diff options
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | kex.c | 4 |
2 files changed, 5 insertions, 1 deletions
| @@ -12,6 +12,8 @@ | |||
| 12 | - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c | 12 | - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c |
| 13 | openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb | 13 | openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb |
| 14 | in to use it when we're using our own getopt. | 14 | in to use it when we're using our own getopt. |
| 15 | - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the | ||
| 16 | underlying libraries support them. | ||
| 15 | 17 | ||
| 16 | 20130423 | 18 | 20130423 |
| 17 | - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support | 19 | - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support |
| @@ -72,8 +72,10 @@ static const struct kexalg kexalgs[] = { | |||
| 72 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 }, | 72 | { KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 }, |
| 73 | { KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 }, | 73 | { KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 }, |
| 74 | { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 }, | 74 | { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 }, |
| 75 | #if OPENSSL_VERSION_NUMBER >= 0x00907000L | 75 | #ifdef HAVE_EVP_SHA256 |
| 76 | { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 }, | 76 | { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 }, |
| 77 | #endif | ||
| 78 | #ifdef OPENSSL_HAS_ECC | ||
| 77 | { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 }, | 79 | { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 }, |
| 78 | { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 }, | 80 | { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 }, |
| 79 | { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 }, | 81 | { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 }, |