``portability'' patch for OpenSSH S/Key support
Chris, the Young One
cky at pobox.com
Sun Jul 2 14:04:33 EST 2000
More specifically, the hashing functions in most operating systems will
be provided by OpenSSL, rather than libc. OpenSSL does not have SHA1_End
but since it is used only for generating fake challenges, the impact of
changing it to SHA1_Final should be small.
A more general solution would be to have configure.in test for sha1.h,
openssl/sha.h, and SHA1_End. configure.in should also add auth-skey.o to
SSHDOBJS in Makefile if S/Key is enabled; my patch below does not cover
those issues. Perhaps another time.
If any GNU/Linux admins want to play with S/Key, I have some patches on
the OpenBSD versions at http://ftp.m.org.nz/users/cky/patches/skey/ (or,
of course, ftp://...).
Enjoy!
---Chris K.
* * *
--- auth-skey.c Thu Jun 22 23:32:31 2000
+++ auth-skey.c Sun Jul 2 15:17:47 2000
@@ -4,7 +4,7 @@
#include "ssh.h"
#include "packet.h"
-#include <sha1.h>
+#include <openssl/sha.h>
/* from %OpenBSD: skeylogin.c,v 1.32 1999/08/16 14:46:56 millert Exp % */
@@ -74,7 +74,6 @@
size_t secretlen = 0;
SHA_CTX ctx;
char *p, *u;
- char md[SHA_DIGEST_LENGTH];
/*
* Base first 4 chars of seed on hostname.
@@ -99,7 +98,7 @@
SHA1_Init(&ctx);
SHA1_Update(&ctx, username, strlen(username));
- SHA1_End(&ctx, up);
+ SHA1_Final(up, &ctx);
/* Collapse the hash */
ptr = hash_collapse(up);
@@ -133,7 +132,7 @@
SHA1_Init(&ctx);
SHA1_Update(&ctx, secret, secretlen);
SHA1_Update(&ctx, username, strlen(username));
- SHA1_End(&ctx, up);
+ SHA1_Final(up, &ctx);
/* Zero out */
memset(secret, 0, secretlen);
@@ -141,7 +140,7 @@
/* Now hash the hash */
SHA1_Init(&ctx);
SHA1_Update(&ctx, up, strlen(up));
- SHA1_End(&ctx, up);
+ SHA1_Final(up, &ctx);
ptr = hash_collapse(up + 4);
--
Chris, the Young One |_ If Robert Di Niro assassinates Walter Slezak,
Auckland, New Zealand |_ will Jodie Foster marry Bonzo??
http://cloud9.hedgee.com/ |_
More information about the openssh-unix-dev
mailing list