- (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the

underlying libraries support them.
author: Darren Tucker <dtucker@zip.com.au> 2013-05-10 18:11:55 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2013-05-10 18:11:55 +1000
commit: a75d247a18a5099c60226395354eb252c097ac86 (patch)
tree: 47b89ced4941c4008e811dc4e942a2f4bcbb0204
parent: 0abfb559e3f79d1f217773510d7626c3722aa3c1 (diff)
2 files changed, 5 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 650400f83..d03a43527 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@
 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
   openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
   in to use it when we're using our own getopt.
+ - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
+   underlying libraries support them.
 20130423
 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
diff --git a/kex.c b/kex.c
index f6e683bde..6b43a6dee 100644
--- a/kex.c
+++ b/kex.c
@@ -72,8 +72,10 @@ static const struct kexalg kexalgs[] = {
        { KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 },
        { KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 },
        { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 },
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+#ifdef HAVE_EVP_SHA256
        { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 },
+#endif
+#ifdef OPENSSL_HAS_ECC
        { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 },
        { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 },
        { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 },
author	Darren Tucker <dtucker@zip.com.au>	2013-05-10 18:11:55 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2013-05-10 18:11:55 +1000
commit	a75d247a18a5099c60226395354eb252c097ac86 (patch)
tree	47b89ced4941c4008e811dc4e942a2f4bcbb0204
parent	0abfb559e3f79d1f217773510d7626c3722aa3c1 (diff)