- (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in

   the proposal if the version of OpenSSL we're using doesn't support ECC.

2 files changed, 9 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index a830e281..92adafcc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
  - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
    regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256
    curve tests if OpenSSL has them.
+ - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in
+   the proposal if the version of OpenSSL we're using doesn't support ECC.
 
 20140527
  - (djm) [cipher.c] Fix merge botch.
diff --git a/myproposal.h b/myproposal.h
index 30cb20b4..d4298899 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -78,8 +78,13 @@
 #endif
 
 #ifdef WITH_OPENSSL
-#define KEX_SERVER_KEX          \
-	"curve25519-sha256@libssh.org," \
+# ifdef OPENSSL_HAS_ECC
+#  define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org,"
+# else
+#  define KEX_CURVE25519_METHODS ""
+# endif
+#define KEX_SERVER_KEX \
+	KEX_CURVE25519_METHODS \
 	KEX_ECDH_METHODS \
 	KEX_SHA256_METHODS \
 	"diffie-hellman-group14-sha1"