aboutsummaryrefslogtreecommitdiff
path: root/libssh
diff options
context:
space:
mode:
authorAndreas Schneider <mail@cynapses.org>2009-04-15 08:11:33 +0000
committerAndreas Schneider <mail@cynapses.org>2009-04-15 08:11:33 +0000
commit4ca14e442cbe1a9a4a4a8cc76fabb9d91a5fea02 (patch)
treeadd37d0923aa750fdc931ab880f46d96a2c8bbb9 /libssh
parent367fd0cb3555fbc2d8f1dd32da1831bbeb888a08 (diff)
downloadlibssh-4ca14e442cbe1a9a4a4a8cc76fabb9d91a5fea02.tar.gz
libssh-4ca14e442cbe1a9a4a4a8cc76fabb9d91a5fea02.tar.xz
libssh-4ca14e442cbe1a9a4a4a8cc76fabb9d91a5fea02.zip
Improve packet_hmac_verify().
git-svn-id: svn+ssh://svn.berlios.de/svnroot/repos/libssh/trunk@481 7dcaeef0-15fb-0310-b436-a5af3365683c
Diffstat (limited to 'libssh')
-rw-r--r--libssh/crypt.c56
-rw-r--r--libssh/packet.c2
2 files changed, 40 insertions, 18 deletions
diff --git a/libssh/crypt.c b/libssh/crypt.c
index 39361c1..5afb878 100644
--- a/libssh/crypt.c
+++ b/libssh/crypt.c
@@ -147,23 +147,45 @@ unsigned char *packet_encrypt(SSH_SESSION *session, void *data, u32 len) {
return NULL;
}
-/* TODO FIXME think about the return value isn't 0 enough and -1 on error */
-int packet_hmac_verify(SSH_SESSION *session,BUFFER *buffer,unsigned char *mac){
- HMACCTX ctx;
- unsigned char hmacbuf[EVP_MAX_MD_SIZE];
- unsigned int len;
- u32 seq=htonl(session->recv_seq);
- ctx=hmac_init(session->current_crypto->decryptMAC,20,HMAC_SHA1);
- if (ctx == NULL) {
- return -1;
- }
- hmac_update(ctx,(unsigned char *)&seq,sizeof(u32));
- hmac_update(ctx,buffer_get(buffer),buffer_get_len(buffer));
- hmac_final(ctx,hmacbuf,&len);
+/**
+ * @internal
+ *
+ * @brief Verify the hmac of a packet
+ *
+ * @param session The session to use.
+ * @param buffer The buffer to verify the hmac from.
+ * @param mac The mac to compare with the hmac.
+ *
+ * @return 0 if hmac and mac are equal, < 0 if not or an error
+ * occured.
+ */
+int packet_hmac_verify(SSH_SESSION *session, BUFFER *buffer,
+ unsigned char *mac) {
+ unsigned char hmacbuf[EVP_MAX_MD_SIZE] = {0};
+ HMACCTX ctx;
+ unsigned int len;
+ u32 seq;
+
+ ctx = hmac_init(session->current_crypto->decryptMAC, 20, HMAC_SHA1);
+ if (ctx == NULL) {
+ return -1;
+ }
+
+ seq = htonl(session->recv_seq);
+
+ hmac_update(ctx, (unsigned char *) &seq, sizeof(u32));
+ hmac_update(ctx, buffer_get(buffer), buffer_get_len(buffer));
+ hmac_final(ctx, hmacbuf, &len);
+
#ifdef DEBUG_CRYPTO
- ssh_print_hexa("received mac",mac,len);
- ssh_print_hexa("Computed mac",hmacbuf,len);
- ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(u32));
+ ssh_print_hexa("received mac",mac,len);
+ ssh_print_hexa("Computed mac",hmacbuf,len);
+ ssh_print_hexa("seq",(unsigned char *)&seq,sizeof(u32));
#endif
- return memcmp(mac,hmacbuf,len);
+ if (memcmp(mac, hmacbuf, len) == 0) {
+ return 0;
+ }
+
+ return -1
}
+
diff --git a/libssh/packet.c b/libssh/packet.c
index 4ee3aaa..c2435ed 100644
--- a/libssh/packet.c
+++ b/libssh/packet.c
@@ -153,7 +153,7 @@ static int packet_read2(SSH_SESSION *session) {
}
ssh_socket_read(session->socket, mac, macsize);
- if (packet_hmac_verify(session, session->in_buffer, mac)) {
+ if (packet_hmac_verify(session, session->in_buffer, mac) < 0) {
ssh_set_error(session, SSH_FATAL, "HMAC error");
goto error;
}