- markus@cvs.openbsd.org 2014/04/29 18:01:49

     [auth.c authfd.c authfile.c bufaux.c cipher.c cipher.h hostfile.c]
     [kex.c key.c mac.c monitor.c monitor_wrap.c myproposal.h packet.c]
     [roaming_client.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-pkcs11.h ssh.c sshconnect.c sshconnect2.c sshd.c]
     make compiling against OpenSSL optional (make OPENSSL=no);
     reduces algorithms to curve25519, aes-ctr, chacha, ed25519;
     allows us to explore further options; with and ok djm

1 files changed, 26 insertions, 1 deletions

diff --git a/myproposal.h b/myproposal.h
index 94d6f706..020f35c7 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.38 2014/03/27 23:01:27 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.39 2014/04/29 18:01:49 markus Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -77,6 +77,7 @@
 # define SHA2_HMAC_MODES
 #endif
 
+#ifdef WITH_OPENSSL
 #define KEX_SERVER_KEX          \
 	"curve25519-sha256@libssh.org," \
 	KEX_ECDH_METHODS \
@@ -134,6 +135,30 @@
 	"hmac-sha1-96," \
 	"hmac-md5-96"
 
+#else
+
+#define KEX_SERVER_KEX		\
+	"curve25519-sha256@libssh.org"
+#define	KEX_DEFAULT_PK_ALG	\
+	"ssh-ed25519-cert-v01@openssh.com," \
+	"ssh-ed25519"
+#define	KEX_SERVER_ENCRYPT \
+	"aes128-ctr,aes192-ctr,aes256-ctr," \
+	"chacha20-poly1305@openssh.com"
+#define	KEX_SERVER_MAC \
+	"hmac-sha2-256-etm@openssh.com," \
+	"hmac-sha2-512-etm@openssh.com," \
+	"hmac-sha2-256," \
+	"hmac-sha2-512"
+
+#define KEX_CLIENT_KEX KEX_SERVER_KEX
+#define	KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
+#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
+	"hmac-sha1-etm@openssh.com," \
+	"hmac-sha1"
+
+#endif /* WITH_OPENSSL */
+
 #define	KEX_DEFAULT_COMP	"none,zlib@openssh.com,zlib"
 #define	KEX_DEFAULT_LANG	""