missing HAVE_EVP_RIPEMD160 breaks ssh client

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello,

I've updated sources but forgot to recreate configure so I've ended without
#define HAVE_EVP_RIPEMD160 1

and ssh client ended with:

OpenSSH_6.7p1, OpenSSL 1.0.1h-fips 5 Jun 2014
debug1: Reading configuration data ssh.config
main: mux digest failed

The problem was that ssh_digest_by_alg() couldn't verify alg with an index bigger than 1 since
the line with SSH_DIGEST_RIPEMD160 wasn't compiled in and all indexes in the ssh_digest digests array
was lowered by one.

/* NB. Indexed directly by algorithm number */
const struct ssh_digest digests[] = {
	{ SSH_DIGEST_MD5,	"MD5",	 	16,	EVP_md5 },
#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
	{ SSH_DIGEST_RIPEMD160,	"RIPEMD160",	20,	EVP_ripemd160 },
#endif
	{ SSH_DIGEST_SHA1,	"SHA1",	 	20,	EVP_sha1 },
...


Would it be worth to use enum instead of defined constants for the digest type?

--- a/digest.h
+++ b/digest.h
@@ -22,13 +22,17 @@
 #define SSH_DIGEST_MAX_LENGTH  64

 /* Digest algorithms */
-#define SSH_DIGEST_MD5         0
-#define SSH_DIGEST_RIPEMD160   1
-#define SSH_DIGEST_SHA1                2
-#define SSH_DIGEST_SHA256      3
-#define SSH_DIGEST_SHA384      4
-#define SSH_DIGEST_SHA512      5
-#define SSH_DIGEST_MAX         6
+enum ssh_digest_type {
+       SSH_DIGEST_MD5,
+#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
+       SSH_DIGEST_RIPEMD160,
+#endif
+       SSH_DIGEST_SHA1,
+       SSH_DIGEST_SHA256,
+       SSH_DIGEST_SHA384,
+       SSH_DIGEST_SHA512,
+       SSH_DIGEST_MAX
+};

 struct sshbuf;
 struct ssh_digest_ctx;



Regards,

Petr

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux