diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-06-11 12:10:02 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-11 12:10:02 +1000 |
commit | b8ae92d08b91beaef34232c6ef34b9941473fdd6 (patch) | |
tree | 9abeb124a93825fe7572b66945797abd7dd2b222 | |
parent | 97b62f41adcb0dcbeff142d0540793a7ea17c910 (diff) |
- (dtucker) [myproposal.h] Make the conditional algorithm support consistent
and add some comments so it's clear what goes where.
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | myproposal.h | 17 |
2 files changed, 11 insertions, 8 deletions
@@ -13,6 +13,8 @@ | |||
13 | algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages. | 13 | algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages. |
14 | - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have | 14 | - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have |
15 | the required OpenSSL support. Patch from naddy at freebsd. | 15 | the required OpenSSL support. Patch from naddy at freebsd. |
16 | - (dtucker) [myproposal.h] Make the conditional algorithm support consistent | ||
17 | and add some comments so it's clear what goes where. | ||
16 | 18 | ||
17 | 20130605 | 19 | 20130605 |
18 | - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of | 20 | - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of |
diff --git a/myproposal.h b/myproposal.h index 276108bf6..4e913e3ce 100644 --- a/myproposal.h +++ b/myproposal.h | |||
@@ -26,6 +26,8 @@ | |||
26 | 26 | ||
27 | #include <openssl/opensslv.h> | 27 | #include <openssl/opensslv.h> |
28 | 28 | ||
29 | /* conditional algorithm support */ | ||
30 | |||
29 | #ifdef OPENSSL_HAS_ECC | 31 | #ifdef OPENSSL_HAS_ECC |
30 | # define KEX_ECDH_METHODS \ | 32 | # define KEX_ECDH_METHODS \ |
31 | "ecdh-sha2-nistp256," \ | 33 | "ecdh-sha2-nistp256," \ |
@@ -52,12 +54,15 @@ | |||
52 | # define AESGCM_CIPHER_MODES | 54 | # define AESGCM_CIPHER_MODES |
53 | #endif | 55 | #endif |
54 | 56 | ||
55 | /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ | ||
56 | #ifdef HAVE_EVP_SHA256 | 57 | #ifdef HAVE_EVP_SHA256 |
57 | # define KEX_SHA256_METHODS \ | 58 | # define KEX_SHA256_METHODS \ |
58 | "diffie-hellman-group-exchange-sha256," | 59 | "diffie-hellman-group-exchange-sha256," |
60 | #define SHA2_HMAC_MODES \ | ||
61 | "hmac-sha2-256," \ | ||
62 | "hmac-sha2-512," | ||
59 | #else | 63 | #else |
60 | # define KEX_SHA256_METHODS | 64 | # define KEX_SHA256_METHODS |
65 | # define SHA2_HMAC_MODES | ||
61 | #endif | 66 | #endif |
62 | 67 | ||
63 | # define KEX_DEFAULT_KEX \ | 68 | # define KEX_DEFAULT_KEX \ |
@@ -77,19 +82,15 @@ | |||
77 | "ssh-rsa," \ | 82 | "ssh-rsa," \ |
78 | "ssh-dss" | 83 | "ssh-dss" |
79 | 84 | ||
85 | /* the actual algorithms */ | ||
86 | |||
80 | #define KEX_DEFAULT_ENCRYPT \ | 87 | #define KEX_DEFAULT_ENCRYPT \ |
81 | "aes128-ctr,aes192-ctr,aes256-ctr," \ | 88 | "aes128-ctr,aes192-ctr,aes256-ctr," \ |
82 | "arcfour256,arcfour128," \ | 89 | "arcfour256,arcfour128," \ |
83 | AESGCM_CIPHER_MODES \ | 90 | AESGCM_CIPHER_MODES \ |
84 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ | 91 | "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ |
85 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" | 92 | "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" |
86 | #ifdef HAVE_EVP_SHA256 | 93 | |
87 | #define SHA2_HMAC_MODES \ | ||
88 | "hmac-sha2-256," \ | ||
89 | "hmac-sha2-512," | ||
90 | #else | ||
91 | # define SHA2_HMAC_MODES | ||
92 | #endif | ||
93 | #define KEX_DEFAULT_MAC \ | 94 | #define KEX_DEFAULT_MAC \ |
94 | "hmac-md5-etm@openssh.com," \ | 95 | "hmac-md5-etm@openssh.com," \ |
95 | "hmac-sha1-etm@openssh.com," \ | 96 | "hmac-sha1-etm@openssh.com," \ |