From a75d247a18a5099c60226395354eb252c097ac86 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Fri, 10 May 2013 18:11:55 +1000
Subject:  - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods
 when the    underlying libraries support them.

---
 ChangeLog | 2 ++
 kex.c     | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 650400f83..d03a43527 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,8 @@
  - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
    openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
    in to use it when we're using our own getopt.
+ - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
+   underlying libraries support them.
 
 20130423
  - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
diff --git a/kex.c b/kex.c
index f6e683bde..6b43a6dee 100644
--- a/kex.c
+++ b/kex.c
@@ -72,8 +72,10 @@ static const struct kexalg kexalgs[] = {
 	{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 },
 	{ KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 },
 	{ KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 },
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+#ifdef HAVE_EVP_SHA256
 	{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 },
+#endif
+#ifdef OPENSSL_HAS_ECC
 	{ KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 },
 	{ KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 },
 	{ KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 },
-- 
cgit v1.2.3