Skip to content
This repository
Browse code

Malcolm Smith's patch to support CHAP (digest-based) authentication

when talking to SOCKS 5 proxies. Configures itself transparently (if
the proxy offers CHAP it will use it, otherwise it falls back to
ordinary cleartext passwords).


git-svn-id: svn://svn.tartarus.org/sgt/putty@4517 cda61777-01e9-0310-a592-d414129be87e
  • Loading branch information...
commit f33ba69e92f389f5884eae5a586858a629a5260b 1 parent ae0500e
simon authored
39 Recipe
@@ -207,19 +207,26 @@ CHARSET = sbcsdat slookup sbcs utf8 toucs fromucs xenc mimeenc macenc localenc
207 207 LIBS = advapi32.lib user32.lib gdi32.lib comctl32.lib comdlg32.lib
208 208 + shell32.lib winmm.lib imm32.lib winspool.lib
209 209
  210 +# Network backend sets. This also brings in the relevant attachment
  211 +# to proxy.c depending on whether we're crypto-avoidant or not.
  212 +BE_ALL = be_all cproxy
  213 +BE_NOSSH = be_nossh nocproxy
  214 +BE_SSH = be_none cproxy
  215 +BE_NONE = be_none nocproxy
  216 +
210 217 # ------------------------------------------------------------
211 218 # Definitions of actual programs. The program name, followed by a
212 219 # colon, followed by a list of objects. Also in the list may be the
213 220 # keywords [G] for Windows GUI app, [C] for Console app, [X] for
214 221 # X/GTK Unix app, [U] for command-line Unix app, [M] for Macintosh app.
215 222
216   -putty : [G] GUITERM NONSSH WINSSH be_all WINMISC win_res.res LIBS
217   -puttytel : [G] GUITERM NONSSH be_nossh WINMISC win_res.res LIBS
218   -plink : [C] plink console NONSSH WINSSH be_all logging WINMISC
  223 +putty : [G] GUITERM NONSSH WINSSH BE_ALL WINMISC win_res.res LIBS
  224 +puttytel : [G] GUITERM NONSSH BE_NOSSH WINMISC win_res.res LIBS
  225 +plink : [C] plink console NONSSH WINSSH BE_ALL logging WINMISC
219 226 + plink.res LIBS
220   -pscp : [C] scp winsftp console WINSSH be_none SFTP wildcard WINMISC
  227 +pscp : [C] scp winsftp console WINSSH BE_SSH SFTP wildcard WINMISC
221 228 + scp.res LIBS
222   -psftp : [C] psftp winsftp console WINSSH be_none SFTP WINMISC scp.res LIBS
  229 +psftp : [C] psftp winsftp console WINSSH BE_SSH SFTP WINMISC scp.res LIBS
223 230
224 231 pageant : [G] pageant sshrsa sshpubk sshdes sshbn sshmd5 version tree234
225 232 + misc sshaes sshsha pageantc sshdss sshsh512 winutils winmisc
@@ -229,28 +236,28 @@ puttygen : [G] puttygen sshrsag sshdssg sshprime sshdes sshbn sshmd5 version
229 236 + sshrand noise sshsha winstore misc winctrls sshrsa sshdss winmisc
230 237 + sshpubk sshaes sshsh512 import winutils puttygen.res tree234 LIBS
231 238
232   -pterm : [X] UXTERM uxmisc misc ldisc settings pty uxsel be_none uxstore
  239 +pterm : [X] UXTERM uxmisc misc ldisc settings pty uxsel BE_NONE uxstore
233 240 + signal CHARSET cmdline ptermm version
234   -putty : [X] UXTERM uxmisc misc ldisc settings pty uxsel be_all uxstore
  241 +putty : [X] UXTERM uxmisc misc ldisc settings pty uxsel BE_ALL uxstore
235 242 + signal CHARSET uxputty NONSSH UXSSH UXMISC ux_x11
236   -puttytel : [X] UXTERM uxmisc misc ldisc settings pty uxsel be_nossh uxstore
237   - + signal CHARSET uxputty NONSSH UXMISC
  243 +puttytel : [X] UXTERM uxmisc misc ldisc settings pty uxsel BE_NOSSH
  244 + + uxstore signal CHARSET uxputty NONSSH UXMISC
238 245
239   -plink : [U] uxplink uxcons NONSSH UXSSH be_all logging UXMISC signal ux_x11
  246 +plink : [U] uxplink uxcons NONSSH UXSSH BE_ALL logging UXMISC signal ux_x11
240 247
241 248 puttygen : [U] cmdgen sshrsag sshdssg sshprime sshdes sshbn sshmd5 version
242 249 + sshrand uxnoise sshsha misc sshrsa sshdss uxcons uxstore uxmisc
243 250 + sshpubk sshaes sshsh512 import puttygen.res tree234 uxgen
244 251
245   -pscp : [U] scp uxsftp uxcons UXSSH be_none SFTP wildcard UXMISC
246   -psftp : [U] psftp uxsftp uxcons UXSSH be_none SFTP UXMISC
  252 +pscp : [U] scp uxsftp uxcons UXSSH BE_SSH SFTP wildcard UXMISC
  253 +psftp : [U] psftp uxsftp uxcons UXSSH BE_SSH SFTP UXMISC
247 254
248   -PuTTY : [M] terminal wcwidth ldiscucs logging be_all mac macdlg macevlog
  255 +PuTTY : [M] terminal wcwidth ldiscucs logging BE_ALL mac macdlg macevlog
249 256 + macterm macucs mac_res.rsrc testback NONSSH MACSSH MACMISC CHARSET
250 257 + stricmp vsnprint dialog config macctrls
251   -PuTTYtel : [M] terminal wcwidth ldiscucs logging be_nossh mac macdlg macevlog
252   - + macterm macucs mac_res.rsrc testback NONSSH MACMISC CHARSET
253   - + stricmp vsnprint dialog config macctrls
  258 +PuTTYtel : [M] terminal wcwidth ldiscucs logging BE_NOSSH mac macdlg
  259 + + macevlog macterm macucs mac_res.rsrc testback NONSSH MACMISC
  260 + + CHARSET stricmp vsnprint dialog config macctrls
254 261 PuTTYgen : [M] macpgen sshrsag sshdssg sshprime sshdes sshbn sshmd5 version
255 262 + sshrand macnoise sshsha macstore misc sshrsa sshdss macmisc sshpubk
256 263 + sshaes sshsh512 import macpgen.rsrc macpgkey macabout
190 cproxy.c
... ... @@ -0,0 +1,190 @@
  1 +/*
  2 + * Routines to do cryptographic interaction with proxies in PuTTY.
  3 + * This is in a separate module from proxy.c, so that it can be
  4 + * conveniently removed in PuTTYtel by replacing this module with
  5 + * the stub version nocproxy.c.
  6 + */
  7 +
  8 +#include <assert.h>
  9 +#include <ctype.h>
  10 +#include <string.h>
  11 +
  12 +#define DEFINE_PLUG_METHOD_MACROS
  13 +#include "putty.h"
  14 +#include "ssh.h" /* For MD5 support */
  15 +#include "network.h"
  16 +#include "proxy.h"
  17 +
  18 +static void hmacmd5_chap(const unsigned char *challenge, int challen,
  19 + const char *passwd, unsigned char *response)
  20 +{
  21 + void *hmacmd5_ctx;
  22 + int pwlen;
  23 +
  24 + hmacmd5_ctx = hmacmd5_make_context();
  25 +
  26 + pwlen = strlen(passwd);
  27 + if (pwlen>64) {
  28 + unsigned char md5buf[16];
  29 + MD5Simple(passwd, pwlen, md5buf);
  30 + hmacmd5_key(hmacmd5_ctx, md5buf, 16);
  31 + } else {
  32 + hmacmd5_key(hmacmd5_ctx, passwd, pwlen);
  33 + }
  34 +
  35 + hmacmd5_do_hmac(hmacmd5_ctx, challenge, challen, response);
  36 + hmacmd5_free_context(hmacmd5_ctx);
  37 +}
  38 +
  39 +void proxy_socks5_offerencryptedauth(char *command, int *len)
  40 +{
  41 + command[*len] = 0x03; /* CHAP */
  42 + (*len)++;
  43 +}
  44 +
  45 +int proxy_socks5_handlechap (Proxy_Socket p)
  46 +{
  47 +
  48 + /* CHAP authentication reply format:
  49 + * version number (1 bytes) = 1
  50 + * number of commands (1 byte)
  51 + *
  52 + * For each command:
  53 + * command identifier (1 byte)
  54 + * data length (1 byte)
  55 + */
  56 + unsigned char data[260];
  57 + unsigned char outbuf[20];
  58 +
  59 + while(p->chap_num_attributes == 0 ||
  60 + p->chap_num_attributes_processed < p->chap_num_attributes) {
  61 + if (p->chap_num_attributes == 0 ||
  62 + p->chap_current_attribute == -1) {
  63 + /* CHAP normally reads in two bytes, either at the
  64 + * beginning or for each attribute/value pair. But if
  65 + * we're waiting for the value's data, we might not want
  66 + * to read 2 bytes.
  67 + */
  68 +
  69 + if (bufchain_size(&p->pending_input_data) < 2)
  70 + return 1; /* not got anything yet */
  71 +
  72 + /* get the response */
  73 + bufchain_fetch(&p->pending_input_data, data, 2);
  74 + bufchain_consume(&p->pending_input_data, 2);
  75 + }
  76 +
  77 + if (p->chap_num_attributes == 0) {
  78 + /* If there are no attributes, this is our first msg
  79 + * with the server, where we negotiate version and
  80 + * number of attributes
  81 + */
  82 + if (data[0] != 0x01) {
  83 + plug_closing(p->plug, "Proxy error: SOCKS proxy wants"
  84 + " a different CHAP version",
  85 + PROXY_ERROR_GENERAL, 0);
  86 + return 1;
  87 + }
  88 + if (data[1] == 0x00) {
  89 + plug_closing(p->plug, "Proxy error: SOCKS proxy won't"
  90 + " negotiate CHAP with us",
  91 + PROXY_ERROR_GENERAL, 0);
  92 + return 1;
  93 + }
  94 + p->chap_num_attributes = data[1];
  95 + } else {
  96 + if (p->chap_current_attribute == -1) {
  97 + /* We have to read in each attribute/value pair -
  98 + * those we don't understand can be ignored, but
  99 + * there are a few we'll need to handle.
  100 + */
  101 + p->chap_current_attribute = data[0];
  102 + p->chap_current_datalen = data[1];
  103 + }
  104 + if (bufchain_size(&p->pending_input_data) <
  105 + p->chap_current_datalen)
  106 + return 1; /* not got everything yet */
  107 +
  108 + /* get the response */
  109 + bufchain_fetch(&p->pending_input_data, data,
  110 + p->chap_current_datalen);
  111 +
  112 + bufchain_consume(&p->pending_input_data,
  113 + p->chap_current_datalen);
  114 +
  115 + switch (p->chap_current_attribute) {
  116 + case 0x00:
  117 + /* Successful authentication */
  118 + if (data[0] == 0x00)
  119 + p->state = 2;
  120 + else {
  121 + plug_closing(p->plug, "Proxy error: SOCKS proxy"
  122 + " refused CHAP authentication",
  123 + PROXY_ERROR_GENERAL, 0);
  124 + return 1;
  125 + }
  126 + break;
  127 + case 0x03:
  128 + outbuf[0] = 0x01; /* Version */
  129 + outbuf[1] = 0x01; /* One attribute */
  130 + outbuf[2] = 0x04; /* Response */
  131 + outbuf[3] = 0x10; /* Length */
  132 + hmacmd5_chap(data, p->chap_current_datalen,
  133 + p->cfg.proxy_password, &outbuf[4]);
  134 + sk_write(p->sub_socket, outbuf, 20);
  135 + break;
  136 + case 0x11:
  137 + /* Chose a protocol */
  138 + if (data[0] != 0x85) {
  139 + plug_closing(p->plug, "Proxy error: Server chose "
  140 + "CHAP of other than HMAC-MD5 but we "
  141 + "didn't offer it!",
  142 + PROXY_ERROR_GENERAL, 0);
  143 + return 1;
  144 + }
  145 + break;
  146 + }
  147 + p->chap_current_attribute = -1;
  148 + p->chap_num_attributes_processed++;
  149 + }
  150 + if (p->state == 8 &&
  151 + p->chap_num_attributes_processed >= p->chap_num_attributes) {
  152 + p->chap_num_attributes = 0;
  153 + p->chap_num_attributes_processed = 0;
  154 + p->chap_current_datalen = 0;
  155 + }
  156 + }
  157 + return 0;
  158 +}
  159 +
  160 +int proxy_socks5_selectchap(Proxy_Socket p)
  161 +{
  162 + if (p->cfg.proxy_username[0] || p->cfg.proxy_password[0]) {
  163 + char chapbuf[514];
  164 + int ulen;
  165 + chapbuf[0] = '\x01'; /* Version */
  166 + chapbuf[1] = '\x02'; /* Number of attributes sent */
  167 + chapbuf[2] = '\x11'; /* First attribute - algorithms list */
  168 + chapbuf[3] = '\x01'; /* Only one CHAP algorithm */
  169 + chapbuf[4] = '\x85'; /* ...and it's HMAC-MD5, the core one */
  170 + chapbuf[5] = '\x02'; /* Second attribute - username */
  171 +
  172 + ulen = strlen(p->cfg.proxy_username);
  173 + if (ulen > 255) ulen = 255; if (ulen < 1) ulen = 1;
  174 +
  175 + chapbuf[6] = ulen;
  176 + memcpy(chapbuf+7, p->cfg.proxy_username, ulen);
  177 +
  178 + sk_write(p->sub_socket, chapbuf, ulen + 7);
  179 + p->chap_num_attributes = 0;
  180 + p->chap_num_attributes_processed = 0;
  181 + p->chap_current_attribute = -1;
  182 + p->chap_current_datalen = 0;
  183 +
  184 + p->state = 8;
  185 + } else
  186 + plug_closing(p->plug, "Proxy error: Server chose "
  187 + "CHAP authentication but we didn't offer it!",
  188 + PROXY_ERROR_GENERAL, 0);
  189 + return 1;
  190 +}
36 nocproxy.c
... ... @@ -0,0 +1,36 @@
  1 +/*
  2 + * Routines to refuse to do cryptographic interaction with proxies
  3 + * in PuTTY. This is a stub implementation of the same interfaces
  4 + * provided by cproxy.c, for use in PuTTYtel.
  5 + */
  6 +
  7 +#include <assert.h>
  8 +#include <ctype.h>
  9 +#include <string.h>
  10 +
  11 +#define DEFINE_PLUG_METHOD_MACROS
  12 +#include "putty.h"
  13 +#include "network.h"
  14 +#include "proxy.h"
  15 +
  16 +void proxy_socks5_offerencryptedauth(char * command, int * len)
  17 +{
  18 + /* For telnet, don't add any new encrypted authentication routines */
  19 +}
  20 +
  21 +int proxy_socks5_handlechap (Proxy_Socket p)
  22 +{
  23 +
  24 + plug_closing(p->plug, "Proxy error: Trying to handle a SOCKS5 CHAP request"
  25 + " in telnet-only build",
  26 + PROXY_ERROR_GENERAL, 0);
  27 + return 1;
  28 +}
  29 +
  30 +int proxy_socks5_selectchap(Proxy_Socket p)
  31 +{
  32 + plug_closing(p->plug, "Proxy error: Trying to handle a SOCKS5 CHAP request"
  33 + " in telnet-only build",
  34 + PROXY_ERROR_GENERAL, 0);
  35 + return 1;
  36 +}
24 proxy.c
@@ -859,15 +859,16 @@ int proxy_socks5_negotiate (Proxy_Socket p, int change)
859 859 * 0x03 = CHAP
860 860 */
861 861
862   - char command[4];
  862 + char command[5];
863 863 int len;
864 864
865 865 command[0] = 5; /* version 5 */
866 866 if (p->cfg.proxy_username[0] || p->cfg.proxy_password[0]) {
867   - command[1] = 2; /* two methods supported: */
868 867 command[2] = 0x00; /* no authentication */
869   - command[3] = 0x02; /* username/password */
870   - len = 4;
  868 + len = 3;
  869 + proxy_socks5_offerencryptedauth (command, &len);
  870 + command[len++] = 0x02; /* username/password */
  871 + command[1] = len - 2; /* Number of methods supported */
871 872 } else {
872 873 command[1] = 1; /* one methods supported: */
873 874 command[2] = 0x00; /* no authentication */
@@ -923,7 +924,7 @@ int proxy_socks5_negotiate (Proxy_Socket p, int change)
923 924 * authentication methods:
924 925 * 0x00 = no authentication
925 926 * 0x01 = GSSAPI
926   - * 0x02 = username/password
  927 + * 0x02 = username/password
927 928 * 0x03 = CHAP
928 929 * 0xff = no acceptable methods
929 930 */
@@ -988,6 +989,12 @@ int proxy_socks5_negotiate (Proxy_Socket p, int change)
988 989 p->state = 2; /* now proceed as authenticated */
989 990 }
990 991
  992 + if (p->state == 8) {
  993 + int ret;
  994 + ret = proxy_socks5_handlechap(p);
  995 + if (ret) return ret;
  996 + }
  997 +
991 998 if (p->state == 2) {
992 999
993 1000 /* request format:
@@ -1156,10 +1163,9 @@ int proxy_socks5_negotiate (Proxy_Socket p, int change)
1156 1163 }
1157 1164
1158 1165 if (p->state == 6) {
1159   - /* TODO: Handle CHAP authentication */
1160   - plug_closing(p->plug, "Proxy error: We don't support CHAP authentication",
1161   - PROXY_ERROR_GENERAL, 0);
1162   - return 1;
  1166 + int ret;
  1167 + ret = proxy_socks5_selectchap(p);
  1168 + if (ret) return ret;
1163 1169 }
1164 1170
1165 1171 }
14 proxy.h
@@ -81,6 +81,12 @@ struct Socket_proxy_tag {
81 81
82 82 /* configuration, used to look up proxy settings */
83 83 Config cfg;
  84 +
  85 + /* CHAP transient data */
  86 + int chap_num_attributes;
  87 + int chap_num_attributes_processed;
  88 + int chap_current_attribute;
  89 + int chap_current_datalen;
84 90 };
85 91
86 92 typedef struct Plug_proxy_tag * Proxy_Plug;
@@ -106,4 +112,12 @@ extern int proxy_socks5_negotiate (Proxy_Socket, int);
106 112 */
107 113 char *format_telnet_command(SockAddr addr, int port, const Config *cfg);
108 114
  115 +/*
  116 + * These are implemented in cproxy.c or nocproxy.c, depending on
  117 + * whether encrypted proxy authentication is available.
  118 + */
  119 +extern void proxy_socks5_offerencryptedauth(char *command, int *len);
  120 +extern int proxy_socks5_handlechap (Proxy_Socket p);
  121 +extern int proxy_socks5_selectchap(Proxy_Socket p);
  122 +
109 123 #endif
4 putty.h
@@ -338,8 +338,8 @@ struct config_tag {
338 338 int proxy_type;
339 339 char proxy_host[512];
340 340 int proxy_port;
341   - char proxy_username[32];
342   - char proxy_password[32];
  341 + char proxy_username[128];
  342 + char proxy_password[128];
343 343 char proxy_telnet_command[512];
344 344 /* SSH options */
345 345 char remote_cmd[512];
7 ssh.h
@@ -101,6 +101,13 @@ void MD5Init(struct MD5Context *context);
101 101 void MD5Update(struct MD5Context *context, unsigned char const *buf,
102 102 unsigned len);
103 103 void MD5Final(unsigned char digest[16], struct MD5Context *context);
  104 +void MD5Simple(void const *p, unsigned len, unsigned char output[16]);
  105 +
  106 +void *hmacmd5_make_context(void);
  107 +void hmacmd5_free_context(void *handle);
  108 +void hmacmd5_key(void *handle, unsigned char const *key, int len);
  109 +void hmacmd5_do_hmac(void *handle, unsigned char const *blk, int len,
  110 + unsigned char *hmac);
104 111
105 112 typedef struct {
106 113 uint32 h[5];
70 sshmd5.c
@@ -203,22 +203,34 @@ void MD5Final(unsigned char output[16], struct MD5Context *s)
203 203 }
204 204 }
205 205
  206 +void MD5Simple(void const *p, unsigned len, unsigned char output[16])
  207 +{
  208 + struct MD5Context s;
  209 +
  210 + MD5Init(&s);
  211 + MD5Update(&s, (unsigned char const *)p, len);
  212 + MD5Final(output, &s);
  213 +}
  214 +
206 215 /* ----------------------------------------------------------------------
207 216 * The above is the MD5 algorithm itself. Now we implement the
208 217 * HMAC wrapper on it.
  218 + *
  219 + * Some of these functions are exported directly, because they are
  220 + * useful elsewhere (SOCKS5 CHAP authentication uses HMAC-MD5).
209 221 */
210 222
211   -static void *md5_make_context(void)
  223 +void *hmacmd5_make_context(void)
212 224 {
213 225 return snewn(2, struct MD5Context);
214 226 }
215 227
216   -static void md5_free_context(void *handle)
  228 +void hmacmd5_free_context(void *handle)
217 229 {
218 230 sfree(handle);
219 231 }
220 232
221   -static void md5_key_internal(void *handle, unsigned char *key, int len)
  233 +void hmacmd5_key(void *handle, unsigned char const *key, int len)
222 234 {
223 235 struct MD5Context *keys = (struct MD5Context *)handle;
224 236 unsigned char foo[64];
@@ -239,49 +251,65 @@ static void md5_key_internal(void *handle, unsigned char *key, int len)
239 251 memset(foo, 0, 64); /* burn the evidence */
240 252 }
241 253
242   -static void md5_key(void *handle, unsigned char *key)
  254 +static void hmacmd5_key_16(void *handle, unsigned char *key)
243 255 {
244   - md5_key_internal(handle, key, 16);
  256 + hmacmd5_key(handle, key, 16);
245 257 }
246 258
247   -static void md5_do_hmac(void *handle, unsigned char *blk, int len,
248   - unsigned long seq, unsigned char *hmac)
  259 +static void hmacmd5_do_hmac_internal(void *handle,
  260 + unsigned char const *blk, int len,
  261 + unsigned char const *blk2, int len2,
  262 + unsigned char *hmac)
249 263 {
250 264 struct MD5Context *keys = (struct MD5Context *)handle;
251 265 struct MD5Context s;
252 266 unsigned char intermediate[16];
253 267
254   - intermediate[0] = (unsigned char) ((seq >> 24) & 0xFF);
255   - intermediate[1] = (unsigned char) ((seq >> 16) & 0xFF);
256   - intermediate[2] = (unsigned char) ((seq >> 8) & 0xFF);
257   - intermediate[3] = (unsigned char) ((seq) & 0xFF);
258   -
259 268 s = keys[0]; /* structure copy */
260   - MD5Update(&s, intermediate, 4);
261 269 MD5Update(&s, blk, len);
  270 + if (blk2) MD5Update(&s, blk2, len2);
262 271 MD5Final(intermediate, &s);
263 272 s = keys[1]; /* structure copy */
264 273 MD5Update(&s, intermediate, 16);
265 274 MD5Final(hmac, &s);
266 275 }
267 276
268   -static void md5_generate(void *handle, unsigned char *blk, int len,
269   - unsigned long seq)
  277 +void hmacmd5_do_hmac(void *handle, unsigned char const *blk, int len,
  278 + unsigned char *hmac)
  279 +{
  280 + hmacmd5_do_hmac_internal(handle, blk, len, NULL, 0, hmac);
  281 +}
  282 +
  283 +static void hmacmd5_do_hmac_ssh(void *handle, unsigned char const *blk, int len,
  284 + unsigned long seq, unsigned char *hmac)
  285 +{
  286 + unsigned char seqbuf[16];
  287 +
  288 + seqbuf[0] = (unsigned char) ((seq >> 24) & 0xFF);
  289 + seqbuf[1] = (unsigned char) ((seq >> 16) & 0xFF);
  290 + seqbuf[2] = (unsigned char) ((seq >> 8) & 0xFF);
  291 + seqbuf[3] = (unsigned char) ((seq) & 0xFF);
  292 +
  293 + hmacmd5_do_hmac_internal(handle, seqbuf, 4, blk, len, hmac);
  294 +}
  295 +
  296 +static void hmacmd5_generate(void *handle, unsigned char *blk, int len,
  297 + unsigned long seq)
270 298 {
271   - md5_do_hmac(handle, blk, len, seq, blk + len);
  299 + hmacmd5_do_hmac_ssh(handle, blk, len, seq, blk + len);
272 300 }
273 301
274   -static int md5_verify(void *handle, unsigned char *blk, int len,
275   - unsigned long seq)
  302 +static int hmacmd5_verify(void *handle, unsigned char *blk, int len,
  303 + unsigned long seq)
276 304 {
277 305 unsigned char correct[16];
278   - md5_do_hmac(handle, blk, len, seq, correct);
  306 + hmacmd5_do_hmac_ssh(handle, blk, len, seq, correct);
279 307 return !memcmp(correct, blk + len, 16);
280 308 }
281 309
282 310 const struct ssh_mac ssh_md5 = {
283   - md5_make_context, md5_free_context, md5_key,
284   - md5_generate, md5_verify,
  311 + hmacmd5_make_context, hmacmd5_free_context, hmacmd5_key_16,
  312 + hmacmd5_generate, hmacmd5_verify,
285 313 "hmac-md5",
286 314 16
287 315 };

0 comments on commit f33ba69

Please sign in to comment.
Something went wrong with that request. Please try again.