diff options
author | Damien Miller <djm@mindrot.org> | 2014-02-04 11:02:42 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-02-04 11:02:42 +1100 |
commit | 4e8d937af79ce4e253f77ec93489d098b25becc3 (patch) | |
tree | 83b0293313eea8dfebcc7f906c5058f530238e8b /hostfile.c | |
parent | 69d0d09f76bab5aec86fbf78489169f63bd16475 (diff) |
- markus@cvs.openbsd.org 2014/01/27 18:58:14
[Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
replace openssl HMAC with an implementation based on our ssh_digest_*
ok and feedback djm@
Diffstat (limited to 'hostfile.c')
-rw-r--r-- | hostfile.c | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/hostfile.c b/hostfile.c index 2778fb5df..0198cd001 100644 --- a/hostfile.c +++ b/hostfile.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: hostfile.c,v 1.53 2014/01/09 23:20:00 djm Exp $ */ | 1 | /* $OpenBSD: hostfile.c,v 1.54 2014/01/27 18:58:14 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -42,9 +42,6 @@ | |||
42 | 42 | ||
43 | #include <netinet/in.h> | 43 | #include <netinet/in.h> |
44 | 44 | ||
45 | #include <openssl/hmac.h> | ||
46 | #include <openssl/sha.h> | ||
47 | |||
48 | #include <resolv.h> | 45 | #include <resolv.h> |
49 | #include <stdarg.h> | 46 | #include <stdarg.h> |
50 | #include <stdio.h> | 47 | #include <stdio.h> |
@@ -58,6 +55,7 @@ | |||
58 | #include "log.h" | 55 | #include "log.h" |
59 | #include "misc.h" | 56 | #include "misc.h" |
60 | #include "digest.h" | 57 | #include "digest.h" |
58 | #include "hmac.h" | ||
61 | 59 | ||
62 | struct hostkeys { | 60 | struct hostkeys { |
63 | struct hostkey_entry *entries; | 61 | struct hostkey_entry *entries; |
@@ -102,9 +100,9 @@ extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len) | |||
102 | debug2("extract_salt: salt decode error"); | 100 | debug2("extract_salt: salt decode error"); |
103 | return (-1); | 101 | return (-1); |
104 | } | 102 | } |
105 | if (ret != SHA_DIGEST_LENGTH) { | 103 | if (ret != (int)ssh_hmac_bytes(SSH_DIGEST_SHA1)) { |
106 | debug2("extract_salt: expected salt len %d, got %d", | 104 | debug2("extract_salt: expected salt len %zd, got %d", |
107 | SHA_DIGEST_LENGTH, ret); | 105 | ssh_hmac_bytes(SSH_DIGEST_SHA1), ret); |
108 | return (-1); | 106 | return (-1); |
109 | } | 107 | } |
110 | 108 | ||
@@ -114,14 +112,13 @@ extract_salt(const char *s, u_int l, u_char *salt, size_t salt_len) | |||
114 | char * | 112 | char * |
115 | host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | 113 | host_hash(const char *host, const char *name_from_hostfile, u_int src_len) |
116 | { | 114 | { |
117 | const EVP_MD *md = EVP_sha1(); | 115 | struct ssh_hmac_ctx *ctx; |
118 | HMAC_CTX mac_ctx; | ||
119 | u_char salt[256], result[256]; | 116 | u_char salt[256], result[256]; |
120 | char uu_salt[512], uu_result[512]; | 117 | char uu_salt[512], uu_result[512]; |
121 | static char encoded[1024]; | 118 | static char encoded[1024]; |
122 | u_int i, len; | 119 | u_int i, len; |
123 | 120 | ||
124 | len = EVP_MD_size(md); | 121 | len = ssh_digest_bytes(SSH_DIGEST_SHA1); |
125 | 122 | ||
126 | if (name_from_hostfile == NULL) { | 123 | if (name_from_hostfile == NULL) { |
127 | /* Create new salt */ | 124 | /* Create new salt */ |
@@ -134,14 +131,16 @@ host_hash(const char *host, const char *name_from_hostfile, u_int src_len) | |||
134 | return (NULL); | 131 | return (NULL); |
135 | } | 132 | } |
136 | 133 | ||
137 | HMAC_Init(&mac_ctx, salt, len, md); | 134 | if ((ctx = ssh_hmac_start(SSH_DIGEST_SHA1)) == NULL || |
138 | HMAC_Update(&mac_ctx, (u_char *)host, strlen(host)); | 135 | ssh_hmac_init(ctx, salt, len) < 0 || |
139 | HMAC_Final(&mac_ctx, result, NULL); | 136 | ssh_hmac_update(ctx, host, strlen(host)) < 0 || |
140 | HMAC_cleanup(&mac_ctx); | 137 | ssh_hmac_final(ctx, result, sizeof(result))) |
138 | fatal("%s: ssh_hmac failed", __func__); | ||
139 | ssh_hmac_free(ctx); | ||
141 | 140 | ||
142 | if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || | 141 | if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 || |
143 | __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) | 142 | __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1) |
144 | fatal("host_hash: __b64_ntop failed"); | 143 | fatal("%s: __b64_ntop failed", __func__); |
145 | 144 | ||
146 | snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, | 145 | snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt, |
147 | HASH_DELIM, uu_result); | 146 | HASH_DELIM, uu_result); |