- (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto

doesn't support it.
This commit is contained in:
Damien Miller 2014-07-03 11:54:19 +10:00
parent 81309c857d
commit 8da0fa2493
3 changed files with 16 additions and 2 deletions

View File

@ -1,3 +1,7 @@
20140703
- (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
doesn't support it.
20140702
- OpenBSD CVS Sync
- deraadt@cvs.openbsd.org 2014/06/13 08:26:29

View File

@ -1,4 +1,4 @@
# $Id: configure.ac,v 1.576 2014/06/13 01:06:04 dtucker Exp $
# $Id: configure.ac,v 1.577 2014/07/03 01:54:19 djm Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
AC_REVISION($Revision: 1.576 $)
AC_REVISION($Revision: 1.577 $)
AC_CONFIG_SRCDIR([ssh.c])
AC_LANG([C])
@ -2512,6 +2512,14 @@ AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com"
]
)
# Search for RIPE-MD support in OpenSSL
AC_CHECK_FUNCS([EVP_ripemd160], ,
[unsupported_algorithms="$unsupported_algorithms \
hmac-ripemd160
hmac-ripemd160@openssh.com
hmac-ripemd160-etm@openssh.com"
]
)
# Check complete ECC support in OpenSSL
AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])

View File

@ -45,7 +45,9 @@ struct ssh_digest {
/* NB. Indexed directly by algorithm number */
const struct ssh_digest digests[] = {
{ SSH_DIGEST_MD5, "MD5", 16, EVP_md5 },
#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
{ SSH_DIGEST_RIPEMD160, "RIPEMD160", 20, EVP_ripemd160 },
#endif
{ SSH_DIGEST_SHA1, "SHA1", 20, EVP_sha1 },
#ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */
{ SSH_DIGEST_SHA256, "SHA256", 32, EVP_sha256 },