1 files changed, 16 insertions, 13 deletions
diff --git a/gss-genr.c b/gss-genr.c
index 285fc29a5..491e62cee 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -39,11 +39,12 @@
 #include "xmalloc.h"
 #include "ssherr.h"
 #include "sshbuf.h"
+#include "sshkey.h"
 #include "log.h"
 #include "ssh2.h"
 #include "cipher.h"
 #include "kex.h"
-#include <openssl/evp.h>
+#include "digest.h"
 #include "ssh-gss.h"
@@ -110,10 +111,9 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
        size_t i;
        int r, oidpos, enclen;
        char *mechs, *encoded;
-        u_char digest[EVP_MAX_MD_SIZE];
+        u_char digest[SSH_DIGEST_MAX_LENGTH];
        char deroid[2];
-        const EVP_MD *evp_md = EVP_md5();
+        struct ssh_digest_ctx *md;
-        EVP_MD_CTX md;
        if (gss_enc2oid != NULL) {
                for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
@@ -135,16 +135,19 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
                        deroid[0] = SSH_GSS_OIDTYPE;
                        deroid[1] = gss_supported->elements[i].length;
-                        EVP_DigestInit(&md, evp_md);
+                        if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
-                        EVP_DigestUpdate(&md, deroid, 2);
+                            ssh_digest_update(md, deroid, 2) != 0 ||
-                        EVP_DigestUpdate(&md,
+                            ssh_digest_update(md,
                            gss_supported->elements[i].elements,
-                            gss_supported->elements[i].length);
+                            gss_supported->elements[i].length) != 0 ||
-                        EVP_DigestFinal(&md, digest, NULL);
+                            ssh_digest_final(md, digest, sizeof(digest)) != 0)
+                                fatal("%s: digest failed", __func__);
-                        encoded = xmalloc(EVP_MD_size(evp_md) * 2);
-                        enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
+                        encoded = xmalloc(ssh_digest_bytes(SSH_DIGEST_MD5)
-                            encoded, EVP_MD_size(evp_md) * 2);
+                            * 2);
+                        enclen = __b64_ntop(digest,
+                            ssh_digest_bytes(SSH_DIGEST_MD5), encoded,
+                            ssh_digest_bytes(SSH_DIGEST_MD5) * 2);
                        if (oidpos != 0) {
                                if ((r = sshbuf_put_u8(buf, ',')) != 0)

diff --git a/gss-genr.c b/gss-genr.c index 285fc29a5..491e62cee 100644 --- a/gss-genr.c +++ b/gss-genr.c
@@ -39,11 +39,12 @@
39	#include "xmalloc.h"	39	#include "xmalloc.h"
40	#include "ssherr.h"	40	#include "ssherr.h"
41	#include "sshbuf.h"	41	#include "sshbuf.h"
		42	#include "sshkey.h"
42	#include "log.h"	43	#include "log.h"
43	#include "ssh2.h"	44	#include "ssh2.h"
44	#include "cipher.h"	45	#include "cipher.h"
45	#include "kex.h"	46	#include "kex.h"
46	#include <openssl/evp.h>	47	#include "digest.h"
47		48
48	#include "ssh-gss.h"	49	#include "ssh-gss.h"
49		50
@@ -110,10 +111,9 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
110	size_t i;	111	size_t i;
111	int r, oidpos, enclen;	112	int r, oidpos, enclen;
112	char mechs, encoded;	113	char mechs, encoded;
113	u_char digest[EVP_MAX_MD_SIZE];	114	u_char digest[SSH_DIGEST_MAX_LENGTH];
114	char deroid[2];	115	char deroid[2];
115	const EVP_MD *evp_md = EVP_md5();	116	struct ssh_digest_ctx *md;
116	EVP_MD_CTX md;
117		117
118	if (gss_enc2oid != NULL) {	118	if (gss_enc2oid != NULL) {
119	for (i = 0; gss_enc2oid[i].encoded != NULL; i++)	119	for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
@@ -135,16 +135,19 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
135	deroid[0] = SSH_GSS_OIDTYPE;	135	deroid[0] = SSH_GSS_OIDTYPE;
136	deroid[1] = gss_supported->elements[i].length;	136	deroid[1] = gss_supported->elements[i].length;
137		137
138	EVP_DigestInit(&md, evp_md);	138	if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL \|\|
139	EVP_DigestUpdate(&md, deroid, 2);	139	ssh_digest_update(md, deroid, 2) != 0 \|\|
140	EVP_DigestUpdate(&md,	140	ssh_digest_update(md,
141	gss_supported->elements[i].elements,	141	gss_supported->elements[i].elements,
142	gss_supported->elements[i].length);	142	gss_supported->elements[i].length) != 0 \|\|
143	EVP_DigestFinal(&md, digest, NULL);	143	ssh_digest_final(md, digest, sizeof(digest)) != 0)
144		144	fatal("%s: digest failed", __func__);
145	encoded = xmalloc(EVP_MD_size(evp_md) * 2);	145
146	enclen = __b64_ntop(digest, EVP_MD_size(evp_md),	146	encoded = xmalloc(ssh_digest_bytes(SSH_DIGEST_MD5)
147	encoded, EVP_MD_size(evp_md) * 2);	147	* 2);
		148	enclen = __b64_ntop(digest,
		149	ssh_digest_bytes(SSH_DIGEST_MD5), encoded,
		150	ssh_digest_bytes(SSH_DIGEST_MD5) * 2);
148		151
149	if (oidpos != 0) {	152	if (oidpos != 0) {
150	if ((r = sshbuf_put_u8(buf, ',')) != 0)	153	if ((r = sshbuf_put_u8(buf, ',')) != 0)