openssh unix dev - Jul 2014 - missing HAVE_EVP_RIPEMD160 breaks ssh client

Hello,

I've updated sources but forgot to recreate configure so I've ended
without
#define HAVE_EVP_RIPEMD160 1

and ssh client ended with:

OpenSSH_6.7p1, OpenSSL 1.0.1h-fips 5 Jun 2014
debug1: Reading configuration data ssh.config
main: mux digest failed

The problem was that ssh_digest_by_alg() couldn't verify alg with an index
bigger than 1 since
the line with SSH_DIGEST_RIPEMD160 wasn't compiled in and all indexes in the
ssh_digest digests array
was lowered by one.

/* NB. Indexed directly by algorithm number */
const struct ssh_digest digests[] = {
	{ SSH_DIGEST_MD5,	"MD5",	 	16,	EVP_md5 },
#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
	{ SSH_DIGEST_RIPEMD160,	"RIPEMD160",	20,	EVP_ripemd160 },
#endif
	{ SSH_DIGEST_SHA1,	"SHA1",	 	20,	EVP_sha1 },
...


Would it be worth to use enum instead of defined constants for the digest type?

--- a/digest.h
+++ b/digest.h
@@ -22,13 +22,17 @@
 #define SSH_DIGEST_MAX_LENGTH  64

 /* Digest algorithms */
-#define SSH_DIGEST_MD5         0
-#define SSH_DIGEST_RIPEMD160   1
-#define SSH_DIGEST_SHA1                2
-#define SSH_DIGEST_SHA256      3
-#define SSH_DIGEST_SHA384      4
-#define SSH_DIGEST_SHA512      5
-#define SSH_DIGEST_MAX         6
+enum ssh_digest_type {
+       SSH_DIGEST_MD5,
+#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
+       SSH_DIGEST_RIPEMD160,
+#endif
+       SSH_DIGEST_SHA1,
+       SSH_DIGEST_SHA256,
+       SSH_DIGEST_SHA384,
+       SSH_DIGEST_SHA512,
+       SSH_DIGEST_MAX
+};

 struct sshbuf;
 struct ssh_digest_ctx;



Regards,

Petr

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140715/b021796b/attachment-0001.bin>

On 07/15/2014 05:00 PM, Petr Lautrbach wrote:
> Hello,
> 
> --- a/digest.h
> +++ b/digest.h
> @@ -22,13 +22,17 @@
>  #define SSH_DIGEST_MAX_LENGTH  64
> 
>  /* Digest algorithms */
> -#define SSH_DIGEST_MD5         0
> -#define SSH_DIGEST_RIPEMD160   1
> -#define SSH_DIGEST_SHA1                2
> -#define SSH_DIGEST_SHA256      3
> -#define SSH_DIGEST_SHA384      4
> -#define SSH_DIGEST_SHA512      5
> -#define SSH_DIGEST_MAX         6
> +enum ssh_digest_type {
> +       SSH_DIGEST_MD5,
> +#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
> +       SSH_DIGEST_RIPEMD160,
> +#endif
> +       SSH_DIGEST_SHA1,
> +       SSH_DIGEST_SHA256,
> +       SSH_DIGEST_SHA384,
> +       SSH_DIGEST_SHA512,
> +       SSH_DIGEST_MAX
> +};
> 
Hmm, it would break the implementation in digest-libc.c so probably not the
right fix.



Petr

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140715/86fd44ac/attachment.bin>

On Tue, 15 Jul 2014, Petr Lautrbach wrote:
> Hello,
> 
> I've updated sources but forgot to recreate configure so I've ended
without
> #define HAVE_EVP_RIPEMD160 1
> 
> and ssh client ended with:
> 
> OpenSSH_6.7p1, OpenSSL 1.0.1h-fips 5 Jun 2014
> debug1: Reading configuration data ssh.config
> main: mux digest failed
> 
> The problem was that ssh_digest_by_alg() couldn't verify alg with an
index bigger than 1 since
> the line with SSH_DIGEST_RIPEMD160 wasn't compiled in and all indexes
in the ssh_digest digests array
> was lowered by one.
> 
> /* NB. Indexed directly by algorithm number */
> const struct ssh_digest digests[] = {
> 	{ SSH_DIGEST_MD5,	"MD5",	 	16,	EVP_md5 },
> #ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
> 	{ SSH_DIGEST_RIPEMD160,	"RIPEMD160",	20,	EVP_ripemd160 },
> #endif
> 	{ SSH_DIGEST_SHA1,	"SHA1",	 	20,	EVP_sha1 },
> ...
Try this:

Index: digest-openssl.c
==================================================================RCS file:
/var/cvs/openssh/digest-openssl.c,v
retrieving revision 1.5
diff -u -p -r1.5 digest-openssl.c
--- digest-openssl.c	3 Jul 2014 11:23:25 -0000	1.5
+++ digest-openssl.c	15 Jul 2014 23:16:30 -0000
@@ -30,6 +30,15 @@
 #include "digest.h"
 #include "ssherr.h"
 
+#ifndef HAVE_EVP_RIPEMD160
+# define EVP_ripemd160 NULL
+#endif /* HAVE_EVP_RIPEMD160 */
+#ifndef HAVE_EVP_SHA256
+# define EVP_sha256 NULL
+# define EVP_sha384 NULL
+# define EVP_sha512 NULL
+#endif /* HAVE_EVP_SHA256 */
+
 struct ssh_digest_ctx {
 	int alg;
 	EVP_MD_CTX mdctx;
@@ -45,15 +54,11 @@ struct ssh_digest {
 /* NB. Indexed directly by algorithm number */
 const struct ssh_digest digests[] = {
 	{ SSH_DIGEST_MD5,	"MD5",	 	16,	EVP_md5 },
-#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
 	{ SSH_DIGEST_RIPEMD160,	"RIPEMD160",	20,	EVP_ripemd160 },
-#endif
 	{ SSH_DIGEST_SHA1,	"SHA1",	 	20,	EVP_sha1 },
-#ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */
 	{ SSH_DIGEST_SHA256,	"SHA256", 	32,	EVP_sha256 },
 	{ SSH_DIGEST_SHA384,	"SHA384",	48,	EVP_sha384 },
 	{ SSH_DIGEST_SHA512,	"SHA512", 	64,	EVP_sha512 },
-#endif
 	{ -1,			NULL,		0,	NULL },
 };
 
@@ -63,6 +68,8 @@ ssh_digest_by_alg(int alg)
 	if (alg < 0 || alg >= SSH_DIGEST_MAX)
 		return NULL;
 	if (digests[alg].id != alg) /* sanity */
+		return NULL;
+	if (digests[alg].mdfunc == NULL)
 		return NULL;
 	return &(digests[alg]);
 }