diff options
author | Darren Tucker <dtucker@zip.com.au> | 2013-06-11 12:10:02 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2013-06-11 12:10:02 +1000 |
commit | b8ae92d08b91beaef34232c6ef34b9941473fdd6 (patch) | |
tree | 9abeb124a93825fe7572b66945797abd7dd2b222 | |
parent | 97b62f41adcb0dcbeff142d0540793a7ea17c910 (diff) | |
download | openssh-git-b8ae92d08b91beaef34232c6ef34b9941473fdd6.tar.gz |
- (dtucker) [myproposal.h] Make the conditional algorithm support consistent
and add some comments so it's clear what goes where.
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | myproposal.h | 17 |
2 files changed, 11 insertions, 8 deletions
@@ -13,6 +13,8 @@ algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages. - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have the required OpenSSL support. Patch from naddy at freebsd. + - (dtucker) [myproposal.h] Make the conditional algorithm support consistent + and add some comments so it's clear what goes where. 20130605 - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of diff --git a/myproposal.h b/myproposal.h index 276108bf..4e913e3c 100644 --- a/myproposal.h +++ b/myproposal.h @@ -26,6 +26,8 @@ #include <openssl/opensslv.h> +/* conditional algorithm support */ + #ifdef OPENSSL_HAS_ECC # define KEX_ECDH_METHODS \ "ecdh-sha2-nistp256," \ @@ -52,12 +54,15 @@ # define AESGCM_CIPHER_MODES #endif -/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */ #ifdef HAVE_EVP_SHA256 # define KEX_SHA256_METHODS \ "diffie-hellman-group-exchange-sha256," +#define SHA2_HMAC_MODES \ + "hmac-sha2-256," \ + "hmac-sha2-512," #else # define KEX_SHA256_METHODS +# define SHA2_HMAC_MODES #endif # define KEX_DEFAULT_KEX \ @@ -77,19 +82,15 @@ "ssh-rsa," \ "ssh-dss" +/* the actual algorithms */ + #define KEX_DEFAULT_ENCRYPT \ "aes128-ctr,aes192-ctr,aes256-ctr," \ "arcfour256,arcfour128," \ AESGCM_CIPHER_MODES \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" -#ifdef HAVE_EVP_SHA256 -#define SHA2_HMAC_MODES \ - "hmac-sha2-256," \ - "hmac-sha2-512," -#else -# define SHA2_HMAC_MODES -#endif + #define KEX_DEFAULT_MAC \ "hmac-md5-etm@openssh.com," \ "hmac-sha1-etm@openssh.com," \ |