packet: Reformat ssh_packet_hmac_verify()

Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jakub Jelen <jjelen@redhat.com> (cherry picked from commit 4a7791b784)
2026-02-09 09:54:25 +09:00 · 2022-07-13 16:14:48 +02:00
parent cffa103378
commit 46e0703c6e
1 changed files with 46 additions and 29 deletions
--- a/src/packet_crypt.c
+++ b/src/packet_crypt.c
@@ -260,42 +260,59 @@ int ssh_packet_hmac_verify(ssh_session session,
                           uint8_t *mac,
                           enum ssh_hmac_e type)
 {
-  struct ssh_crypto_struct *crypto = NULL;
+    struct ssh_crypto_struct *crypto = NULL;
-  unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
+    unsigned char hmacbuf[DIGEST_MAX_LEN] = {0};
-  HMACCTX ctx;
+    HMACCTX ctx;
-  size_t hmaclen = DIGEST_MAX_LEN;
+    size_t hmaclen = DIGEST_MAX_LEN;
-  uint32_t seq;
+    uint32_t seq;
-  /* AEAD types have no mac checking */
+    /* AEAD types have no mac checking */
-  if (type == SSH_HMAC_AEAD_POLY1305 ||
+    if (type == SSH_HMAC_AEAD_POLY1305 ||
-      type == SSH_HMAC_AEAD_GCM) {
+        type == SSH_HMAC_AEAD_GCM) {
-      return SSH_OK;
+        return SSH_OK;
-  }
+    }
-  crypto = ssh_packet_get_current_crypto(session, SSH_DIRECTION_IN);
+    crypto = ssh_packet_get_current_crypto(session,
-  if (crypto == NULL) {
+                                           SSH_DIRECTION_IN);
-      return SSH_ERROR;
+    if (crypto == NULL) {
-  }
+        return SSH_ERROR;
    }
-  ctx = hmac_init(crypto->decryptMAC, hmac_digest_len(type), type);
+    ctx = hmac_init(crypto->decryptMAC,
-  if (ctx == NULL) {
+                    hmac_digest_len(type),
-    return -1;
+                    type);
-  }
+    if (ctx == NULL) {
        return -1;
    }
-  seq = htonl(session->recv_seq);
+    seq = htonl(session->recv_seq);
-  hmac_update(ctx, (unsigned char *) &seq, sizeof(uint32_t));
+    hmac_update(ctx,
-  hmac_update(ctx, data, len);
+                (unsigned char *)&seq,
-  hmac_final(ctx, hmacbuf, &hmaclen);
+                sizeof(uint32_t));
    hmac_update(ctx,
                data,
                len);
    hmac_final(ctx,
               hmacbuf,
               &hmaclen);
 #ifdef DEBUG_CRYPTO
-  ssh_log_hexdump("received mac",mac,hmaclen);
+    ssh_log_hexdump("received mac",
-  ssh_log_hexdump("Computed mac",hmacbuf,hmaclen);
+                    mac,
-  ssh_log_hexdump("seq",(unsigned char *)&seq,sizeof(uint32_t));
+                    hmaclen);
    ssh_log_hexdump("Computed mac",
                    hmacbuf,
                    hmaclen);
    ssh_log_hexdump("seq",
                    (unsigned char *)&seq,
                    sizeof(uint32_t));
 #endif
-  if (secure_memcmp(mac, hmacbuf, hmaclen) == 0) {
+    if (secure_memcmp(mac,
-    return 0;
+                      hmacbuf,
-  }
+                      hmaclen) == 0) {
        return 0;
    }
-  return -1;
+    return -1;
 }