diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h index a89cbd05..403c2d22 100644 --- a/include/libssh/libcrypto.h +++ b/include/libssh/libcrypto.h @@ -38,7 +38,7 @@ typedef EVP_MD_CTX* SHA256CTX; typedef EVP_MD_CTX* SHA384CTX; typedef EVP_MD_CTX* SHA512CTX; typedef EVP_MD_CTX* MD5CTX; -typedef HMAC_CTX* HMACCTX; +typedef EVP_MD_CTX* HMACCTX; #ifdef HAVE_ECC typedef EVP_MD_CTX *EVPCTX; #else diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c index 169fca69..12051c85 100644 --- a/src/libcrypto-compat.c +++ b/src/libcrypto-compat.c @@ -242,24 +242,6 @@ int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx) return 1; } -HMAC_CTX *HMAC_CTX_new(void) -{ - HMAC_CTX *ctx = OPENSSL_malloc(sizeof(HMAC_CTX)); - - if (ctx != NULL) { - HMAC_CTX_init(ctx); - } - return ctx; -} - -void HMAC_CTX_free(HMAC_CTX *ctx) -{ - if (ctx != NULL) { - HMAC_CTX_cleanup(ctx); - OPENSSL_free(ctx); - } -} - #ifndef HAVE_OPENSSL_EVP_CIPHER_CTX_NEW EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h index ced8af35..c584ed25 100644 --- a/src/libcrypto-compat.h +++ b/src/libcrypto-compat.h @@ -35,9 +35,6 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx); int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx); -HMAC_CTX *HMAC_CTX_new(void); -void HMAC_CTX_free(HMAC_CTX *ctx); - void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); diff --git a/src/libcrypto.c b/src/libcrypto.c index c82b4b5e..a9fecbe4 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -423,42 +423,59 @@ int ssh_kdf(struct ssh_crypto_struct *crypto, HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) { HMACCTX ctx = NULL; + EVP_PKEY *pkey = NULL; + int rc = -1; - ctx = HMAC_CTX_new(); + ctx = EVP_MD_CTX_new(); if (ctx == NULL) { return NULL; } - switch (type) { - case SSH_HMAC_SHA1: - HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL); - break; - case SSH_HMAC_SHA256: - HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL); - break; - case SSH_HMAC_SHA512: - HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL); - break; - case SSH_HMAC_MD5: - HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL); - break; - default: - HMAC_CTX_free(ctx); - ctx = NULL; + pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, len); + if (pkey == NULL) { + goto error; } + switch (type) { + case SSH_HMAC_SHA1: + rc = EVP_DigestSignInit(ctx, NULL, EVP_sha1(), NULL, pkey); + break; + case SSH_HMAC_SHA256: + rc = EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, pkey); + break; + case SSH_HMAC_SHA512: + rc = EVP_DigestSignInit(ctx, NULL, EVP_sha512(), NULL, pkey); + break; + case SSH_HMAC_MD5: + rc = EVP_DigestSignInit(ctx, NULL, EVP_md5(), NULL, pkey); + break; + default: + rc = -1; + break; + } + + EVP_PKEY_free(pkey); + if (rc != 1) { + goto error; + } return ctx; + +error: + EVP_MD_CTX_free(ctx); + return NULL; } void hmac_update(HMACCTX ctx, const void *data, unsigned long len) { - HMAC_Update(ctx, data, len); + EVP_DigestSignUpdate(ctx, data, len); } void hmac_final(HMACCTX ctx, unsigned char *hashmacbuf, unsigned int *len) { - HMAC_Final(ctx, hashmacbuf, len); - HMAC_CTX_free(ctx); + size_t res; + EVP_DigestSignFinal(ctx, hashmacbuf, &res); + EVP_MD_CTX_free(ctx); + *len = res; } static void evp_cipher_init(struct ssh_cipher_struct *cipher)