- markus@cvs.openbsd.org 2014/01/27 18:58:14

     [Makefile.in digest.c digest.h hostfile.c kex.h mac.c hmac.c hmac.h]
     replace openssl HMAC with an implementation based on our ssh_digest_*
     ok and feedback djm@

1 files changed, 41 insertions, 44 deletions

diff --git a/mac.c b/mac.c
index d3a0b935f..4c4a6bf53 100644
--- a/mac.c
+++ b/mac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.26 2014/01/04 17:50:55 tedu Exp $ */
+/* $OpenBSD: mac.c,v 1.27 2014/01/27 18:58:14 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -27,8 +27,6 @@
 
 #include <sys/types.h>
 
-#include <openssl/hmac.h>
-
 #include <stdarg.h>
 #include <string.h>
 #include <signal.h>
@@ -42,18 +40,20 @@
 #include "mac.h"
 #include "misc.h"
 
+#include "digest.h"
+#include "hmac.h"
 #include "umac.h"
 
 #include "openbsd-compat/openssl-compat.h"
 
-#define SSH_EVP         1       /* OpenSSL EVP-based MAC */
+#define SSH_DIGEST      1       /* SSH_DIGEST_XXX */
 #define SSH_UMAC        2       /* UMAC (not integrated with OpenSSL) */
 #define SSH_UMAC128     3
 
 struct macalg {
         char            *name;
         int             type;
-        const EVP_MD *  (*mdfunc)(void);
+        int             alg;
         int             truncatebits;   /* truncate digest if != 0 */
         int             key_len;        /* just for UMAC */
         int             len;            /* just for UMAC */
@@ -62,33 +62,33 @@ struct macalg {
 
 static const struct macalg macs[] = {
         /* Encrypt-and-MAC (encrypt-and-authenticate) variants */
-        { "hmac-sha1",                          SSH_EVP, EVP_sha1, 0, 0, 0, 0 },
-        { "hmac-sha1-96",                       SSH_EVP, EVP_sha1, 96, 0, 0, 0 },
+        { "hmac-sha1",                          SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
+        { "hmac-sha1-96",                       SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 },
 #ifdef HAVE_EVP_SHA256
-        { "hmac-sha2-256",                      SSH_EVP, EVP_sha256, 0, 0, 0, 0 },
-        { "hmac-sha2-512",                      SSH_EVP, EVP_sha512, 0, 0, 0, 0 },
+        { "hmac-sha2-256",                      SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 },
+        { "hmac-sha2-512",                      SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 },
 #endif
-        { "hmac-md5",                           SSH_EVP, EVP_md5, 0, 0, 0, 0 },
-        { "hmac-md5-96",                        SSH_EVP, EVP_md5, 96, 0, 0, 0 },
-        { "hmac-ripemd160",                     SSH_EVP, EVP_ripemd160, 0, 0, 0, 0 },
-        { "hmac-ripemd160@openssh.com",         SSH_EVP, EVP_ripemd160, 0, 0, 0, 0 },
-        { "umac-64@openssh.com",                SSH_UMAC, NULL, 0, 128, 64, 0 },
-        { "umac-128@openssh.com",               SSH_UMAC128, NULL, 0, 128, 128, 0 },
+        { "hmac-md5",                           SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 },
+        { "hmac-md5-96",                        SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
+        { "hmac-ripemd160",                     SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
+        { "hmac-ripemd160@openssh.com",         SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
+        { "umac-64@openssh.com",                SSH_UMAC, 0, 0, 128, 64, 0 },
+        { "umac-128@openssh.com",               SSH_UMAC128, 0, 0, 128, 128, 0 },
 
         /* Encrypt-then-MAC variants */
-        { "hmac-sha1-etm@openssh.com",          SSH_EVP, EVP_sha1, 0, 0, 0, 1 },
-        { "hmac-sha1-96-etm@openssh.com",       SSH_EVP, EVP_sha1, 96, 0, 0, 1 },
+        { "hmac-sha1-etm@openssh.com",          SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
+        { "hmac-sha1-96-etm@openssh.com",       SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 1 },
 #ifdef HAVE_EVP_SHA256
-        { "hmac-sha2-256-etm@openssh.com",      SSH_EVP, EVP_sha256, 0, 0, 0, 1 },
-        { "hmac-sha2-512-etm@openssh.com",      SSH_EVP, EVP_sha512, 0, 0, 0, 1 },
+        { "hmac-sha2-256-etm@openssh.com",      SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
+        { "hmac-sha2-512-etm@openssh.com",      SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
 #endif
-        { "hmac-md5-etm@openssh.com",           SSH_EVP, EVP_md5, 0, 0, 0, 1 },
-        { "hmac-md5-96-etm@openssh.com",        SSH_EVP, EVP_md5, 96, 0, 0, 1 },
-        { "hmac-ripemd160-etm@openssh.com",     SSH_EVP, EVP_ripemd160, 0, 0, 0, 1 },
-        { "umac-64-etm@openssh.com",            SSH_UMAC, NULL, 0, 128, 64, 1 },
-        { "umac-128-etm@openssh.com",           SSH_UMAC128, NULL, 0, 128, 128, 1 },
+        { "hmac-md5-etm@openssh.com",           SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
+        { "hmac-md5-96-etm@openssh.com",        SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
+        { "hmac-ripemd160-etm@openssh.com",     SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
+        { "umac-64-etm@openssh.com",            SSH_UMAC, 0, 0, 128, 64, 1 },
+        { "umac-128-etm@openssh.com",           SSH_UMAC128, 0, 0, 128, 128, 1 },
 
-        { NULL,                                 0, NULL, 0, 0, 0, 0 }
+        { NULL,                                 0, 0, 0, 0, 0, 0 }
 };
 
 /* Returns a list of supported MACs separated by the specified char. */
@@ -113,14 +113,11 @@ mac_alg_list(char sep)
 static void
 mac_setup_by_alg(Mac *mac, const struct macalg *macalg)
 {
-        int evp_len;
-
         mac->type = macalg->type;
-        if (mac->type == SSH_EVP) {
-                mac->evp_md = macalg->mdfunc();
-                if ((evp_len = EVP_MD_size(mac->evp_md)) <= 0)
-                        fatal("mac %s len %d", mac->name, evp_len);
-                mac->key_len = mac->mac_len = (u_int)evp_len;
+        if (mac->type == SSH_DIGEST) {
+                if ((mac->hmac_ctx = ssh_hmac_start(macalg->alg)) == NULL)
+                        fatal("ssh_hmac_start(alg=%d) failed", macalg->alg);
+                mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg);
         } else {
                 mac->mac_len = macalg->len / 8;
                 mac->key_len = macalg->key_len / 8;
@@ -154,11 +151,10 @@ mac_init(Mac *mac)
         if (mac->key == NULL)
                 fatal("mac_init: no key");
         switch (mac->type) {
-        case SSH_EVP:
-                if (mac->evp_md == NULL)
+        case SSH_DIGEST:
+                if (mac->hmac_ctx == NULL ||
+                    ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0)
                         return -1;
-                HMAC_CTX_init(&mac->evp_ctx);
-                HMAC_Init(&mac->evp_ctx, mac->key, mac->key_len, mac->evp_md);
                 return 0;
         case SSH_UMAC:
                 mac->umac_ctx = umac_new(mac->key);
@@ -185,13 +181,14 @@ mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
                     mac->mac_len, sizeof(u));
 
         switch (mac->type) {
-        case SSH_EVP:
+        case SSH_DIGEST:
                 put_u32(b, seqno);
                 /* reset HMAC context */
-                HMAC_Init(&mac->evp_ctx, NULL, 0, NULL);
-                HMAC_Update(&mac->evp_ctx, b, sizeof(b));
-                HMAC_Update(&mac->evp_ctx, data, datalen);
-                HMAC_Final(&mac->evp_ctx, u.m, NULL);
+                if (ssh_hmac_init(mac->hmac_ctx, NULL, 0) < 0 ||
+                    ssh_hmac_update(mac->hmac_ctx, b, sizeof(b)) < 0 ||
+                    ssh_hmac_update(mac->hmac_ctx, data, datalen) < 0 ||
+                    ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
+                        fatal("ssh_hmac failed");
                 break;
         case SSH_UMAC:
                 put_u64(nonce, seqno);
@@ -218,9 +215,9 @@ mac_clear(Mac *mac)
         } else if (mac->type == SSH_UMAC128) {
                 if (mac->umac_ctx != NULL)
                         umac128_delete(mac->umac_ctx);
-        } else if (mac->evp_md != NULL)
-                HMAC_cleanup(&mac->evp_ctx);
-        mac->evp_md = NULL;
+        } else if (mac->hmac_ctx != NULL)
+                ssh_hmac_free(mac->hmac_ctx);
+        mac->hmac_ctx = NULL;
         mac->umac_ctx = NULL;
 }