Hi, It would be preferable to use EVP_Digest for oneshot digest calculation: - one calloc/free less - EVP_Digest properly sets oneshot flag (certain hardware accelerators work only if the flag is set) Please consider applying the following patch: diff -ru openssh-6.6p1.orig/digest-openssl.c openssh-6.6p1/digest-openssl.c --- openssh-6.6p1.orig/digest-openssl.c 2014-02-04 02:25:45.000000000 +0200 +++ openssh-6.6p1/digest-openssl.c 2014-04-04 17:00:29.548457919 +0300 @@ -148,14 +148,11 @@ int ssh_digest_memory(int alg, const void *m, size_t mlen, u_char *d, size_t dlen) { - struct ssh_digest_ctx *ctx = ssh_digest_start(alg); + const struct ssh_digest *digest = ssh_digest_by_alg(alg); - if (ctx == NULL) + if (!EVP_Digest(m, mlen, d, dlen, digest->mdfunc(), NULL)) return -1; - if (ssh_digest_update(ctx, m, mlen) != 0 || - ssh_digest_final(ctx, d, dlen) != 0) - return -1; - ssh_digest_free(ctx); + return 0; } _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev