Hello, I've updated sources but forgot to recreate configure so I've ended without #define HAVE_EVP_RIPEMD160 1 and ssh client ended with: OpenSSH_6.7p1, OpenSSL 1.0.1h-fips 5 Jun 2014 debug1: Reading configuration data ssh.config main: mux digest failed The problem was that ssh_digest_by_alg() couldn't verify alg with an index bigger than 1 since the line with SSH_DIGEST_RIPEMD160 wasn't compiled in and all indexes in the ssh_digest digests array was lowered by one. /* NB. Indexed directly by algorithm number */ const struct ssh_digest digests[] = { { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, #ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */ { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, #endif { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, ... Would it be worth to use enum instead of defined constants for the digest type? --- a/digest.h +++ b/digest.h @@ -22,13 +22,17 @@ #define SSH_DIGEST_MAX_LENGTH 64 /* Digest algorithms */ -#define SSH_DIGEST_MD5 0 -#define SSH_DIGEST_RIPEMD160 1 -#define SSH_DIGEST_SHA1 2 -#define SSH_DIGEST_SHA256 3 -#define SSH_DIGEST_SHA384 4 -#define SSH_DIGEST_SHA512 5 -#define SSH_DIGEST_MAX 6 +enum ssh_digest_type { + SSH_DIGEST_MD5, +#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */ + SSH_DIGEST_RIPEMD160, +#endif + SSH_DIGEST_SHA1, + SSH_DIGEST_SHA256, + SSH_DIGEST_SHA384, + SSH_DIGEST_SHA512, + SSH_DIGEST_MAX +}; struct sshbuf; struct ssh_digest_ctx; Regards, Petr
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev