Attachment #906 for bug #1023

Lines 44-49 RCSID("$OpenBSD: kex.c,v 1.60 2004/06/21 Link Here

(-)kex.c (-9 / +38 lines)
44		44
45	#define KEX_COOKIE_LEN 16	45	#define KEX_COOKIE_LEN 16
46		46
		47	extern const EVP_MD *evp_ssh_sha512(void);
		48
47	/* prototype */	49	/* prototype */
48	static void kex_kexinit_finish(Kex *);	50	static void kex_kexinit_finish(Kex *);
49	static void kex_choose_conf(Kex *);	51	static void kex_choose_conf(Kex *);
Lines 295-302 choose_kex(Kex k, char client, char *s Link Here
295	k->kex_type = KEX_DH_GRP1_SHA1;	297	k->kex_type = KEX_DH_GRP1_SHA1;
296	} else if (strcmp(k->name, KEX_DH14) == 0) {	298	} else if (strcmp(k->name, KEX_DH14) == 0) {
297	k->kex_type = KEX_DH_GRP14_SHA1;	299	k->kex_type = KEX_DH_GRP14_SHA1;
298	} else if (strcmp(k->name, KEX_DHGEX) == 0) {	300	} else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
299	k->kex_type = KEX_DH_GEX_SHA1;	301	k->kex_type = KEX_DH_GEX_SHA1;
		302	} else if (strcmp(k->name, KEX_DHGEX_SHA512) == 0) {
		303	k->kex_type = KEX_DH_GEX_SHA512;
300	} else	304	} else
301	fatal("bad kex alg %s", k->name);	305	fatal("bad kex alg %s", k->name);
302	}	306	}
Lines 405-428 kex_choose_conf(Kex *kex) Link Here
405	}	409	}
406		410
407	static u_char *	411	static u_char *
408	derive_key(Kex kex, int id, int need, u_char hash, BIGNUM *shared_secret)	412	derive_key(Kex kex, int id, int need, u_char hash, u_int hashlen,
		413	BIGNUM *shared_secret)
409	{	414	{
410	Buffer b;	415	Buffer b;
411	const EVP_MD *evp_md = EVP_sha1();	416	const EVP_MD *evp_md;
412	EVP_MD_CTX md;	417	EVP_MD_CTX md;
413	char c = id;	418	char c = id;
414	int have;	419	int have;
415	int mdsz = EVP_MD_size(evp_md);	420	int mdsz;
416	u_char *digest = xmalloc(roundup(need, mdsz));	421	u_char *digest;
417		422
418	buffer_init(&b);	423	buffer_init(&b);
419	buffer_put_bignum2(&b, shared_secret);	424	buffer_put_bignum2(&b, shared_secret);
420		425
		426	switch (kex->kex_type) {
		427	case KEX_DH_GRP1_SHA1:
		428	case KEX_DH_GRP14_SHA1:
		429	case KEX_DH_GEX_SHA1:
		430	evp_md = EVP_sha1();
		431	break;
		432	case KEX_DH_GEX_SHA512:
		433	evp_md = evp_ssh_sha512();
		434	break;
		435	default:
		436	fatal("derive_key: unknown kex_type %d", kex->kex_type);
		437	}
		438
		439	mdsz = EVP_MD_size(evp_md);
		440	digest = xmalloc(roundup(need, mdsz));
		441
421	/* K1 = HASH(K \|\| H \|\| "A" \|\| session_id) */	442	/* K1 = HASH(K \|\| H \|\| "A" \|\| session_id) */
422	EVP_DigestInit(&md, evp_md);	443	EVP_DigestInit(&md, evp_md);
423	if (!(datafellows & SSH_BUG_DERIVEKEY))	444	if (!(datafellows & SSH_BUG_DERIVEKEY))
424	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));	445	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
425	EVP_DigestUpdate(&md, hash, mdsz);	446	EVP_DigestUpdate(&md, hash, hashlen);
426	EVP_DigestUpdate(&md, &c, 1);	447	EVP_DigestUpdate(&md, &c, 1);
427	EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);	448	EVP_DigestUpdate(&md, kex->session_id, kex->session_id_len);
428	EVP_DigestFinal(&md, digest, NULL);	449	EVP_DigestFinal(&md, digest, NULL);
Lines 432-438 derive_key(Kex *kex, int id, int need, u Link Here
432	* Kn = HASH(K \|\| H \|\| K1 \|\| K2 \|\| ... \|\| Kn-1)	453	* Kn = HASH(K \|\| H \|\| K1 \|\| K2 \|\| ... \|\| Kn-1)
433	* Key = K1 \|\| K2 \|\| ... \|\| Kn	454	* Key = K1 \|\| K2 \|\| ... \|\| Kn
434	*/	455	*/
		456	#ifdef DEBUG_KEX
		457	fprintf(stderr, "expand key: mdsz %d need %d\n", mdsz, need);
		458	#endif
435	for (have = mdsz; need > have; have += mdsz) {	459	for (have = mdsz; need > have; have += mdsz) {
		460	#ifdef DEBUG_KEX
		461	fprintf(stderr, "expand key: have %d\n", have);
		462	#endif
436	EVP_DigestInit(&md, evp_md);	463	EVP_DigestInit(&md, evp_md);
437	if (!(datafellows & SSH_BUG_DERIVEKEY))	464	if (!(datafellows & SSH_BUG_DERIVEKEY))
438	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));	465	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
Lines 452-464 Newkeys *current_keys[MODE_MAX]; Link Here
452		479
453	#define NKEYS 6	480	#define NKEYS 6
454	void	481	void
455	kex_derive_keys(Kex kex, u_char hash, BIGNUM *shared_secret)	482	kex_derive_keys(Kex kex, u_char hash, u_int hashlen, BIGNUM *shared_secret)
456	{	483	{
457	u_char *keys[NKEYS];	484	u_char *keys[NKEYS];
458	int i, mode, ctos;	485	int i, mode, ctos;
459		486
460	for (i = 0; i < NKEYS; i++)	487	for (i = 0; i < NKEYS; i++) {
461	keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, shared_secret);	488	keys[i] = derive_key(kex, 'A'+i, kex->we_need, hash, hashlen,
		489	shared_secret);
		490	}
462		491
463	debug2("kex_derive_keys");	492	debug2("kex_derive_keys");
464	for (mode = 0; mode < MODE_MAX; mode++) {	493	for (mode = 0; mode < MODE_MAX; mode++) {




#include "cipher.h"
#include "key.h"

#define	KEX_DH1			"diffie-hellman-group1-sha1"
#define	KEX_DH14		"diffie-hellman-group14-sha1"
#define	KEX_DHGEX_SHA1		"diffie-hellman-group-exchange-sha1"
#define	KEX_DHGEX_SHA512	"diffie-hellman-group-exchange-sha512"

enum kex_init_proposals {
	PROPOSAL_KEX_ALGS,

	KEX_DH_GRP1_SHA1,
	KEX_DH_GRP14_SHA1,
	KEX_DH_GEX_SHA1,
	KEX_DH_GEX_SHA512,
	KEX_MAX
};



void	 kex_send_kexinit(Kex *);
void	 kex_input_kexinit(int, u_int32_t, void *);
void	 kex_derive_keys(Kex *, u_char *, u_int, BIGNUM *);

Newkeys *kex_get_newkeys(int);


void	 kexgex_client(Kex *);
void	 kexgex_server(Kex *);

void
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
    BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
void
kexgex_hash(int, char *, char *, char *, int, char *, int, u_char *, int,
    int, int, int, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *, BIGNUM *,
    u_char **, u_int *);

void
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);




#include "ssh2.h"
#include "kex.h"

void
kex_dh_hash(
    char *client_version_string,
    char *server_version_string,

    u_char *serverhostkeyblob, int sbloblen,
    BIGNUM *client_dh_pub,
    BIGNUM *server_dh_pub,
    BIGNUM *shared_secret,
    u_char **hash, u_int *hashlen)
{
	Buffer b;
	static u_char digest[EVP_MAX_MD_SIZE];

#ifdef DEBUG_KEX
	dump_digest("hash", digest, EVP_MD_size(evp_md));
#endif
	*hash = digest;
	*hashlen = EVP_MD_size(evp_md);
}




	Key *server_host_key;
	u_char *server_host_key_blob = NULL, *signature = NULL;
	u_char *kbuf, *hash;
	u_int klen, kout, slen, sbloblen, hashlen;

	/* generate and send 'e', client DH public key */
	switch (kex->kex_type) {

	xfree(kbuf);

	/* calc and verify H */
	kex_dh_hash(
	    kex->client_version_string,
	    kex->server_version_string,
	    buffer_ptr(&kex->my), buffer_len(&kex->my),

	    server_host_key_blob, sbloblen,
	    dh->pub_key,
	    dh_server_pub,
	    shared_secret,
	    &hash, &hashlen
	);
	xfree(server_host_key_blob);
	BN_clear_free(dh_server_pub);
	DH_free(dh);

	if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
		fatal("key_verify failed for server_host_key");
	key_free(server_host_key);
	xfree(signature);

	/* save session id */
	if (kex->session_id == NULL) {
		kex->session_id_len = hashlen;
		kex->session_id = xmalloc(kex->session_id_len);
		memcpy(kex->session_id, hash, kex->session_id_len);
	}

	kex_derive_keys(kex, hash, hashlen, shared_secret);
	BN_clear_free(shared_secret);
	kex_finish(kex);
}




	DH *dh;
	Key *server_host_key;
	u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
	u_int sbloblen, klen, kout, hashlen;
	u_int slen;

	/* generate server DH public key */

	key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);

	/* calc H */
	kex_dh_hash(
	    kex->client_version_string,
	    kex->server_version_string,
	    buffer_ptr(&kex->peer), buffer_len(&kex->peer),

	    server_host_key_blob, sbloblen,
	    dh_client_pub,
	    dh->pub_key,
	    shared_secret,
	    &hash, &hashlen
	);
	BN_clear_free(dh_client_pub);

	/* save session id := H */
	/* XXX hashlen depends on KEX */
	if (kex->session_id == NULL) {
		kex->session_id_len = hashlen;
		kex->session_id = xmalloc(kex->session_id_len);
		memcpy(kex->session_id, hash, kex->session_id_len);
	}

	/* sign H */
	PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
	PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));

	/* destroy_sensitive_data(); */


	/* have keys, free DH */
	DH_free(dh);

	kex_derive_keys(kex, hash, hashlen, shared_secret);
	BN_clear_free(shared_secret);
	kex_finish(kex);
}




#include "includes.h"
RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");

#include <openssl/sha.h>

#include "buffer.h"
#include "bufaux.h"
#include "kex.h"
#include "ssh2.h"
#include "log.h"

extern const EVP_MD *evp_ssh_sha512(void);

void
kexgex_hash(
    int kex_type,
    char *client_version_string,
    char *server_version_string,
    char *ckexinit, int ckexinitlen,

    int min, int wantbits, int max, BIGNUM *prime, BIGNUM *gen,
    BIGNUM *client_dh_pub,
    BIGNUM *server_dh_pub,
    BIGNUM *shared_secret,
    u_char **hash, u_int *hashlen)
{
	Buffer b;
	static u_char digest[64];
	const EVP_MD *evp_md;
	EVP_MD_CTX md;

	buffer_init(&b);

#ifdef DEBUG_KEXDH
	buffer_dump(&b);
#endif

	switch (kex_type) {
	case KEX_DH_GEX_SHA1:
		evp_md = EVP_sha1();
		break;
	case KEX_DH_GEX_SHA512:
		evp_md = evp_ssh_sha512();
		break;
	default:
		fatal("kexgex_hash: unknown kex_type %d", kex_type);
	}

	EVP_DigestInit(&md, evp_md);
	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
	EVP_DigestFinal(&md, digest, NULL);
	
	buffer_free(&b);
	*hash = digest;
	*hashlen = EVP_MD_size(evp_md);
#ifdef DEBUG_KEXDH
	dump_digest("hash", digest, *hashlen);
#endif
	return digest;
}




	BIGNUM *p = NULL, *g = NULL;
	Key *server_host_key;
	u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
	u_int klen, kout, slen, sbloblen, hashlen;
	int min, max, nbits;
	DH *dh;


		min = max = -1;

	/* calc and verify H */
	kexgex_hash(
	    kex->kex_type,
	    kex->client_version_string,
	    kex->server_version_string,
	    buffer_ptr(&kex->my), buffer_len(&kex->my),

	    dh->p, dh->g,
	    dh->pub_key,
	    dh_server_pub,
	    shared_secret,
	    &hash, &hashlen
	);

	/* have keys, free DH */
	DH_free(dh);
	xfree(server_host_key_blob);
	BN_clear_free(dh_server_pub);

	if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
		fatal("key_verify failed for server_host_key");
	key_free(server_host_key);
	xfree(signature);

	/* save session id */
	if (kex->session_id == NULL) {
		kex->session_id_len = hashlen;
		kex->session_id = xmalloc(kex->session_id_len);
		memcpy(kex->session_id, hash, kex->session_id_len);
	}
	kex_derive_keys(kex, hash, hashlen, shared_secret);
	BN_clear_free(shared_secret);

	kex_finish(kex);




	Key *server_host_key;
	DH *dh;
	u_char *kbuf, *hash, *signature = NULL, *server_host_key_blob = NULL;
	u_int sbloblen, klen, kout, slen, hashlen;
	int min = -1, max = -1, nbits = -1, type;

	if (kex->load_host_key == NULL)

		min = max = -1;

	/* calc H */			/* XXX depends on 'kex' */
	kexgex_hash(
	    kex->kex_type,
	    kex->client_version_string,
	    kex->server_version_string,
	    buffer_ptr(&kex->peer), buffer_len(&kex->peer),

	    dh->p, dh->g,
	    dh_client_pub,
	    dh->pub_key,
	    shared_secret,
	    &hash, &hashlen
	);
	BN_clear_free(dh_client_pub);

	/* save session id := H */
	/* XXX hashlen depends on KEX */
	if (kex->session_id == NULL) {
		kex->session_id_len = hashlen;
		kex->session_id = xmalloc(kex->session_id_len);
		memcpy(kex->session_id, hash, kex->session_id_len);
	}

	/* sign H */
	PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
	PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));

	/* destroy_sensitive_data(); */


	/* have keys, free DH */
	DH_free(dh);

	kex_derive_keys(kex, hash, hashlen, shared_secret);
	BN_clear_free(shared_secret);

	kex_finish(kex);




/*
 * Copyright (c) 2005 Damien Miller.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/* EVP wrapper for SHA512 */

#include "includes.h"
RCSID("$OpenBSD$");

#include <openssl/evp.h>
#include <sha2.h>

const EVP_MD *evp_ssh_sha512(void);

static int
ssh_sha512_init(EVP_MD_CTX *ctxt)
{
	SHA512_Init(ctxt->md_data);
	return (1);
}

static int
ssh_sha512_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len)
{
	SHA512_Update(ctxt->md_data, data, len);
	return (1);
}

static int
ssh_sha512_final(EVP_MD_CTX *ctxt, unsigned char *digest)
{
	SHA512_Final(digest, ctxt->md_data);
	return (1);
}

static int
ssh_sha512_cleanup(EVP_MD_CTX *ctxt)
{
	memset(ctxt->md_data, 0, sizeof(SHA512_CTX));
	return (1);
}

const EVP_MD *
evp_ssh_sha512(void)
{
	static EVP_MD ssh_sha512;

	memset(&ssh_sha512, 0, sizeof(ssh_sha512));
	ssh_sha512.type = NID_undef;
	/* ssh_sha512.pkey_type = XXX; */
	ssh_sha512.md_size = SHA512_DIGEST_LENGTH;
	/* ssh_sha512.flags = XXX; */
	ssh_sha512.init = ssh_sha512_init;
	ssh_sha512.update = ssh_sha512_update;
	ssh_sha512.final = ssh_sha512_final;
	/* ssh_sha512.copy = XXX; */
	ssh_sha512.cleanup = ssh_sha512_cleanup;
	/* ssh_sha512.sign = XXX; */
	/* ssh_sha512.verify = XXX; */
	/* ssh_sha512.required_pkey_type = XXX; */
	ssh_sha512.block_size = SHA512_BLOCK_LENGTH;
	ssh_sha512.ctx_size = sizeof(SHA512_CTX);

	return (&ssh_sha512);
}

Lines 473-479 mm_answer_sign(int sock, Buffer *m) Link Here

(-)monitor.c (-1 / +6 lines)
473	keyid = buffer_get_int(m);	473	keyid = buffer_get_int(m);
474	p = buffer_get_string(m, &datlen);	474	p = buffer_get_string(m, &datlen);
475		475
476	if (datlen != 20)	476	/*
		477	* Supported KEX types will only return SHA1 (20 byte) or
		478	* SHA512 (64 byte) hashes
		479	*/
		480	if (datlen != 20 && datlen != 64)
477	fatal("%s: data length incorrect: %u", __func__, datlen);	481	fatal("%s: data length incorrect: %u", __func__, datlen);
478		482
479	/* save session id, it will be passed on the first call */	483	/* save session id, it will be passed on the first call */
Lines 1375-1380 mm_get_kex(Buffer *m) Link Here
1375	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;	1379	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1376	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;	1380	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
1377	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;	1381	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
		1382	kex->kex[KEX_DH_GEX_SHA512] = kexgex_server;
1378	kex->server = 1;	1383	kex->server = 1;
1379	kex->hostkey_type = buffer_get_int(m);	1384	kex->hostkey_type = buffer_get_int(m);
1380	kex->kex_type = buffer_get_int(m);	1385	kex->kex_type = buffer_get_int(m);

Lines 23-31 Link Here

(-)myproposal.h (-3 / +5 lines)
23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	23	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	24	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25	*/	25	*/
26	#define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1," \	26	#define KEX_DEFAULT_KEX \
27	"diffie-hellman-group14-sha1," \	27	"diffie-hellman-group-exchange-sha512," \
28	"diffie-hellman-group1-sha1"	28	"diffie-hellman-group-exchange-sha1," \
		29	"diffie-hellman-group14-sha1," \
		30	"diffie-hellman-group1-sha1"
29	#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"	31	#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
30	#define KEX_DEFAULT_ENCRYPT \	32	#define KEX_DEFAULT_ENCRYPT \
31	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \	33	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \

Lines 341-346 keygrab_ssh2(con *c) Link Here

(-)ssh-keyscan.c (+1 lines)
341	c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;	341	c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
342	c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;	342	c->c_kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
343	c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;	343	c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
		344	c->c_kex->kex[KEX_DH_GEX_SHA512] = kexgex_client;
344	c->c_kex->verify_host_key = hostjump;	345	c->c_kex->verify_host_key = hostjump;
345		346
346	if (!(j = setjmp(kexjmp))) {	347	if (!(j = setjmp(kexjmp))) {

Lines 120-125 ssh_kex2(char host, struct sockaddr ho Link Here

(-)sshconnect2.c (+1 lines)
120	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;	120	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
121	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;	121	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
122	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;	122	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
		123	kex->kex[KEX_DH_GEX_SHA512] = kexgex_client;
123	kex->client_version_string=client_version_string;	124	kex->client_version_string=client_version_string;
124	kex->server_version_string=server_version_string;	125	kex->server_version_string=server_version_string;
125	kex->verify_host_key=&verify_host_key_callback;	126	kex->verify_host_key=&verify_host_key_callback;

Lines 1906-1911 do_ssh2_kex(void) Link Here

(-)sshd.c (+1 lines)
1906	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;	1906	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
1907	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;	1907	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
1908	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;	1908	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
		1909	kex->kex[KEX_DH_GEX_SHA512] = kexgex_server;
1909	kex->server = 1;	1910	kex->server = 1;
1910	kex->client_version_string=client_version_string;	1911	kex->client_version_string=client_version_string;
1911	kex->server_version_string=server_version_string;	1912	kex->server_version_string=server_version_string;

Lines 11-17 SRCS= authfd.c authfile.c bufaux.c buffe Link Here

(-)lib/Makefile (-1 / +1 lines)
11	key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \	11	key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \
12	ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \	12	ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
13	kexdhc.c kexgexc.c scard.c msg.c progressmeter.c dns.c \	13	kexdhc.c kexgexc.c scard.c msg.c progressmeter.c dns.c \
14	monitor_fdpass.c	14	monitor_fdpass.c md-sha512.c
15		15
16	DEBUGLIBS= no	16	DEBUGLIBS= no
17	NOPROFILE= yes	17	NOPROFILE= yes

Return to bug 1023

Lines 31-39 Link Here

(-)kex.h (-9 / +12 lines)
31	#include "cipher.h"	31	#include "cipher.h"
32	#include "key.h"	32	#include "key.h"
33		33
34	#define KEX_DH1 "diffie-hellman-group1-sha1"	34	#define KEX_DH1 "diffie-hellman-group1-sha1"
35	#define KEX_DH14 "diffie-hellman-group14-sha1"	35	#define KEX_DH14 "diffie-hellman-group14-sha1"
36	#define KEX_DHGEX "diffie-hellman-group-exchange-sha1"	36	#define KEX_DHGEX_SHA1 "diffie-hellman-group-exchange-sha1"
		37	#define KEX_DHGEX_SHA512 "diffie-hellman-group-exchange-sha512"
37		38
38	enum kex_init_proposals {	39	enum kex_init_proposals {
39	PROPOSAL_KEX_ALGS,	40	PROPOSAL_KEX_ALGS,
Lines 59-64 enum kex_exchange { Link Here
59	KEX_DH_GRP1_SHA1,	60	KEX_DH_GRP1_SHA1,
60	KEX_DH_GRP14_SHA1,	61	KEX_DH_GRP14_SHA1,
61	KEX_DH_GEX_SHA1,	62	KEX_DH_GEX_SHA1,
		63	KEX_DH_GEX_SHA512,
62	KEX_MAX	64	KEX_MAX
63	};	65	};
64		66
Lines 123-129 void kex_finish(Kex *); Link Here
123		125
124	void kex_send_kexinit(Kex *);	126	void kex_send_kexinit(Kex *);
125	void kex_input_kexinit(int, u_int32_t, void *);	127	void kex_input_kexinit(int, u_int32_t, void *);
126	void kex_derive_keys(Kex , u_char , BIGNUM *);	128	void kex_derive_keys(Kex , u_char , u_int, BIGNUM *);
127		129
128	Newkeys *kex_get_newkeys(int);	130	Newkeys *kex_get_newkeys(int);
129		131
Lines 132-143 void kexdh_server(Kex *); Link Here
132	void kexgex_client(Kex *);	134	void kexgex_client(Kex *);
133	void kexgex_server(Kex *);	135	void kexgex_server(Kex *);
134		136
135	u_char *	137	void
136	kex_dh_hash(char , char , char , int, char , int, u_char *, int,	138	kex_dh_hash(char , char , char , int, char , int, u_char *, int,
137	BIGNUM , BIGNUM , BIGNUM *);	139	BIGNUM , BIGNUM , BIGNUM , u_char , u_int );
138	u_char *	140	void
139	kexgex_hash(char , char , char , int, char , int, u_char *, int,	141	kexgex_hash(int, char , char , char , int, char , int, u_char *, int,
140	int, int, int, BIGNUM , BIGNUM , BIGNUM , BIGNUM , BIGNUM *);	142	int, int, int, BIGNUM , BIGNUM , BIGNUM , BIGNUM , BIGNUM *,
		143	u_char *, u_int );
141		144
142	void	145	void
143	derive_ssh1_session_id(BIGNUM , BIGNUM , u_int8_t[8], u_int8_t[16]);	146	derive_ssh1_session_id(BIGNUM , BIGNUM , u_int8_t[8], u_int8_t[16]);

Lines 32-38 RCSID("$OpenBSD: kexdh.c,v 1.19 2003/02/ Link Here

(-)kexdh.c (-3 / +5 lines)
32	#include "ssh2.h"	32	#include "ssh2.h"
33	#include "kex.h"	33	#include "kex.h"
34		34
35	u_char *	35	void
36	kex_dh_hash(	36	kex_dh_hash(
37	char *client_version_string,	37	char *client_version_string,
38	char *server_version_string,	38	char *server_version_string,
Lines 41-47 kex_dh_hash( Link Here
41	u_char *serverhostkeyblob, int sbloblen,	41	u_char *serverhostkeyblob, int sbloblen,
42	BIGNUM *client_dh_pub,	42	BIGNUM *client_dh_pub,
43	BIGNUM *server_dh_pub,	43	BIGNUM *server_dh_pub,
44	BIGNUM *shared_secret)	44	BIGNUM *shared_secret,
		45	u_char *hash, u_int hashlen)
45	{	46	{
46	Buffer b;	47	Buffer b;
47	static u_char digest[EVP_MAX_MD_SIZE];	48	static u_char digest[EVP_MAX_MD_SIZE];
Lines 77-81 kex_dh_hash( Link Here
77	#ifdef DEBUG_KEX	78	#ifdef DEBUG_KEX
78	dump_digest("hash", digest, EVP_MD_size(evp_md));	79	dump_digest("hash", digest, EVP_MD_size(evp_md));
79	#endif	80	#endif
80	return digest;	81	*hash = digest;
		82	*hashlen = EVP_MD_size(evp_md);
81	}	83	}

Lines 41-47 kexdh_client(Kex *kex) Link Here

(-)kexdhc.c (-6 / +7 lines)
41	Key *server_host_key;	41	Key *server_host_key;
42	u_char server_host_key_blob = NULL, signature = NULL;	42	u_char server_host_key_blob = NULL, signature = NULL;
43	u_char kbuf, hash;	43	u_char kbuf, hash;
44	u_int klen, kout, slen, sbloblen;	44	u_int klen, kout, slen, sbloblen, hashlen;
45		45
46	/* generate and send 'e', client DH public key */	46	/* generate and send 'e', client DH public key */
47	switch (kex->kex_type) {	47	switch (kex->kex_type) {
Lines 114-120 kexdh_client(Kex *kex) Link Here
114	xfree(kbuf);	114	xfree(kbuf);
115		115
116	/* calc and verify H */	116	/* calc and verify H */
117	hash = kex_dh_hash(	117	kex_dh_hash(
118	kex->client_version_string,	118	kex->client_version_string,
119	kex->server_version_string,	119	kex->server_version_string,
120	buffer_ptr(&kex->my), buffer_len(&kex->my),	120	buffer_ptr(&kex->my), buffer_len(&kex->my),
Lines 122-146 kexdh_client(Kex *kex) Link Here
122	server_host_key_blob, sbloblen,	122	server_host_key_blob, sbloblen,
123	dh->pub_key,	123	dh->pub_key,
124	dh_server_pub,	124	dh_server_pub,
125	shared_secret	125	shared_secret,
		126	&hash, &hashlen
126	);	127	);
127	xfree(server_host_key_blob);	128	xfree(server_host_key_blob);
128	BN_clear_free(dh_server_pub);	129	BN_clear_free(dh_server_pub);
129	DH_free(dh);	130	DH_free(dh);
130		131
131	if (key_verify(server_host_key, signature, slen, hash, 20) != 1)	132	if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
132	fatal("key_verify failed for server_host_key");	133	fatal("key_verify failed for server_host_key");
133	key_free(server_host_key);	134	key_free(server_host_key);
134	xfree(signature);	135	xfree(signature);
135		136
136	/* save session id */	137	/* save session id */
137	if (kex->session_id == NULL) {	138	if (kex->session_id == NULL) {
138	kex->session_id_len = 20;	139	kex->session_id_len = hashlen;
139	kex->session_id = xmalloc(kex->session_id_len);	140	kex->session_id = xmalloc(kex->session_id_len);
140	memcpy(kex->session_id, hash, kex->session_id_len);	141	memcpy(kex->session_id, hash, kex->session_id_len);
141	}	142	}
142		143
143	kex_derive_keys(kex, hash, shared_secret);	144	kex_derive_keys(kex, hash, hashlen, shared_secret);
144	BN_clear_free(shared_secret);	145	BN_clear_free(shared_secret);
145	kex_finish(kex);	146	kex_finish(kex);
146	}	147	}

Lines 41-47 kexdh_server(Kex *kex) Link Here

(-)kexdhs.c (-8 / +7 lines)
41	DH *dh;	41	DH *dh;
42	Key *server_host_key;	42	Key *server_host_key;
43	u_char kbuf, hash, signature = NULL, server_host_key_blob = NULL;	43	u_char kbuf, hash, signature = NULL, server_host_key_blob = NULL;
44	u_int sbloblen, klen, kout;	44	u_int sbloblen, klen, kout, hashlen;
45	u_int slen;	45	u_int slen;
46		46
47	/* generate server DH public key */	47	/* generate server DH public key */
Lines 103-109 kexdh_server(Kex *kex) Link Here
103	key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);	103	key_to_blob(server_host_key, &server_host_key_blob, &sbloblen);
104		104
105	/* calc H */	105	/* calc H */
106	hash = kex_dh_hash(	106	kex_dh_hash(
107	kex->client_version_string,	107	kex->client_version_string,
108	kex->server_version_string,	108	kex->server_version_string,
109	buffer_ptr(&kex->peer), buffer_len(&kex->peer),	109	buffer_ptr(&kex->peer), buffer_len(&kex->peer),
Lines 111-131 kexdh_server(Kex *kex) Link Here
111	server_host_key_blob, sbloblen,	111	server_host_key_blob, sbloblen,
112	dh_client_pub,	112	dh_client_pub,
113	dh->pub_key,	113	dh->pub_key,
114	shared_secret	114	shared_secret,
		115	&hash, &hashlen
115	);	116	);
116	BN_clear_free(dh_client_pub);	117	BN_clear_free(dh_client_pub);
117		118
118	/* save session id := H */	119	/* save session id := H */
119	/* XXX hashlen depends on KEX */
120	if (kex->session_id == NULL) {	120	if (kex->session_id == NULL) {
121	kex->session_id_len = 20;	121	kex->session_id_len = hashlen;
122	kex->session_id = xmalloc(kex->session_id_len);	122	kex->session_id = xmalloc(kex->session_id_len);
123	memcpy(kex->session_id, hash, kex->session_id_len);	123	memcpy(kex->session_id, hash, kex->session_id_len);
124	}	124	}
125		125
126	/* sign H */	126	/* sign H */
127	/* XXX hashlen depends on KEX */	127	PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
128	PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
129		128
130	/* destroy_sensitive_data(); */	129	/* destroy_sensitive_data(); */
131		130
Lines 141-147 kexdh_server(Kex *kex) Link Here
141	/* have keys, free DH */	140	/* have keys, free DH */
142	DH_free(dh);	141	DH_free(dh);
143		142
144	kex_derive_keys(kex, hash, shared_secret);	143	kex_derive_keys(kex, hash, hashlen, shared_secret);
145	BN_clear_free(shared_secret);	144	BN_clear_free(shared_secret);
146	kex_finish(kex);	145	kex_finish(kex);
147	}	146	}

Lines 26-40 Link Here

(-)kexgex.c (-9 / +26 lines)
26	#include "includes.h"	26	#include "includes.h"
27	RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");	27	RCSID("$OpenBSD: kexgex.c,v 1.23 2003/02/16 17:09:57 markus Exp $");
28		28
29	#include <openssl/evp.h>	29	#include <openssl/sha.h>
30		30
31	#include "buffer.h"	31	#include "buffer.h"
32	#include "bufaux.h"	32	#include "bufaux.h"
33	#include "kex.h"	33	#include "kex.h"
34	#include "ssh2.h"	34	#include "ssh2.h"
		35	#include "log.h"
35		36
36	u_char *	37	extern const EVP_MD *evp_ssh_sha512(void);
		38
		39	void
37	kexgex_hash(	40	kexgex_hash(
		41	int kex_type,
38	char *client_version_string,	42	char *client_version_string,
39	char *server_version_string,	43	char *server_version_string,
40	char *ckexinit, int ckexinitlen,	44	char *ckexinit, int ckexinitlen,
Lines 43-53 kexgex_hash( Link Here
43	int min, int wantbits, int max, BIGNUM prime, BIGNUM gen,	47	int min, int wantbits, int max, BIGNUM prime, BIGNUM gen,
44	BIGNUM *client_dh_pub,	48	BIGNUM *client_dh_pub,
45	BIGNUM *server_dh_pub,	49	BIGNUM *server_dh_pub,
46	BIGNUM *shared_secret)	50	BIGNUM *shared_secret,
		51	u_char *hash, u_int hashlen)
47	{	52	{
48	Buffer b;	53	Buffer b;
49	static u_char digest[EVP_MAX_MD_SIZE];	54	static u_char digest[64];
50	const EVP_MD *evp_md = EVP_sha1();	55	const EVP_MD *evp_md;
51	EVP_MD_CTX md;	56	EVP_MD_CTX md;
52		57
53	buffer_init(&b);	58	buffer_init(&b);
Lines 79-92 kexgex_hash( Link Here
79	#ifdef DEBUG_KEXDH	84	#ifdef DEBUG_KEXDH
80	buffer_dump(&b);	85	buffer_dump(&b);
81	#endif	86	#endif
		87
		88	switch (kex_type) {
		89	case KEX_DH_GEX_SHA1:
		90	evp_md = EVP_sha1();
		91	break;
		92	case KEX_DH_GEX_SHA512:
		93	evp_md = evp_ssh_sha512();
		94	break;
		95	default:
		96	fatal("kexgex_hash: unknown kex_type %d", kex_type);
		97	}
		98
82	EVP_DigestInit(&md, evp_md);	99	EVP_DigestInit(&md, evp_md);
83	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));	100	EVP_DigestUpdate(&md, buffer_ptr(&b), buffer_len(&b));
84	EVP_DigestFinal(&md, digest, NULL);	101	EVP_DigestFinal(&md, digest, NULL);
85		102
86	buffer_free(&b);	103	buffer_free(&b);
87		104	*hash = digest;
		105	*hashlen = EVP_MD_size(evp_md);
88	#ifdef DEBUG_KEXDH	106	#ifdef DEBUG_KEXDH
89	dump_digest("hash", digest, EVP_MD_size(evp_md));	107	dump_digest("hash", digest, *hashlen);
90	#endif	108	#endif
91	return digest;
92	}	109	}

Lines 42-48 kexgex_client(Kex *kex) Link Here

(-)kexgexc.c (-6 / +9 lines)
42	BIGNUM p = NULL, g = NULL;	42	BIGNUM p = NULL, g = NULL;
43	Key *server_host_key;	43	Key *server_host_key;
44	u_char kbuf, hash, signature = NULL, server_host_key_blob = NULL;	44	u_char kbuf, hash, signature = NULL, server_host_key_blob = NULL;
45	u_int klen, kout, slen, sbloblen;	45	u_int klen, kout, slen, sbloblen, hashlen;
46	int min, max, nbits;	46	int min, max, nbits;
47	DH *dh;	47	DH *dh;
48		48
Lines 155-161 kexgex_client(Kex *kex) Link Here
155	min = max = -1;	155	min = max = -1;
156		156
157	/* calc and verify H */	157	/* calc and verify H */
158	hash = kexgex_hash(	158	kexgex_hash(
		159	kex->kex_type,
159	kex->client_version_string,	160	kex->client_version_string,
160	kex->server_version_string,	161	kex->server_version_string,
161	buffer_ptr(&kex->my), buffer_len(&kex->my),	162	buffer_ptr(&kex->my), buffer_len(&kex->my),
Lines 165-189 kexgex_client(Kex *kex) Link Here
165	dh->p, dh->g,	166	dh->p, dh->g,
166	dh->pub_key,	167	dh->pub_key,
167	dh_server_pub,	168	dh_server_pub,
168	shared_secret	169	shared_secret,
		170	&hash, &hashlen
169	);	171	);
		172
170	/* have keys, free DH */	173	/* have keys, free DH */
171	DH_free(dh);	174	DH_free(dh);
172	xfree(server_host_key_blob);	175	xfree(server_host_key_blob);
173	BN_clear_free(dh_server_pub);	176	BN_clear_free(dh_server_pub);
174		177
175	if (key_verify(server_host_key, signature, slen, hash, 20) != 1)	178	if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
176	fatal("key_verify failed for server_host_key");	179	fatal("key_verify failed for server_host_key");
177	key_free(server_host_key);	180	key_free(server_host_key);
178	xfree(signature);	181	xfree(signature);
179		182
180	/* save session id */	183	/* save session id */
181	if (kex->session_id == NULL) {	184	if (kex->session_id == NULL) {
182	kex->session_id_len = 20;	185	kex->session_id_len = hashlen;
183	kex->session_id = xmalloc(kex->session_id_len);	186	kex->session_id = xmalloc(kex->session_id_len);
184	memcpy(kex->session_id, hash, kex->session_id_len);	187	memcpy(kex->session_id, hash, kex->session_id_len);
185	}	188	}
186	kex_derive_keys(kex, hash, shared_secret);	189	kex_derive_keys(kex, hash, hashlen, shared_secret);
187	BN_clear_free(shared_secret);	190	BN_clear_free(shared_secret);
188		191
189	kex_finish(kex);	192	kex_finish(kex);

Lines 43-49 kexgex_server(Kex *kex) Link Here

(-)kexgexs.c (-8 / +8 lines)
43	Key *server_host_key;	43	Key *server_host_key;
44	DH *dh;	44	DH *dh;
45	u_char kbuf, hash, signature = NULL, server_host_key_blob = NULL;	45	u_char kbuf, hash, signature = NULL, server_host_key_blob = NULL;
46	u_int sbloblen, klen, kout, slen;	46	u_int sbloblen, klen, kout, slen, hashlen;
47	int min = -1, max = -1, nbits = -1, type;	47	int min = -1, max = -1, nbits = -1, type;
48		48
49	if (kex->load_host_key == NULL)	49	if (kex->load_host_key == NULL)
Lines 138-144 kexgex_server(Kex *kex) Link Here
138	min = max = -1;	138	min = max = -1;
139		139
140	/* calc H / / XXX depends on 'kex' */	140	/* calc H / / XXX depends on 'kex' */
141	hash = kexgex_hash(	141	kexgex_hash(
		142	kex->kex_type,
142	kex->client_version_string,	143	kex->client_version_string,
143	kex->server_version_string,	144	kex->server_version_string,
144	buffer_ptr(&kex->peer), buffer_len(&kex->peer),	145	buffer_ptr(&kex->peer), buffer_len(&kex->peer),
Lines 148-168 kexgex_server(Kex *kex) Link Here
148	dh->p, dh->g,	149	dh->p, dh->g,
149	dh_client_pub,	150	dh_client_pub,
150	dh->pub_key,	151	dh->pub_key,
151	shared_secret	152	shared_secret,
		153	&hash, &hashlen
152	);	154	);
153	BN_clear_free(dh_client_pub);	155	BN_clear_free(dh_client_pub);
154		156
155	/* save session id := H */	157	/* save session id := H */
156	/* XXX hashlen depends on KEX */
157	if (kex->session_id == NULL) {	158	if (kex->session_id == NULL) {
158	kex->session_id_len = 20;	159	kex->session_id_len = hashlen;
159	kex->session_id = xmalloc(kex->session_id_len);	160	kex->session_id = xmalloc(kex->session_id_len);
160	memcpy(kex->session_id, hash, kex->session_id_len);	161	memcpy(kex->session_id, hash, kex->session_id_len);
161	}	162	}
162		163
163	/* sign H */	164	/* sign H */
164	/* XXX hashlen depends on KEX */	165	PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, hashlen));
165	PRIVSEP(key_sign(server_host_key, &signature, &slen, hash, 20));
166		166
167	/* destroy_sensitive_data(); */	167	/* destroy_sensitive_data(); */
168		168
Lines 179-185 kexgex_server(Kex *kex) Link Here
179	/* have keys, free DH */	179	/* have keys, free DH */
180	DH_free(dh);	180	DH_free(dh);
181		181
182	kex_derive_keys(kex, hash, shared_secret);	182	kex_derive_keys(kex, hash, hashlen, shared_secret);
183	BN_clear_free(shared_secret);	183	BN_clear_free(shared_secret);
184		184
185	kex_finish(kex);	185	kex_finish(kex);

Added Link Here

(-)md-sha512.c (+85 lines)
1	/*
2	* Copyright (c) 2005 Damien Miller. All rights reserved.
3	*
4	* Redistribution and use in source and binary forms, with or without
5	* modification, are permitted provided that the following conditions
6	* are met:
7	* 1. Redistributions of source code must retain the above copyright
8	* notice, this list of conditions and the following disclaimer.
9	* 2. Redistributions in binary form must reproduce the above copyright
10	* notice, this list of conditions and the following disclaimer in the
11	* documentation and/or other materials provided with the distribution.
12	*
13	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
15	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
16	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
17	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
18	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
19	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
20	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
21	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
22	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
23	*/
24
25	/* EVP wrapper for SHA512 */
26
27	#include "includes.h"
28	RCSID("$OpenBSD$");
29
30	#include <openssl/evp.h>
31	#include <sha2.h>
32
33	const EVP_MD *evp_ssh_sha512(void);
34
35	static int
36	ssh_sha512_init(EVP_MD_CTX *ctxt)
37	{
38	SHA512_Init(ctxt->md_data);
39	return (1);
40	}
41
42	static int
43	ssh_sha512_update(EVP_MD_CTX ctxt, const void data, unsigned long len)
44	{
45	SHA512_Update(ctxt->md_data, data, len);
46	return (1);
47	}
48
49	static int
50	ssh_sha512_final(EVP_MD_CTX ctxt, unsigned char digest)
51	{
52	SHA512_Final(digest, ctxt->md_data);
53	return (1);
54	}
55
56	static int
57	ssh_sha512_cleanup(EVP_MD_CTX *ctxt)
58	{
59	memset(ctxt->md_data, 0, sizeof(SHA512_CTX));
60	return (1);
61	}
62
63	const EVP_MD *
64	evp_ssh_sha512(void)
65	{
66	static EVP_MD ssh_sha512;
67
68	memset(&ssh_sha512, 0, sizeof(ssh_sha512));
69	ssh_sha512.type = NID_undef;
70	/* ssh_sha512.pkey_type = XXX; */
71	ssh_sha512.md_size = SHA512_DIGEST_LENGTH;
72	/* ssh_sha512.flags = XXX; */
73	ssh_sha512.init = ssh_sha512_init;
74	ssh_sha512.update = ssh_sha512_update;
75	ssh_sha512.final = ssh_sha512_final;
76	/* ssh_sha512.copy = XXX; */
77	ssh_sha512.cleanup = ssh_sha512_cleanup;
78	/* ssh_sha512.sign = XXX; */
79	/* ssh_sha512.verify = XXX; */
80	/* ssh_sha512.required_pkey_type = XXX; */
81	ssh_sha512.block_size = SHA512_BLOCK_LENGTH;
82	ssh_sha512.ctx_size = sizeof(SHA512_CTX);
83
84	return (&ssh_sha512);
85	}