_ntop failed");
+                fatal("%s: __b64_ntop failed", __func__);
        snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt,
            HASH_DELIM, uu_result);
author	Damien Miller <djm@mindrot.org>	2014-02-04 11:02:42 +1100
committer	Damien Miller <djm@mindrot.org>	2014-02-04 11:02:42 +1100
commit	4e8d937af79ce4e253f77ec93489d098b25becc3 (patch)
tree	83b0293313eea8dfebcc7f906c5058f530238e8b /hostfile.c
parent	69d0d09f76bab5aec86fbf78489169f63bd16475 (diff)