diff options
author | Damien Miller <djm@mindrot.org> | 2014-01-10 10:58:53 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-01-10 10:58:53 +1100 |
commit | b3051d01e505c9c2dc00faab472a0d06fa6b0e65 (patch) | |
tree | c0ca49b5fc4e5e1a066157b4dbd9c68cfcd41d63 /roaming_client.c | |
parent | e00e413dd16eb747fb2c15a099971d91c13cf70f (diff) |
- djm@cvs.openbsd.org 2014/01/09 23:20:00
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
[kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
[kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
[schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@
Diffstat (limited to 'roaming_client.c')
-rw-r--r-- | roaming_client.c | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/roaming_client.c b/roaming_client.c index 2fb623121..de049cdc1 100644 --- a/roaming_client.c +++ b/roaming_client.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: roaming_client.c,v 1.6 2013/10/16 02:31:46 djm Exp $ */ | 1 | /* $OpenBSD: roaming_client.c,v 1.7 2014/01/09 23:20:00 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2004-2009 AppGate Network Security AB | 3 | * Copyright (c) 2004-2009 AppGate Network Security AB |
4 | * | 4 | * |
@@ -48,6 +48,7 @@ | |||
48 | #include "roaming.h" | 48 | #include "roaming.h" |
49 | #include "ssh2.h" | 49 | #include "ssh2.h" |
50 | #include "sshconnect.h" | 50 | #include "sshconnect.h" |
51 | #include "digest.h" | ||
51 | 52 | ||
52 | /* import */ | 53 | /* import */ |
53 | extern Options options; | 54 | extern Options options; |
@@ -90,10 +91,8 @@ request_roaming(void) | |||
90 | static void | 91 | static void |
91 | roaming_auth_required(void) | 92 | roaming_auth_required(void) |
92 | { | 93 | { |
93 | u_char digest[SHA_DIGEST_LENGTH]; | 94 | u_char digest[SSH_DIGEST_MAX_LENGTH]; |
94 | EVP_MD_CTX md; | ||
95 | Buffer b; | 95 | Buffer b; |
96 | const EVP_MD *evp_md = EVP_sha1(); | ||
97 | u_int64_t chall, oldchall; | 96 | u_int64_t chall, oldchall; |
98 | 97 | ||
99 | chall = packet_get_int64(); | 98 | chall = packet_get_int64(); |
@@ -107,14 +106,13 @@ roaming_auth_required(void) | |||
107 | buffer_init(&b); | 106 | buffer_init(&b); |
108 | buffer_put_int64(&b, cookie); | 107 | buffer_put_int64(&b, cookie); |
109 | buffer_put_int64(&b, chall); | 108 | buffer_put_int64(&b, chall); |
110 | EVP_DigestInit(&md, evp_md); | 109 | if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0) |
111 | EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b)); | 110 | fatal("%s: ssh_digest_buffer failed", __func__); |
112 | EVP_DigestFinal(&md, digest, NULL); | ||
113 | buffer_free(&b); | 111 | buffer_free(&b); |
114 | 112 | ||
115 | packet_start(SSH2_MSG_KEX_ROAMING_AUTH); | 113 | packet_start(SSH2_MSG_KEX_ROAMING_AUTH); |
116 | packet_put_int64(key1 ^ get_recv_bytes()); | 114 | packet_put_int64(key1 ^ get_recv_bytes()); |
117 | packet_put_raw(digest, sizeof(digest)); | 115 | packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1)); |
118 | packet_send(); | 116 | packet_send(); |
119 | 117 | ||
120 | oldkey1 = key1; | 118 | oldkey1 = key1; |