From b3051d01e505c9c2dc00faab472a0d06fa6b0e65 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Fri, 10 Jan 2014 10:58:53 +1100
Subject:    - djm@cvs.openbsd.org 2014/01/09 23:20:00      [digest.c digest.h
 hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]      [kexc25519s.c kexdh.c
 kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]      [kexgexs.c key.c
 key.h roaming_client.c roaming_common.c schnorr.c]      [schnorr.h ssh-dss.c
 ssh-ecdsa.c ssh-rsa.c sshconnect2.c]      Introduce digest API and use it to
 perform all hashing operations      rather than calling OpenSSL EVP_Digest*
 directly. Will make it easier      to build a reduced-feature OpenSSH without
 OpenSSL in future;      feedback, ok markus@

---
 roaming_client.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

(limited to 'roaming_client.c')

diff --git a/roaming_client.c b/roaming_client.c
index 2fb623121..de049cdc1 100644
--- a/roaming_client.c
+++ b/roaming_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: roaming_client.c,v 1.6 2013/10/16 02:31:46 djm Exp $ */
+/* $OpenBSD: roaming_client.c,v 1.7 2014/01/09 23:20:00 djm Exp $ */
 /*
  * Copyright (c) 2004-2009 AppGate Network Security AB
  *
@@ -48,6 +48,7 @@
 #include "roaming.h"
 #include "ssh2.h"
 #include "sshconnect.h"
+#include "digest.h"
 
 /* import */
 extern Options options;
@@ -90,10 +91,8 @@ request_roaming(void)
 static void
 roaming_auth_required(void)
 {
-	u_char digest[SHA_DIGEST_LENGTH];
-	EVP_MD_CTX md;
+	u_char digest[SSH_DIGEST_MAX_LENGTH];
 	Buffer b;
-	const EVP_MD *evp_md = EVP_sha1();
 	u_int64_t chall, oldchall;
 
 	chall = packet_get_int64();
@@ -107,14 +106,13 @@ roaming_auth_required(void)
 	buffer_init(&b);
 	buffer_put_int64(&b, cookie);
 	buffer_put_int64(&b, chall);
-	EVP_DigestInit(&md, evp_md);
-	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
-	EVP_DigestFinal(&md, digest, NULL);
+	if (ssh_digest_buffer(SSH_DIGEST_SHA1, &b, digest, sizeof(digest)) != 0)
+		fatal("%s: ssh_digest_buffer failed", __func__);
 	buffer_free(&b);
 
 	packet_start(SSH2_MSG_KEX_ROAMING_AUTH);
 	packet_put_int64(key1 ^ get_recv_bytes());
-	packet_put_raw(digest, sizeof(digest));
+	packet_put_raw(digest, ssh_digest_bytes(SSH_DIGEST_SHA1));
 	packet_send();
 
 	oldkey1 = key1;
-- 
cgit v1.2.3