Hello,
I've updated sources but forgot to recreate configure so I've ended without
#define HAVE_EVP_RIPEMD160 1
and ssh client ended with:
OpenSSH_6.7p1, OpenSSL 1.0.1h-fips 5 Jun 2014
debug1: Reading configuration data ssh.config
main: mux digest failed
The problem was that ssh_digest_by_alg() couldn't verify alg with an index bigger than 1 since
the line with SSH_DIGEST_RIPEMD160 wasn't compiled in and all indexes in the ssh_digest digests array
was lowered by one.
/* NB. Indexed directly by algorithm number */
const struct ssh_digest digests[] = {
{ SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },
#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
{ SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 },
#endif
{ SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
...
Would it be worth to use enum instead of defined constants for the digest type?
--- a/digest.h
+++ b/digest.h
@@ -22,13 +22,17 @@
#define SSH_DIGEST_MAX_LENGTH 64
/* Digest algorithms */
-#define SSH_DIGEST_MD5 0
-#define SSH_DIGEST_RIPEMD160 1
-#define SSH_DIGEST_SHA1 2
-#define SSH_DIGEST_SHA256 3
-#define SSH_DIGEST_SHA384 4
-#define SSH_DIGEST_SHA512 5
-#define SSH_DIGEST_MAX 6
+enum ssh_digest_type {
+ SSH_DIGEST_MD5,
+#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
+ SSH_DIGEST_RIPEMD160,
+#endif
+ SSH_DIGEST_SHA1,
+ SSH_DIGEST_SHA256,
+ SSH_DIGEST_SHA384,
+ SSH_DIGEST_SHA512,
+ SSH_DIGEST_MAX
+};
struct sshbuf;
struct ssh_digest_ctx;
Regards,
Petr
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
