summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Rice <tim@multitalents.net>2006-03-15 20:17:05 -0800
committerTim Rice <tim@multitalents.net>2006-03-15 20:17:05 -0800
commit425a6886f99235e61faf8ea67c8f573f188eb2b2 (patch)
tree5351bc87a8e9cdc499b20b698cdbc8beb8d4ba59
parentc495301bf8cd3a05512e702af212631abab52b88 (diff)
- (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] Disable
sha256 when openssl < 0.9.7. Patch from djm@. Corrections/testing by me.
-rw-r--r--ChangeLog4
-rw-r--r--kex.c8
-rw-r--r--md-sha256.c5
-rw-r--r--myproposal.h14
-rw-r--r--openbsd-compat/sha2.c8
-rw-r--r--openbsd-compat/sha2.h8
6 files changed, 36 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index 1c4fdef89..aa2918414 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
2 - (dtucker) [entropy.c] Add headers for WIFEXITED and friends. 2 - (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
3 - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in 3 - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
4 /usr/include/crypto. Hint from djm@. 4 /usr/include/crypto. Hint from djm@.
5 - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
6 Disable sha256 when openssl < 0.9.7. Patch from djm@.
5 7
620060315 820060315
7 - (djm) OpenBSD CVS Sync: 9 - (djm) OpenBSD CVS Sync:
@@ -4178,4 +4180,4 @@
4178 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 4180 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
4179 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 4181 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
4180 4182
4181$Id: ChangeLog,v 1.4226 2006/03/15 21:14:34 dtucker Exp $ 4183$Id: ChangeLog,v 1.4227 2006/03/16 04:17:05 tim Exp $
diff --git a/kex.c b/kex.c
index 70c2c9709..8610a7dab 100644
--- a/kex.c
+++ b/kex.c
@@ -44,11 +44,13 @@ RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $");
44 44
45#define KEX_COOKIE_LEN 16 45#define KEX_COOKIE_LEN 16
46 46
47#ifdef HAVE_EVP_SHA256 47#if OPENSSL_VERSION_NUMBER < 0x00907000L
48# define evp_ssh_sha256() NULL
49#elif defined(HAVE_EVP_SHA256)
48# define evp_ssh_sha256 EVP_sha256 50# define evp_ssh_sha256 EVP_sha256
49#else /* HAVE_EVP_SHA256 */ 51#else
50extern const EVP_MD *evp_ssh_sha256(void); 52extern const EVP_MD *evp_ssh_sha256(void);
51#endif /* HAVE_EVP_SHA256 */ 53#endif
52 54
53/* prototype */ 55/* prototype */
54static void kex_kexinit_finish(Kex *); 56static void kex_kexinit_finish(Kex *);
diff --git a/md-sha256.c b/md-sha256.c
index 0b1ed5828..064228a4a 100644
--- a/md-sha256.c
+++ b/md-sha256.c
@@ -17,8 +17,9 @@
17/* EVP wrapper for SHA256 */ 17/* EVP wrapper for SHA256 */
18 18
19#include "includes.h" 19#include "includes.h"
20#include <openssl/opensslv.h>
20 21
21#ifndef HAVE_EVP_SHA256 22#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
22 23
23#include <string.h> 24#include <string.h>
24#include <openssl/evp.h> 25#include <openssl/evp.h>
@@ -80,5 +81,5 @@ evp_ssh_sha256(void)
80 return (&ssh_sha256); 81 return (&ssh_sha256);
81} 82}
82 83
83#endif /* HAVE_EVP_SHA256 */ 84#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
84 85
diff --git a/myproposal.h b/myproposal.h
index cc94a8ed2..43c540209 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -23,11 +23,23 @@
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */ 25 */
26#define KEX_DEFAULT_KEX \ 26
27#include <openssl/opensslv.h>
28
29/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
30#if OPENSSL_VERSION_NUMBER < 0x00907000L
31# define KEX_DEFAULT_KEX \
32 "diffie-hellman-group-exchange-sha1," \
33 "diffie-hellman-group14-sha1," \
34 "diffie-hellman-group1-sha1"
35#else
36# define KEX_DEFAULT_KEX \
27 "diffie-hellman-group-exchange-sha256," \ 37 "diffie-hellman-group-exchange-sha256," \
28 "diffie-hellman-group-exchange-sha1," \ 38 "diffie-hellman-group-exchange-sha1," \
29 "diffie-hellman-group14-sha1," \ 39 "diffie-hellman-group14-sha1," \
30 "diffie-hellman-group1-sha1" 40 "diffie-hellman-group1-sha1"
41#endif
42
31#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" 43#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
32#define KEX_DEFAULT_ENCRYPT \ 44#define KEX_DEFAULT_ENCRYPT \
33 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ 45 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c
index 36ab60e62..cf8e0ad66 100644
--- a/openbsd-compat/sha2.c
+++ b/openbsd-compat/sha2.c
@@ -38,7 +38,10 @@
38 38
39#include "includes.h" 39#include "includes.h"
40 40
41#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) 41#include <openssl/opensslv.h>
42
43#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
44 (OPENSSL_VERSION_NUMBER >= 0x00907000L)
42#include <sys/types.h> 45#include <sys/types.h>
43#include <string.h> 46#include <string.h>
44#include "sha2.h" 47#include "sha2.h"
@@ -875,4 +878,5 @@ SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context)
875} 878}
876#endif 879#endif
877 880
878#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */ 881#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
882 (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h
index 1d6aa61e9..821f2dd6c 100644
--- a/openbsd-compat/sha2.h
+++ b/openbsd-compat/sha2.h
@@ -41,7 +41,10 @@
41 41
42#include "includes.h" 42#include "includes.h"
43 43
44#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) 44#include <openssl/opensslv.h>
45
46#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
47 (OPENSSL_VERSION_NUMBER >= 0x00907000L)
45 48
46/*** SHA-256/384/512 Various Length Definitions ***********************/ 49/*** SHA-256/384/512 Various Length Definitions ***********************/
47#define SHA256_BLOCK_LENGTH 64 50#define SHA256_BLOCK_LENGTH 64
@@ -124,6 +127,7 @@ char *SHA512_Data(const u_int8_t *, size_t, char *)
124 __attribute__((__bounded__(__string__,1,2))) 127 __attribute__((__bounded__(__string__,1,2)))
125 __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH))); 128 __attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
126 129
127#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */ 130#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
131 (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
128 132
129#endif /* _SSHSHA2_H */ 133#endif /* _SSHSHA2_H */