Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14^! / . / mac.c
commit1f0311c7c7d10c94ff7f823de9c5b2ed79368b14[log] [tgz]
authorDamien Miller <djm@mindrot.org>Thu May 15 14:24:09 2014 +1000
committerDamien Miller <djm@mindrot.org>Thu May 15 14:24:09 2014 +1000
treeae708c2a25f84a04bcb04f2dbf3e8039e0f692bc
parentc5893785564498cea73cb60d2cf199490483e080 [diff] [blame]
   - markus@cvs.openbsd.org 2014/04/29 18:01:49
     [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm

diff --git a/mac.c b/mac.c
index 0977572..fc2bd42 100644
--- a/mac.c
+++ b/mac.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.28 2014/02/07 06:55:54 djm Exp $ */
+/* $OpenBSD: mac.c,v 1.29 2014/04/29 18:01:49 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -72,8 +72,10 @@
 	{ "hmac-md5-96",			SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
 	{ "hmac-ripemd160",			SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
 	{ "hmac-ripemd160@openssh.com",		SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 0 },
+#ifdef WITH_OPENSSL
 	{ "umac-64@openssh.com",		SSH_UMAC, 0, 0, 128, 64, 0 },
 	{ "umac-128@openssh.com",		SSH_UMAC128, 0, 0, 128, 128, 0 },
+#endif
 
 	/* Encrypt-then-MAC variants */
 	{ "hmac-sha1-etm@openssh.com",		SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
@@ -85,8 +87,10 @@
 	{ "hmac-md5-etm@openssh.com",		SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
 	{ "hmac-md5-96-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
 	{ "hmac-ripemd160-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_RIPEMD160, 0, 0, 0, 1 },
+#ifdef WITH_OPENSSL
 	{ "umac-64-etm@openssh.com",		SSH_UMAC, 0, 0, 128, 64, 1 },
 	{ "umac-128-etm@openssh.com",		SSH_UMAC128, 0, 0, 128, 128, 1 },
+#endif
 
 	{ NULL,					0, 0, 0, 0, 0, 0 }
 };
@@ -119,9 +123,11 @@
 			fatal("ssh_hmac_start(alg=%d) failed", macalg->alg);
 		mac->key_len = mac->mac_len = ssh_hmac_bytes(macalg->alg);
 	} else {
+#ifdef WITH_OPENSSL
 		mac->mac_len = macalg->len / 8;
 		mac->key_len = macalg->key_len / 8;
 		mac->umac_ctx = NULL;
+#endif
 	}
 	if (macalg->truncatebits != 0)
 		mac->mac_len = macalg->truncatebits / 8;
@@ -157,12 +163,14 @@
 		    ssh_hmac_init(mac->hmac_ctx, mac->key, mac->key_len) < 0)
 			return -1;
 		return 0;
+#ifdef WITH_OPENSSL
 	case SSH_UMAC:
 		mac->umac_ctx = umac_new(mac->key);
 		return 0;
 	case SSH_UMAC128:
 		mac->umac_ctx = umac128_new(mac->key);
 		return 0;
+#endif
 	default:
 		return -1;
 	}
@@ -175,7 +183,10 @@
 		u_char m[EVP_MAX_MD_SIZE];
 		u_int64_t for_align;
 	} u;
-	u_char b[4], nonce[8];
+	u_char b[4];
+#ifdef WITH_OPENSSL
+	u_char nonce[8];
+#endif
 
 	if (mac->mac_len > sizeof(u))
 		fatal("mac_compute: mac too long %u %zu",
@@ -191,6 +202,7 @@
 		    ssh_hmac_final(mac->hmac_ctx, u.m, sizeof(u.m)) < 0)
 			fatal("ssh_hmac failed");
 		break;
+#ifdef WITH_OPENSSL
 	case SSH_UMAC:
 		put_u64(nonce, seqno);
 		umac_update(mac->umac_ctx, data, datalen);
@@ -201,6 +213,7 @@
 		umac128_update(mac->umac_ctx, data, datalen);
 		umac128_final(mac->umac_ctx, u.m, nonce);
 		break;
+#endif
 	default:
 		fatal("mac_compute: unknown MAC type");
 	}
@@ -210,6 +223,7 @@
 void
 mac_clear(Mac *mac)
 {
+#ifdef WITH_OPENSSL
 	if (mac->type == SSH_UMAC) {
 		if (mac->umac_ctx != NULL)
 			umac_delete(mac->umac_ctx);
@@ -217,6 +231,7 @@
 		if (mac->umac_ctx != NULL)
 			umac128_delete(mac->umac_ctx);
 	} else if (mac->hmac_ctx != NULL)
+#endif
 		ssh_hmac_free(mac->hmac_ctx);
 	mac->hmac_ctx = NULL;
 	mac->umac_ctx = NULL;