- djm@cvs.openbsd.org 2014/01/09 23:20:00
[digest.c digest.h hostfile.c kex.c kex.h kexc25519.c kexc25519c.c]
[kexc25519s.c kexdh.c kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c]
[kexgexs.c key.c key.h roaming_client.c roaming_common.c schnorr.c]
[schnorr.h ssh-dss.c ssh-ecdsa.c ssh-rsa.c sshconnect2.c]
Introduce digest API and use it to perform all hashing operations
rather than calling OpenSSL EVP_Digest* directly. Will make it easier
to build a reduced-feature OpenSSH without OpenSSL in future;
feedback, ok markus@
diff --git a/kexecdh.c b/kexecdh.c
index c948fe2..c52c5e2 100644
--- a/kexecdh.c
+++ b/kexecdh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexecdh.c,v 1.4 2013/04/19 01:06:50 djm Exp $ */
+/* $OpenBSD: kexecdh.c,v 1.5 2014/01/09 23:20:00 djm Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2010 Damien Miller. All rights reserved.
@@ -44,10 +44,11 @@
#include "cipher.h"
#include "kex.h"
#include "log.h"
+#include "digest.h"
void
kex_ecdh_hash(
- const EVP_MD *evp_md,
+ int hash_alg,
const EC_GROUP *ec_group,
char *client_version_string,
char *server_version_string,
@@ -60,8 +61,7 @@
u_char **hash, u_int *hashlen)
{
Buffer b;
- EVP_MD_CTX md;
- static u_char digest[EVP_MAX_MD_SIZE];
+ static u_char digest[SSH_DIGEST_MAX_LENGTH];
buffer_init(&b);
buffer_put_cstring(&b, client_version_string);
@@ -83,17 +83,15 @@
#ifdef DEBUG_KEX
buffer_dump(&b);
#endif
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
- EVP_DigestFinal(&md, digest, NULL);
+ if (ssh_digest_buffer(hash_alg, &b, digest, sizeof(digest)) != 0)
+ fatal("%s: ssh_digest_buffer failed", __func__);
buffer_free(&b);
#ifdef DEBUG_KEX
- dump_digest("hash", digest, EVP_MD_size(evp_md));
+ dump_digest("hash", digest, ssh_digest_bytes(hash_alg));
#endif
*hash = digest;
- *hashlen = EVP_MD_size(evp_md);
+ *hashlen = ssh_digest_bytes(hash_alg);
}
-
#endif /* OPENSSL_HAS_ECC */