commit 06b33aa0e83163f3dcd679317afec1ee95910512
author Ben Lindstrom <mouring@eviladmin.org> Thu Feb 15 03:01:59 2001 +0000
committer Ben Lindstrom <mouring@eviladmin.org> Thu Feb 15 03:01:59 2001 +0000
tree eae5cbd1cd71619bdd1e5d4a28e6bb96057f4479
parent 4272ed803ff309f1fdb9c149b9cf083769f53744

   - markus@cvs.openbsd.org 2001/02/11 12:59:25
     [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@

packet.c

diff --git a/packet.c b/packet.c
index 956e711..46e89bc 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.49 2001/02/08 19:30:52 itojun Exp $");
+RCSID("$OpenBSD: packet.c,v 1.50 2001/02/11 12:59:25 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -54,12 +54,9 @@
 #include "ssh1.h"
 #include "ssh2.h"
 
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/hmac.h>
 #include "cipher.h"
 #include "kex.h"
-#include "hmac.h"
+#include "mac.h"
 #include "log.h"
 #include "canohost.h"
 
@@ -531,12 +528,12 @@
 void
 packet_send2(void)
 {
+	static u_int32_t seqnr = 0;
 	u_char *macbuf = NULL;
 	char *cp;
 	u_int packet_length = 0;
 	u_int i, padlen, len;
 	u_int32_t rand = 0;
-	static u_int seqnr = 0;
 	int type;
 	Enc *enc   = NULL;
 	Mac *mac   = NULL;
@@ -604,11 +601,9 @@
 
 	/* compute MAC over seqnr and packet(length fields, payload, padding) */
 	if (mac && mac->enabled) {
-		macbuf = hmac( mac->md, seqnr,
+		macbuf = mac_compute(mac, seqnr,
 		    (u_char *) buffer_ptr(&outgoing_packet),
-		    buffer_len(&outgoing_packet),
-		    mac->key, mac->key_len
-		);
+		    buffer_len(&outgoing_packet));
 		DBG(debug("done calc MAC out #%d", seqnr));
 	}
 	/* encrypt packet and append to output buffer. */
@@ -818,12 +813,12 @@
 int
 packet_read_poll2(int *payload_len_ptr)
 {
+	static u_int32_t seqnr = 0;
+	static u_int packet_length = 0;
 	u_int padlen, need;
 	u_char buf[8], *macbuf;
 	u_char *ucp;
 	char *cp;
-	static u_int packet_length = 0;
-	static u_int seqnr = 0;
 	int type;
 	int maclen, block_size;
 	Enc *enc   = NULL;
@@ -883,11 +878,9 @@
 	 * increment sequence number for incoming packet
 	 */
 	if (mac && mac->enabled) {
-		macbuf = hmac( mac->md, seqnr,
+		macbuf = mac_compute(mac, seqnr,
 		    (u_char *) buffer_ptr(&incoming_packet),
-		    buffer_len(&incoming_packet),
-		    mac->key, mac->key_len
-		);
+		    buffer_len(&incoming_packet));
 		if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
 			packet_disconnect("Corrupted MAC on input.");
 		DBG(debug("MAC #%d ok", seqnr));