diff --git a/ssh.h b/ssh.h index b76ecefc..b860e7a8 100644 --- a/ssh.h +++ b/ssh.h @@ -859,8 +859,8 @@ struct ssh2_userkey { char *comment; /* the key comment */ }; -/* The maximum length of any hash algorithm used in kex. (bytes) */ -#define SSH2_KEX_MAX_HASH_LEN (64) /* SHA-512 */ +/* The maximum length of any hash algorithm. (bytes) */ +#define MAX_HASH_LEN (64) /* longest is SHA-512 */ extern const struct ssh1_cipheralg ssh1_3des; extern const struct ssh1_cipheralg ssh1_des; diff --git a/ssh2transport.h b/ssh2transport.h index 6b80b6cb..37d2cf53 100644 --- a/ssh2transport.h +++ b/ssh2transport.h @@ -130,7 +130,7 @@ struct ssh2_transport_state { const struct ssh_kex *kex_alg; const ssh_keyalg *hostkey_alg; char *hostkey_str; /* string representation, for easy checking in rekeys */ - unsigned char session_id[SSH2_KEX_MAX_HASH_LEN]; + unsigned char session_id[MAX_HASH_LEN]; int session_id_len; int dh_min_size, dh_max_size; bool dh_got_size_bounds; @@ -177,7 +177,7 @@ struct ssh2_transport_state { ssh_key *hkey; /* actual host key */ struct RSAKey *rsa_kex_key; /* for RSA kex */ ecdh_key *ecdh_key; /* for ECDH kex */ - unsigned char exchange_hash[SSH2_KEX_MAX_HASH_LEN]; + unsigned char exchange_hash[MAX_HASH_LEN]; bool can_gssapi_keyex; bool need_gss_transient_hostkey; bool warned_about_no_gss_transient_hostkey; diff --git a/sshrsa.c b/sshrsa.c index 53767aae..ae3087bb 100644 --- a/sshrsa.c +++ b/sshrsa.c @@ -727,9 +727,9 @@ static void oaep_mask(const struct ssh_hashalg *h, void *seed, int seedlen, while (datalen > 0) { int i, max = (datalen > h->hlen ? h->hlen : datalen); ssh_hash *s; - unsigned char hash[SSH2_KEX_MAX_HASH_LEN]; + unsigned char hash[MAX_HASH_LEN]; - assert(h->hlen <= SSH2_KEX_MAX_HASH_LEN); + assert(h->hlen <= MAX_HASH_LEN); s = ssh_hash_new(h); put_data(s, seed, seedlen); put_uint32(s, count);