From 1f0311c7c7d10c94ff7f823de9c5b2ed79368b14 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 15 May 2014 14:24:09 +1000 Subject: - markus@cvs.openbsd.org 2014/04/29 18:01:49 [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c] [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c] [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c] [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c] make compiling against OpenSSL optional (make OPENSSL=no); reduces algorithms to curve25519, aes-ctr, chacha, ed25519; allows us to explore further options; with and ok djm --- myproposal.h | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'myproposal.h') diff --git a/myproposal.h b/myproposal.h index 94d6f7061..020f35c77 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.38 2014/03/27 23:01:27 markus Exp $ */ +/* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -77,6 +77,7 @@ # define SHA2_HMAC_MODES #endif +#ifdef WITH_OPENSSL #define KEX_SERVER_KEX \ "curve25519-sha256@libssh.org," \ KEX_ECDH_METHODS \ @@ -134,6 +135,30 @@ "hmac-sha1-96," \ "hmac-md5-96" +#else + +#define KEX_SERVER_KEX \ + "curve25519-sha256@libssh.org" +#define KEX_DEFAULT_PK_ALG \ + "ssh-ed25519-cert-v01@openssh.com," \ + "ssh-ed25519" +#define KEX_SERVER_ENCRYPT \ + "aes128-ctr,aes192-ctr,aes256-ctr," \ + "chacha20-poly1305@openssh.com" +#define KEX_SERVER_MAC \ + "hmac-sha2-256-etm@openssh.com," \ + "hmac-sha2-512-etm@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512" + +#define KEX_CLIENT_KEX KEX_SERVER_KEX +#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT +#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ + "hmac-sha1-etm@openssh.com," \ + "hmac-sha1" + +#endif /* WITH_OPENSSL */ + #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" -- cgit v1.2.3