kex: do not ignore failure of libssh2_md5_init()

The MD5 algorithm is disabled when running in FIPS mode.
2025-11-20 02:42:09 +03:00 · 2012-09-10 15:32:40 +02:00
parent 6af85b6053
commit 43b730ce56
5 changed files with 21 additions and 6 deletions
--- a/src/kex.c
+++ b/src/kex.c
@@ -218,10 +218,15 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
        {
            libssh2_md5_ctx fingerprint_ctx;

-            libssh2_md5_init(&fingerprint_ctx);
-            libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
-                               session->server_hostkey_len);
-            libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5);
+            if (libssh2_md5_init(&fingerprint_ctx)) {
+                libssh2_md5_update(fingerprint_ctx, session->server_hostkey,
+                                   session->server_hostkey_len);
+                libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5);
+                session->server_hostkey_md5_valid = TRUE;
+            }
+            else {
+                session->server_hostkey_md5_valid = FALSE;
+            }
        }
 #ifdef LIBSSH2DEBUG
        {