summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2006-03-16 18:22:18 +1100
committerDamien Miller <djm@mindrot.org>2006-03-16 18:22:18 +1100
commitb309203ce0fd065e74ee22349a16488a7713867b (patch)
tree8da752acab52203f97f2e91893662a0941d68519
parent425a6886f99235e61faf8ea67c8f573f188eb2b2 (diff)
- (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
OpenSSL; ok tim
-rw-r--r--ChangeLog4
-rw-r--r--kex.c10
2 files changed, 9 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index aa2918414..59ac3ad54 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,8 @@
4 /usr/include/crypto. Hint from djm@. 4 /usr/include/crypto. Hint from djm@.
5 - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] 5 - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
6 Disable sha256 when openssl < 0.9.7. Patch from djm@. 6 Disable sha256 when openssl < 0.9.7. Patch from djm@.
7 - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
8 OpenSSL; ok tim
7 9
820060315 1020060315
9 - (djm) OpenBSD CVS Sync: 11 - (djm) OpenBSD CVS Sync:
@@ -4180,4 +4182,4 @@
4180 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 4182 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
4181 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 4183 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
4182 4184
4183$Id: ChangeLog,v 1.4227 2006/03/16 04:17:05 tim Exp $ 4185$Id: ChangeLog,v 1.4228 2006/03/16 07:22:18 djm Exp $
diff --git a/kex.c b/kex.c
index 8610a7dab..23d8d2923 100644
--- a/kex.c
+++ b/kex.c
@@ -44,12 +44,12 @@ RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $");
44 44
45#define KEX_COOKIE_LEN 16 45#define KEX_COOKIE_LEN 16
46 46
47#if OPENSSL_VERSION_NUMBER < 0x00907000L 47#if OPENSSL_VERSION_NUMBER >= 0x00907000L
48# define evp_ssh_sha256() NULL 48# if defined(HAVE_EVP_SHA256)
49#elif defined(HAVE_EVP_SHA256)
50# define evp_ssh_sha256 EVP_sha256 49# define evp_ssh_sha256 EVP_sha256
51#else 50# else
52extern const EVP_MD *evp_ssh_sha256(void); 51extern const EVP_MD *evp_ssh_sha256(void);
52# endif
53#endif 53#endif
54 54
55/* prototype */ 55/* prototype */
@@ -309,9 +309,11 @@ choose_kex(Kex *k, char *client, char *server)
309 } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) { 309 } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
310 k->kex_type = KEX_DH_GEX_SHA1; 310 k->kex_type = KEX_DH_GEX_SHA1;
311 k->evp_md = EVP_sha1(); 311 k->evp_md = EVP_sha1();
312#if OPENSSL_VERSION_NUMBER >= 0x00907000L
312 } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) { 313 } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
313 k->kex_type = KEX_DH_GEX_SHA256; 314 k->kex_type = KEX_DH_GEX_SHA256;
314 k->evp_md = evp_ssh_sha256(); 315 k->evp_md = evp_ssh_sha256();
316#endif
315 } else 317 } else
316 fatal("bad kex alg %s", k->name); 318 fatal("bad kex alg %s", k->name);
317} 319}