- (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] Disable

sha256 when openssl < 0.9.7. Patch from djm@. Corrections/testing by me.
This commit is contained in:
Tim Rice 2006-03-15 20:17:05 -08:00
parent c495301bf8
commit 425a6886f9
6 changed files with 36 additions and 11 deletions

View File

@ -2,6 +2,8 @@
- (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
- (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
/usr/include/crypto. Hint from djm@.
- (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
Disable sha256 when openssl < 0.9.7. Patch from djm@.
20060315
- (djm) OpenBSD CVS Sync:
@ -4178,4 +4180,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.4226 2006/03/15 21:14:34 dtucker Exp $
$Id: ChangeLog,v 1.4227 2006/03/16 04:17:05 tim Exp $

8
kex.c
View File

@ -44,11 +44,13 @@ RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $");
#define KEX_COOKIE_LEN 16
#ifdef HAVE_EVP_SHA256
#if OPENSSL_VERSION_NUMBER < 0x00907000L
# define evp_ssh_sha256() NULL
#elif defined(HAVE_EVP_SHA256)
# define evp_ssh_sha256 EVP_sha256
#else /* HAVE_EVP_SHA256 */
#else
extern const EVP_MD *evp_ssh_sha256(void);
#endif /* HAVE_EVP_SHA256 */
#endif
/* prototype */
static void kex_kexinit_finish(Kex *);

View File

@ -17,8 +17,9 @@
/* EVP wrapper for SHA256 */
#include "includes.h"
#include <openssl/opensslv.h>
#ifndef HAVE_EVP_SHA256
#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
#include <string.h>
#include <openssl/evp.h>
@ -80,5 +81,5 @@ evp_ssh_sha256(void)
return (&ssh_sha256);
}
#endif /* HAVE_EVP_SHA256 */
#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */

View File

@ -23,11 +23,23 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <openssl/opensslv.h>
/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
#if OPENSSL_VERSION_NUMBER < 0x00907000L
# define KEX_DEFAULT_KEX \
"diffie-hellman-group-exchange-sha1," \
"diffie-hellman-group14-sha1," \
"diffie-hellman-group1-sha1"
#else
# define KEX_DEFAULT_KEX \
"diffie-hellman-group-exchange-sha256," \
"diffie-hellman-group-exchange-sha1," \
"diffie-hellman-group14-sha1," \
"diffie-hellman-group1-sha1"
#endif
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
#define KEX_DEFAULT_ENCRYPT \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \

View File

@ -38,7 +38,10 @@
#include "includes.h"
#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256)
#include <openssl/opensslv.h>
#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
(OPENSSL_VERSION_NUMBER >= 0x00907000L)
#include <sys/types.h>
#include <string.h>
#include "sha2.h"
@ -875,4 +878,5 @@ SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context)
}
#endif
#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */
#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
(OPENSSL_VERSION_NUMBER >= 0x00907000L) */

View File

@ -41,7 +41,10 @@
#include "includes.h"
#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256)
#include <openssl/opensslv.h>
#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
(OPENSSL_VERSION_NUMBER >= 0x00907000L)
/*** SHA-256/384/512 Various Length Definitions ***********************/
#define SHA256_BLOCK_LENGTH 64
@ -124,6 +127,7 @@ char *SHA512_Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */
#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
(OPENSSL_VERSION_NUMBER >= 0x00907000L) */
#endif /* _SSHSHA2_H */