From f6293a0b4129826fc2e37e4062f96825df43c326 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 17 Jul 2014 09:01:25 +1000 Subject: [PATCH] - (djm) [digest-openssl.c] Preserve array order when disabling digests. Reported by Petr Lautrbach. --- ChangeLog | 4 ++++ digest-openssl.c | 15 +++++++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index eaeb827bf..317c3bee9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20140717 + - (djm) [digest-openssl.c] Preserve array order when disabling digests. + Reported by Petr Lautrbach. + 20140715 - (djm) [configure.ac] Delay checks for arc4random* until after libcrypto has been located; fixes builds agains libressl-portable diff --git a/digest-openssl.c b/digest-openssl.c index 6e8bf15d3..02b170341 100644 --- a/digest-openssl.c +++ b/digest-openssl.c @@ -30,6 +30,15 @@ #include "digest.h" #include "ssherr.h" +#ifndef HAVE_EVP_RIPEMD160 +# define EVP_ripemd160 NULL +#endif /* HAVE_EVP_RIPEMD160 */ +#ifndef HAVE_EVP_SHA256 +# define EVP_sha256 NULL +# define EVP_sha384 NULL +# define EVP_sha512 NULL +#endif /* HAVE_EVP_SHA256 */ + struct ssh_digest_ctx { int alg; EVP_MD_CTX mdctx; @@ -45,15 +54,11 @@ struct ssh_digest { /* NB. Indexed directly by algorithm number */ const struct ssh_digest digests[] = { { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, -#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */ { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, -#endif { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, -#ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */ { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 }, { SSH_DIGEST_SHA384, "SHA384", 48, EVP_sha384 }, { SSH_DIGEST_SHA512, "SHA512", 64, EVP_sha512 }, -#endif { -1, NULL, 0, NULL }, }; @@ -64,6 +69,8 @@ ssh_digest_by_alg(int alg) return NULL; if (digests[alg].id != alg) /* sanity */ return NULL; + if (digests[alg].mdfunc == NULL) + return NULL; return &(digests[alg]); }