- (djm) [digest-openssl.c] Preserve array order when disabling digests.

   Reported by Petr Lautrbach.

1 files changed, 11 insertions, 4 deletions

diff --git a/digest-openssl.c b/digest-openssl.c
index 6e8bf15d..02b17034 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -30,6 +30,15 @@
 #include "digest.h"
 #include "ssherr.h"
 
+#ifndef HAVE_EVP_RIPEMD160
+# define EVP_ripemd160 NULL
+#endif /* HAVE_EVP_RIPEMD160 */
+#ifndef HAVE_EVP_SHA256
+# define EVP_sha256 NULL
+# define EVP_sha384 NULL
+# define EVP_sha512 NULL
+#endif /* HAVE_EVP_SHA256 */
+
 struct ssh_digest_ctx {
 	int alg;
 	EVP_MD_CTX mdctx;
@@ -45,15 +54,11 @@ struct ssh_digest {
 /* NB. Indexed directly by algorithm number */
 const struct ssh_digest digests[] = {
 	{ SSH_DIGEST_MD5,	"MD5",	 	16,	EVP_md5 },
-#ifdef HAVE_EVP_RIPEMD160 /* XXX replace with local if missing */
 	{ SSH_DIGEST_RIPEMD160,	"RIPEMD160",	20,	EVP_ripemd160 },
-#endif
 	{ SSH_DIGEST_SHA1,	"SHA1",	 	20,	EVP_sha1 },
-#ifdef HAVE_EVP_SHA256 /* XXX replace with local if missing */
 	{ SSH_DIGEST_SHA256,	"SHA256", 	32,	EVP_sha256 },
 	{ SSH_DIGEST_SHA384,	"SHA384",	48,	EVP_sha384 },
 	{ SSH_DIGEST_SHA512,	"SHA512", 	64,	EVP_sha512 },
-#endif
 	{ -1,			NULL,		0,	NULL },
 };
 
@@ -64,6 +69,8 @@ ssh_digest_by_alg(int alg)
 		return NULL;
 	if (digests[alg].id != alg) /* sanity */
 		return NULL;
+	if (digests[alg].mdfunc == NULL)
+		return NULL;
 	return &(digests[alg]);
 }