summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2013-06-11 12:10:02 +1000
committerDarren Tucker <dtucker@zip.com.au>2013-06-11 12:10:02 +1000
commitb8ae92d08b91beaef34232c6ef34b9941473fdd6 (patch)
tree9abeb124a93825fe7572b66945797abd7dd2b222
parent97b62f41adcb0dcbeff142d0540793a7ea17c910 (diff)
- (dtucker) [myproposal.h] Make the conditional algorithm support consistent
and add some comments so it's clear what goes where.
-rw-r--r--ChangeLog2
-rw-r--r--myproposal.h17
2 files changed, 11 insertions, 8 deletions
diff --git a/ChangeLog b/ChangeLog
index 6805e8a10..526a05102 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,8 @@
13 algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages. 13 algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
14 - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have 14 - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
15 the required OpenSSL support. Patch from naddy at freebsd. 15 the required OpenSSL support. Patch from naddy at freebsd.
16 - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
17 and add some comments so it's clear what goes where.
16 18
1720130605 1920130605
18 - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of 20 - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of
diff --git a/myproposal.h b/myproposal.h
index 276108bf6..4e913e3ce 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -26,6 +26,8 @@
26 26
27#include <openssl/opensslv.h> 27#include <openssl/opensslv.h>
28 28
29/* conditional algorithm support */
30
29#ifdef OPENSSL_HAS_ECC 31#ifdef OPENSSL_HAS_ECC
30# define KEX_ECDH_METHODS \ 32# define KEX_ECDH_METHODS \
31 "ecdh-sha2-nistp256," \ 33 "ecdh-sha2-nistp256," \
@@ -52,12 +54,15 @@
52# define AESGCM_CIPHER_MODES 54# define AESGCM_CIPHER_MODES
53#endif 55#endif
54 56
55/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
56#ifdef HAVE_EVP_SHA256 57#ifdef HAVE_EVP_SHA256
57# define KEX_SHA256_METHODS \ 58# define KEX_SHA256_METHODS \
58 "diffie-hellman-group-exchange-sha256," 59 "diffie-hellman-group-exchange-sha256,"
60#define SHA2_HMAC_MODES \
61 "hmac-sha2-256," \
62 "hmac-sha2-512,"
59#else 63#else
60# define KEX_SHA256_METHODS 64# define KEX_SHA256_METHODS
65# define SHA2_HMAC_MODES
61#endif 66#endif
62 67
63# define KEX_DEFAULT_KEX \ 68# define KEX_DEFAULT_KEX \
@@ -77,19 +82,15 @@
77 "ssh-rsa," \ 82 "ssh-rsa," \
78 "ssh-dss" 83 "ssh-dss"
79 84
85/* the actual algorithms */
86
80#define KEX_DEFAULT_ENCRYPT \ 87#define KEX_DEFAULT_ENCRYPT \
81 "aes128-ctr,aes192-ctr,aes256-ctr," \ 88 "aes128-ctr,aes192-ctr,aes256-ctr," \
82 "arcfour256,arcfour128," \ 89 "arcfour256,arcfour128," \
83 AESGCM_CIPHER_MODES \ 90 AESGCM_CIPHER_MODES \
84 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ 91 "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
85 "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" 92 "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
86#ifdef HAVE_EVP_SHA256 93
87#define SHA2_HMAC_MODES \
88 "hmac-sha2-256," \
89 "hmac-sha2-512,"
90#else
91# define SHA2_HMAC_MODES
92#endif
93#define KEX_DEFAULT_MAC \ 94#define KEX_DEFAULT_MAC \
94 "hmac-md5-etm@openssh.com," \ 95 "hmac-md5-etm@openssh.com," \
95 "hmac-sha1-etm@openssh.com," \ 96 "hmac-sha1-etm@openssh.com," \