From 8da0fa24934501909408327298097b1629b89eaa Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 3 Jul 2014 11:54:19 +1000 Subject: [PATCH] - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto doesn't support it. --- ChangeLog | 4 ++++ configure.ac | 12 ++++++++++-- digest-openssl.c | 2 ++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 92619d73b..0fa486385 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20140703 + - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto + doesn't support it. + 20140702 - OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2014/06/13 08:26:29 diff --git a/configure.ac b/configure.ac index f48ba4a49..a73f8b3c1 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.576 2014/06/13 01:06:04 dtucker Exp $ +# $Id: configure.ac,v 1.577 2014/07/03 01:54:19 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.576 $) +AC_REVISION($Revision: 1.577 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2512,6 +2512,14 @@ AC_CHECK_FUNCS([SHA256_Update EVP_sha256], , hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com" ] ) +# Search for RIPE-MD support in OpenSSL +AC_CHECK_FUNCS([EVP_ripemd160], , + [unsupported_algorithms="$unsupported_algorithms \ + hmac-ripemd160 + hmac-ripemd160@openssh.com + hmac-ripemd160-etm@openssh.com" + ] +) # Check complete ECC support in OpenSSL AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) diff --git a/digest-openssl.c b/digest-openssl.c index de0380135..7ec6bd260 100644 --- a/digest-openssl.c +++ b/digest-openssl.c @@ -45,7 +45,9 @@ struct ssh_digest { /* NB. Indexed directly by algorithm number */ const struct ssh_digest digests[] = { { SSH_DIGEST_MD5, "MD5", 16, EVP_md5 }, +#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */ { SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 }, +#endif { SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 }, #ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */ { SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },