From b8ae92d08b91beaef34232c6ef34b9941473fdd6 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Tue, 11 Jun 2013 12:10:02 +1000
Subject:  - (dtucker) [myproposal.h] Make the conditional algorithm support
 consistent    and add some comments so it's clear what goes where.

---
 myproposal.h | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

(limited to 'myproposal.h')

diff --git a/myproposal.h b/myproposal.h
index 276108bf..4e913e3c 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -26,6 +26,8 @@
 
 #include <openssl/opensslv.h>
 
+/* conditional algorithm support */
+
 #ifdef OPENSSL_HAS_ECC
 # define KEX_ECDH_METHODS \
 	"ecdh-sha2-nistp256," \
@@ -52,12 +54,15 @@
 # define AESGCM_CIPHER_MODES
 #endif
 
-/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
 #ifdef HAVE_EVP_SHA256
 # define KEX_SHA256_METHODS \
 	"diffie-hellman-group-exchange-sha256,"
+#define	SHA2_HMAC_MODES \
+	"hmac-sha2-256," \
+	"hmac-sha2-512,"
 #else
 # define KEX_SHA256_METHODS
+# define SHA2_HMAC_MODES
 #endif
 
 # define KEX_DEFAULT_KEX \
@@ -77,19 +82,15 @@
 	"ssh-rsa," \
 	"ssh-dss"
 
+/* the actual algorithms */
+
 #define	KEX_DEFAULT_ENCRYPT \
 	"aes128-ctr,aes192-ctr,aes256-ctr," \
 	"arcfour256,arcfour128," \
 	AESGCM_CIPHER_MODES \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
 	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
-#ifdef HAVE_EVP_SHA256
-#define	SHA2_HMAC_MODES \
-	"hmac-sha2-256," \
-	"hmac-sha2-512,"
-#else
-# define SHA2_HMAC_MODES
-#endif
+
 #define	KEX_DEFAULT_MAC \
 	"hmac-md5-etm@openssh.com," \
 	"hmac-sha1-etm@openssh.com," \
-- 
cgit v1.2.1