- (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto

doesn't support it.
kesavamaddipati · Jul 3, 2014 · 8da0fa2 · 8da0fa2
1 parent 81309c8
commit 8da0fa2
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 2 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,7 @@
+20140703
+ - (djm) [digest-openssl.c configure.ac] Disable RIPEMD160 if libcrypto
+   doesn't support it.
+
 20140702
  - OpenBSD CVS Sync
    - [email protected] 2014/06/13 08:26:29

diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.576 2014/06/13 01:06:04 dtucker Exp $
+# $Id: configure.ac,v 1.577 2014/07/03 01:54:19 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT([OpenSSH], [Portable], [[email protected]])
-AC_REVISION($Revision: 1.576 $)
+AC_REVISION($Revision: 1.577 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
 
@@ -2512,6 +2512,14 @@ AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
 	[email protected] [email protected]"
      ]
 )
+# Search for RIPE-MD support in OpenSSL
+AC_CHECK_FUNCS([EVP_ripemd160], ,
+    [unsupported_algorithms="$unsupported_algorithms \
+	hmac-ripemd160
+	[email protected]
+	[email protected]"
+     ]
+)
 
 # Check complete ECC support in OpenSSL
 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])

diff --git a/digest-openssl.c b/digest-openssl.c
@@ -45,7 +45,9 @@ struct ssh_digest {
 /* NB. Indexed directly by algorithm number */
 const struct ssh_digest digests[] = {
 	{ SSH_DIGEST_MD5,	"MD5",	 	16,	EVP_md5 },
+#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
 	{ SSH_DIGEST_RIPEMD160,	"RIPEMD160",	20,	EVP_ripemd160 },
+#endif
 	{ SSH_DIGEST_SHA1,	"SHA1",	 	20,	EVP_sha1 },
 #ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */
 	{ SSH_DIGEST_SHA256,	"SHA256", 	32,	EVP_sha256 },