Index: auth2-jpake.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/auth2-jpake.c,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 auth2-jpake.c
--- auth2-jpake.c       7 Nov 2008 23:34:48 -0000       1.2
+++ auth2-jpake.c       23 Feb 2009 01:33:48 -0000
@@ -57,6 +57,8 @@

#include "jpake.h"

+extern const EVP_MD *evp_ssh_sha256(void);
+
/*
 * XXX options->permit_empty_passwd (at the moment, they will be refused
 * anyway because they will mismatch on fake salt.
@@ -164,7 +166,7 @@ derive_rawsalt(const char *username, u_c
       default:
               fatal("%s: unknown key type %d", __func__, k->type);
       }
-       if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
+       if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_ssh_sha256(),
           &digest, &digest_len) != 0)
               fatal("%s: hash_buffer", __func__);
       buffer_free(&b);
@@ -343,7 +345,7 @@ auth2_jpake_get_pwdata(Authctxt *authctx
               fake_salt_and_scheme(authctxt, salt, hash_scheme);

       if (hash_buffer(authctxt->pw->pw_passwd,
-           strlen(authctxt->pw->pw_passwd), EVP_sha256(),
+           strlen(authctxt->pw->pw_passwd), evp_ssh_sha256(),
           &secret, &secret_len) != 0)
               fatal("%s: hash_buffer", __func__);
       if ((*s = BN_bin2bn(secret, secret_len, NULL)) == NULL)
Index: jpake.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/jpake.c,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 jpake.c
--- jpake.c     4 Nov 2008 08:22:12 -0000       1.1
+++ jpake.c     23 Feb 2009 01:33:48 -0000
@@ -48,6 +48,8 @@

#ifdef JPAKE

+extern const EVP_MD *evp_ssh_sha256(void);
+
/* RFC3526 group 5, 1536 bits */
#define JPAKE_GROUP_G "2"
#define JPAKE_GROUP_P \
@@ -486,7 +488,7 @@ jpake_confirm_hash(const BIGNUM *k,
       buffer_put_bignum2(&b, k);
       buffer_put_string(&b, endpoint_id, endpoint_id_len);
       buffer_put_string(&b, sess_id, sess_id_len);
-       if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
+       if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_ssh_sha256(),
           confirm_hash, confirm_hash_len) != 0)
               fatal("%s: hash_buffer", __func__);
       buffer_free(&b);
Index: kex.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/kex.c,v
retrieving revision 1.80
diff -u -p -u -p -r1.80 kex.c
--- kex.c       6 Sep 2008 12:24:13 -0000       1.80
+++ kex.c       23 Feb 2009 01:33:48 -0000
@@ -51,6 +51,7 @@
/* prototype */
static void kex_kexinit_finish(Kex *);
static void kex_choose_conf(Kex *);
+extern const EVP_MD *evp_ssh_sha256(void);

/* put algorithm proposal into buffer */
static void
@@ -313,7 +314,7 @@ choose_kex(Kex *k, char *client, char *s
               k->evp_md = EVP_sha1();
       } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
               k->kex_type = KEX_DH_GEX_SHA256;
-               k->evp_md = EVP_sha256();
+               k->evp_md = evp_ssh_sha256();
       } else
               fatal("bad kex alg %s", k->name);
}
Index: md-sha256.c
===================================================================
RCS file: md-sha256.c
diff -N md-sha256.c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ md-sha256.c 23 Feb 2009 01:33:48 -0000
@@ -0,0 +1,73 @@
+/* $OpenBSD: md-sha256.c,v 1.5 2006/08/03 03:34:42 deraadt Exp $ */
+/*
+ * Copyright (c) 2005 Damien Miller <[email protected]>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* EVP wrapper for SHA256 */
+
+#include <sys/types.h>
+
+#include <openssl/evp.h>
+
+#include <sha2.h>
+#include <string.h>
+
+const EVP_MD *evp_ssh_sha256(void);
+
+static int
+ssh_sha256_init(EVP_MD_CTX *ctxt)
+{
+       SHA256_Init(ctxt->md_data);
+       return (1);
+}
+
+static int
+ssh_sha256_update(EVP_MD_CTX *ctxt, const void *data, unsigned long len)
+{
+       SHA256_Update(ctxt->md_data, data, len);
+       return (1);
+}
+
+static int
+ssh_sha256_final(EVP_MD_CTX *ctxt, unsigned char *digest)
+{
+       SHA256_Final(digest, ctxt->md_data);
+       return (1);
+}
+
+static int
+ssh_sha256_cleanup(EVP_MD_CTX *ctxt)
+{
+       memset(ctxt->md_data, 0, sizeof(SHA256_CTX));
+       return (1);
+}
+
+const EVP_MD *
+evp_ssh_sha256(void)
+{
+       static EVP_MD ssh_sha256;
+
+       memset(&ssh_sha256, 0, sizeof(ssh_sha256));
+       ssh_sha256.type = NID_undef;
+       ssh_sha256.md_size = SHA256_DIGEST_LENGTH;
+       ssh_sha256.init = ssh_sha256_init;
+       ssh_sha256.update = ssh_sha256_update;
+       ssh_sha256.final = ssh_sha256_final;
+       ssh_sha256.cleanup = ssh_sha256_cleanup;
+       ssh_sha256.block_size = SHA256_BLOCK_LENGTH;
+       ssh_sha256.ctx_size = sizeof(SHA256_CTX);
+
+       return (&ssh_sha256);
+}
Index: schnorr.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/schnorr.c,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 schnorr.c
--- schnorr.c   18 Feb 2009 04:31:21 -0000      1.2
+++ schnorr.c   23 Feb 2009 01:33:48 -0000
@@ -55,6 +55,8 @@
# define SCHNORR_DEBUG_BUF(a)  jpake_debug3_buf a
#endif /* SCHNORR_DEBUG */

+extern const EVP_MD *evp_ssh_sha256(void);
+
/*
 * Calculate hash component of Schnorr signature H(g || g^v || g^x || id)
 * using SHA1. Returns signature as bignum or NULL on error.
@@ -89,7 +91,7 @@ schnorr_hash(const BIGNUM *p, const BIGN

       SCHNORR_DEBUG_BUF((buffer_ptr(&b), buffer_len(&b),
           "%s: hashblob", __func__));
-       if (hash_buffer(buffer_ptr(&b), buffer_len(&b), EVP_sha256(),
+       if (hash_buffer(buffer_ptr(&b), buffer_len(&b), evp_ssh_sha256(),
           &digest, &digest_len) != 0) {
               error("%s: hash_buffer", __func__);
               goto out;
Index: sshconnect2.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshconnect2.c,v
retrieving revision 1.170
diff -u -p -u -p -r1.170 sshconnect2.c
--- sshconnect2.c       4 Nov 2008 08:22:13 -0000       1.170
+++ sshconnect2.c       23 Feb 2009 01:33:48 -0000
@@ -72,6 +72,7 @@
extern char *client_version_string;
extern char *server_version_string;
extern Options options;
+extern const EVP_MD *evp_ssh_sha256(void);

/*
 * SSH2 key exchange
@@ -911,7 +912,7 @@ jpake_password_to_secret(Authctxt *authc
       debug3("%s: crypted = %s", __func__, crypted);
#endif

-       if (hash_buffer(crypted, strlen(crypted), EVP_sha256(),
+       if (hash_buffer(crypted, strlen(crypted), evp_ssh_sha256(),
           &secret, &secret_len) != 0)
               fatal("%s: hash_buffer", __func__);

Index: lib/Makefile
===================================================================
RCS file: /cvs/src/usr.bin/ssh/lib/Makefile,v
retrieving revision 1.58
diff -u -p -u -p -r1.58 Makefile
--- lib/Makefile        4 Nov 2008 08:22:13 -0000       1.58
+++ lib/Makefile        23 Feb 2009 01:33:48 -0000
@@ -12,7 +12,7 @@ SRCS= authfd.c authfile.c bufaux.c bufbn
       key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \
       ssh-dss.c ssh-rsa.c dh.c kexdh.c kexgex.c \
       kexdhc.c kexgexc.c scard.c msg.c progressmeter.c dns.c \
-       monitor_fdpass.c umac.c addrmatch.c schnorr.c jpake.c
+       monitor_fdpass.c umac.c addrmatch.c schnorr.c jpake.c md-sha256.c

DEBUGLIBS= no
NOPROFILE= yes