- (dtucker) [myproposal.h] Make the conditional algorithm support consistent

   and add some comments so it's clear what goes where.

2 files changed, 11 insertions, 8 deletions

diff --git a/ChangeLog b/ChangeLog
index 6805e8a1..526a0510 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,8 @@
    algorithms (Ciphers, MACs and HostKeyAlgorithms) from man pages.
  - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
    the required OpenSSL support.  Patch from naddy at freebsd.
+ - (dtucker) [myproposal.h] Make the conditional algorithm support consistent
+   and add some comments so it's clear what goes where.
 
 20130605
  - (dtucker) [myproposal.h] Enable sha256 kex methods based on the presence of
diff --git a/myproposal.h b/myproposal.h
index 276108bf..4e913e3c 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -26,6 +26,8 @@
 
 #include <openssl/opensslv.h>
 
+/* conditional algorithm support */
+
 #ifdef OPENSSL_HAS_ECC
 # define KEX_ECDH_METHODS \
 	"ecdh-sha2-nistp256," \
@@ -52,12 +54,15 @@
 # define AESGCM_CIPHER_MODES
 #endif
 
-/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
 #ifdef HAVE_EVP_SHA256
 # define KEX_SHA256_METHODS \
 	"diffie-hellman-group-exchange-sha256,"
+#define	SHA2_HMAC_MODES \
+	"hmac-sha2-256," \
+	"hmac-sha2-512,"
 #else
 # define KEX_SHA256_METHODS
+# define SHA2_HMAC_MODES
 #endif
 
 # define KEX_DEFAULT_KEX \
@@ -77,19 +82,15 @@
 	"ssh-rsa," \
 	"ssh-dss"
 
+/* the actual algorithms */
+
 #define	KEX_DEFAULT_ENCRYPT \
 	"aes128-ctr,aes192-ctr,aes256-ctr," \
 	"arcfour256,arcfour128," \
 	AESGCM_CIPHER_MODES \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
 	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
-#ifdef HAVE_EVP_SHA256
-#define	SHA2_HMAC_MODES \
-	"hmac-sha2-256," \
-	"hmac-sha2-512,"
-#else
-# define SHA2_HMAC_MODES
-#endif
+
 #define	KEX_DEFAULT_MAC \
 	"hmac-md5-etm@openssh.com," \
 	"hmac-sha1-etm@openssh.com," \