SHA_Init(&s);
SHA_Bytes(&s, p, len);
SHA_Final(&s, output);
+ smemclr(&s, sizeof(s));
}
/*
return s;
}
-static void sha1_bytes(void *handle, void *p, int len)
+static void *sha1_copy(const void *vold)
+{
+ const SHA_State *old = (const SHA_State *)vold;
+ SHA_State *s;
+
+ s = snew(SHA_State);
+ *s = *old;
+ return s;
+}
+
+static void sha1_free(void *handle)
+{
+ SHA_State *s = handle;
+
+ smemclr(s, sizeof(*s));
+ sfree(s);
+}
+
+static void sha1_bytes(void *handle, const void *p, int len)
{
SHA_State *s = handle;
SHA_State *s = handle;
SHA_Final(s, output);
- sfree(s);
+ sha1_free(s);
}
const struct ssh_hash ssh_sha1 = {
- sha1_init, sha1_bytes, sha1_final, 20, "SHA-1"
+ sha1_init, sha1_copy, sha1_bytes, sha1_final, sha1_free, 20, "SHA-1"
};
/* ----------------------------------------------------------------------
* HMAC wrapper on it.
*/
-static void *sha1_make_context(void)
+static void *sha1_make_context(void *cipher_ctx)
{
return snewn(3, SHA_State);
}
static void sha1_free_context(void *handle)
{
+ smemclr(handle, 3 * sizeof(SHA_State));
sfree(handle);
}
{
unsigned char correct[20];
hmacsha1_genresult(handle, correct);
- return !memcmp(correct, hmac, 20);
+ return smemeq(correct, hmac, 20);
}
static int sha1_verify(void *handle, unsigned char *blk, int len,
{
unsigned char correct[20];
sha1_do_hmac(handle, blk, len, seq, correct);
- return !memcmp(correct, blk + len, 20);
+ return smemeq(correct, blk + len, 20);
}
static void hmacsha1_96_genresult(void *handle, unsigned char *hmac)
{
unsigned char correct[20];
hmacsha1_genresult(handle, correct);
- return !memcmp(correct, hmac, 12);
+ return smemeq(correct, hmac, 12);
}
static int sha1_96_verify(void *handle, unsigned char *blk, int len,
{
unsigned char correct[20];
sha1_do_hmac(handle, blk, len, seq, correct);
- return !memcmp(correct, blk + len, 12);
+ return smemeq(correct, blk + len, 12);
}
void hmac_sha1_simple(void *key, int keylen, void *data, int datalen,
sha1_make_context, sha1_free_context, sha1_key,
sha1_generate, sha1_verify,
hmacsha1_start, hmacsha1_bytes, hmacsha1_genresult, hmacsha1_verresult,
- "hmac-sha1",
- 20,
+ "hmac-sha1", "hmac-sha1-etm@openssh.com",
+ 20, 20,
"HMAC-SHA1"
};
sha1_96_generate, sha1_96_verify,
hmacsha1_start, hmacsha1_bytes,
hmacsha1_96_genresult, hmacsha1_96_verresult,
- "hmac-sha1-96",
- 12,
+ "hmac-sha1-96", "hmac-sha1-96-etm@openssh.com",
+ 12, 20,
"HMAC-SHA1-96"
};
sha1_make_context, sha1_free_context, sha1_key_buggy,
sha1_generate, sha1_verify,
hmacsha1_start, hmacsha1_bytes, hmacsha1_genresult, hmacsha1_verresult,
- "hmac-sha1",
- 20,
+ "hmac-sha1", NULL,
+ 20, 16,
"bug-compatible HMAC-SHA1"
};
sha1_96_generate, sha1_96_verify,
hmacsha1_start, hmacsha1_bytes,
hmacsha1_96_genresult, hmacsha1_96_verresult,
- "hmac-sha1-96",
- 12,
+ "hmac-sha1-96", NULL,
+ 12, 16,
"bug-compatible HMAC-SHA1-96"
};