1 files changed, 18 insertions, 10 deletions
diff --git a/myproposal.h b/myproposal.h
index 99d093461..4e913e3ce 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -26,6 +26,8 @@
 #include <openssl/opensslv.h>
+/* conditional algorithm support */
 #ifdef OPENSSL_HAS_ECC
 # define KEX_ECDH_METHODS \
        "ecdh-sha2-nistp256," \
@@ -45,12 +47,22 @@
 # define HOSTKEY_ECDSA_METHODS
 #endif
-/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
+#ifdef OPENSSL_HAVE_EVPGCM
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+# define AESGCM_CIPHER_MODES \
+        "aes128-gcm@openssh.com,aes256-gcm@openssh.com,"
+#else
+# define AESGCM_CIPHER_MODES
+#endif
+#ifdef HAVE_EVP_SHA256
 # define KEX_SHA256_METHODS \
        "diffie-hellman-group-exchange-sha256,"
+#define SHA2_HMAC_MODES \
+        "hmac-sha2-256," \
+        "hmac-sha2-512,"
 #else
 # define KEX_SHA256_METHODS
+# define SHA2_HMAC_MODES
 #endif
 # define KEX_DEFAULT_KEX \
@@ -70,19 +82,15 @@
        "ssh-rsa," \
        "ssh-dss"
+/* the actual algorithms */
 #define KEX_DEFAULT_ENCRYPT \
        "aes128-ctr,aes192-ctr,aes256-ctr," \
        "arcfour256,arcfour128," \
-        "aes128-gcm@openssh.com,aes256-gcm@openssh.com," \
+        AESGCM_CIPHER_MODES \
        "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
        "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
-#ifdef HAVE_EVP_SHA256
-#define SHA2_HMAC_MODES \
-        "hmac-sha2-256," \
-        "hmac-sha2-512,"
-#else
-# define SHA2_HMAC_MODES
-#endif
 #define KEX_DEFAULT_MAC \
        "hmac-md5-etm@openssh.com," \
        "hmac-sha1-etm@openssh.com," \

diff --git a/myproposal.h b/myproposal.h index 99d093461..4e913e3ce 100644 --- a/myproposal.h +++ b/myproposal.h
@@ -26,6 +26,8 @@
26		26
27	#include <openssl/opensslv.h>	27	#include <openssl/opensslv.h>
28		28
		29	/* conditional algorithm support */
		30
29	#ifdef OPENSSL_HAS_ECC	31	#ifdef OPENSSL_HAS_ECC
30	# define KEX_ECDH_METHODS \	32	# define KEX_ECDH_METHODS \
31	"ecdh-sha2-nistp256," \	33	"ecdh-sha2-nistp256," \
@@ -45,12 +47,22 @@
45	# define HOSTKEY_ECDSA_METHODS	47	# define HOSTKEY_ECDSA_METHODS
46	#endif	48	#endif
47		49
48	/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */	50	#ifdef OPENSSL_HAVE_EVPGCM
49	#if OPENSSL_VERSION_NUMBER >= 0x00907000L	51	# define AESGCM_CIPHER_MODES \
		52	"aes128-gcm@openssh.com,aes256-gcm@openssh.com,"
		53	#else
		54	# define AESGCM_CIPHER_MODES
		55	#endif
		56
		57	#ifdef HAVE_EVP_SHA256
50	# define KEX_SHA256_METHODS \	58	# define KEX_SHA256_METHODS \
51	"diffie-hellman-group-exchange-sha256,"	59	"diffie-hellman-group-exchange-sha256,"
		60	#define SHA2_HMAC_MODES \
		61	"hmac-sha2-256," \
		62	"hmac-sha2-512,"
52	#else	63	#else
53	# define KEX_SHA256_METHODS	64	# define KEX_SHA256_METHODS
		65	# define SHA2_HMAC_MODES
54	#endif	66	#endif
55		67
56	# define KEX_DEFAULT_KEX \	68	# define KEX_DEFAULT_KEX \
@@ -70,19 +82,15 @@
70	"ssh-rsa," \	82	"ssh-rsa," \
71	"ssh-dss"	83	"ssh-dss"
72		84
		85	/* the actual algorithms */
		86
73	#define KEX_DEFAULT_ENCRYPT \	87	#define KEX_DEFAULT_ENCRYPT \
74	"aes128-ctr,aes192-ctr,aes256-ctr," \	88	"aes128-ctr,aes192-ctr,aes256-ctr," \
75	"arcfour256,arcfour128," \	89	"arcfour256,arcfour128," \
76	"aes128-gcm@openssh.com,aes256-gcm@openssh.com," \	90	AESGCM_CIPHER_MODES \
77	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \	91	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
78	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"	92	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
79	#ifdef HAVE_EVP_SHA256	93
80	#define SHA2_HMAC_MODES \
81	"hmac-sha2-256," \
82	"hmac-sha2-512,"
83	#else
84	# define SHA2_HMAC_MODES
85	#endif
86	#define KEX_DEFAULT_MAC \	94	#define KEX_DEFAULT_MAC \
87	"hmac-md5-etm@openssh.com," \	95	"hmac-md5-etm@openssh.com," \
88	"hmac-sha1-etm@openssh.com," \	96	"hmac-sha1-etm@openssh.com," \