summaryrefslogtreecommitdiff
path: root/hostfile.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-02-04 11:02:42 +1100
committerDamien Miller <djm@mindrot.org>2014-02-04 11:02:42 +1100
commit4e8d937af79ce4e253f77ec93489d098b25becc3 (patch)
tree83b0293313eea8dfebcc7f906c5058f530238e8b /hostfile.c
parent69d0d09f76bab5aec86fbf78489169f63bd16475 (diff)
- markus@cvs.openbsd.org 2014/01/27 18:58:14
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h] replace openssl HMAC with an implementation based on our ssh_digest_* ok and feedback djm@
Diffstat (limited to 'hostfile.c')
-rw-r--r--hostfile.c29
1 files changed, 14 insertions, 15 deletions
diff --git a/hostfile.c b/hostfile.c
index 2778fb5df..0198cd001 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: hostfile.c,v 1.53 2014/01/09 23:20:00 djm Exp $ */ 1/* $OpenBSD: hostfile.c,v 1.54 2014/01/27 18:58:14 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,9 +42,6 @@
42 42
43#include <netinet/in.h> 43#include <netinet/in.h>
44 44
45#include <openssl/hmac.h>
46#include <openssl/sha.h>
47
48#include <resolv.h> 45#include <resolv.h>
49#include <stdarg.h> 46#include <stdarg.h>
50#include <stdio.h> 47#include <stdio.h>
@@ -58,6 +55,7 @@
58#include "log.h" 55#include "log.h"
59#include "misc.h" 56#include "misc.h"
60#include "digest.h" 57#include "digest.h"
58#include "hmac.h"
61 59
62struct hostkeys { 60struct hostkeys {
63 struct hostkey_entry *entries; 61 struct hostkey_entry *entries;
@@ -102,9 +100,9 @@ extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len)
102 debug2("extract_salt: salt decode error"); 100 debug2("extract_salt: salt decode error");
103 return (-1); 101 return (-1);
104 } 102 }
105 if (ret != SHA_DIGEST_LENGTH) { 103 if (ret != (int)ssh_hmac_bytes(SSH_DIGEST_SHA1)) {
106 debug2("extract_salt: expected salt len %d, got %d", 104 debug2("extract_salt: expected salt len %zd, got %d",
107 SHA_DIGEST_LENGTH, ret); 105 ssh_hmac_bytes(SSH_DIGEST_SHA1), ret);
108 return (-1); 106 return (-1);
109 } 107 }
110 108
@@ -114,14 +112,13 @@ extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len)
114char * 112char *
115host_hash(const char *host, const char *name_from_hostfile, u_int src_len) 113host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
116{ 114{
117 const EVP_MD *md = EVP_sha1(); 115 struct ssh_hmac_ctx *ctx;
118 HMAC_CTX mac_ctx;
119 u_char salt[256], result[256]; 116 u_char salt[256], result[256];
120 char uu_salt[512], uu_result[512]; 117 char uu_salt[512], uu_result[512];
121 static char encoded[1024]; 118 static char encoded[1024];
122 u_int i, len; 119 u_int i, len;
123 120
124 len = EVP_MD_size(md); 121 len = ssh_digest_bytes(SSH_DIGEST_SHA1);
125 122
126 if (name_from_hostfile == NULL) { 123 if (name_from_hostfile == NULL) {
127 /* Create new salt */ 124 /* Create new salt */
@@ -134,14 +131,16 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len)
134 return (NULL); 131 return (NULL);
135 } 132 }
136 133
137 HMAC_Init(&mac_ctx, salt, len, md); 134 if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL ||
138 HMAC_Update(&mac_ctx, (u_char *)host, strlen(host)); 135 ssh_hmac_init(ctx, salt, len) < 0 ||
139 HMAC_Final(&mac_ctx, result, NULL); 136 ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
140 HMAC_cleanup(&mac_ctx); 137 ssh_hmac_final(ctx, result, sizeof(result)))
138 fatal("%s: ssh_hmac failed", __func__);
139 ssh_hmac_free(ctx);
141 140
142 if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || 141 if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
143 __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) 142 __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
144 fatal("host_hash: __b64_ntop failed"); 143 fatal("%s: __b64_ntop failed", __func__);
145 144
146 snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, 145 snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt,
147 HASH_DELIM, uu_result); 146 HASH_DELIM, uu_result);