From 7404b81f25a4a7847380c0f0cf7f1bea5f0a5cd3 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 29 Nov 2019 00:11:21 +0000
Subject: [PATCH] upstream: perform hashing directly in crypto_hash_sha512()
 using

libcrypto or libc SHA512 functions rather than calling ssh_digest_memory();
avoids many dependencies on ssh code that complicate standalone use of
ed25519, as we want to do in sk-dummy.so

OpenBSD-Commit-ID: 5a3c37593d3ba7add037b587cec44aaea088496d
---
 hash.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/hash.c b/hash.c
index 5875d41fa..a35027870 100644
--- a/hash.c
+++ b/hash.c
@@ -1,6 +1,6 @@
 /* $OpenBSD: hash.c,v 1.4 2017/12/14 21:07:39 naddy Exp $ */
 
-/* $OpenBSD: hash.c,v 1.5 2018/01/13 00:24:09 naddy Exp $ */
+/* $OpenBSD: hash.c,v 1.6 2019/11/29 00:11:21 djm Exp $ */
 /*
  * Public domain. Author: Christian Weisgerber <naddy@openbsd.org>
  * API compatible reimplementation of function from nacl
@@ -10,18 +10,32 @@
 
 #include <stdarg.h>
 
-#include "digest.h"
-#include "log.h"
-#include "ssherr.h"
+#ifdef WITH_OPENSSL
+#include <openssl/evp.h>
 
 int
 crypto_hash_sha512(unsigned char *out, const unsigned char *in,
     unsigned long long inlen)
 {
-	int r;
 
-	if ((r = ssh_digest_memory(SSH_DIGEST_SHA512, in, inlen, out,
-	    crypto_hash_sha512_BYTES)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+	if (!EVP_Digest(in, inlen, out, NULL, EVP_sha512(), NULL))
+		return -1;
 	return 0;
 }
+
+#else
+#include <sha2.h>
+
+int
+crypto_hash_sha512(unsigned char *out, const unsigned char *in,
+    unsigned long long inlen)
+{
+
+	SHA2_CTX ctx;
+
+	SHA512Init(&ctx);
+	SHA512Update(&ctx, in, inlen);
+	SHA512Final(out, &ctx);
+	return 0;
+}
+#endif /* WITH_OPENSSL */