diff --git a/ChangeLog b/ChangeLog index 2fc1f12a1..cc29abce4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20110817 + - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for + OpenSSL 0.9.7. ok djm + 20110812 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context change error by reporting old and new context names Patch from diff --git a/mac.c b/mac.c index 4965f38c8..eef50f48d 100644 --- a/mac.c +++ b/mac.c @@ -57,10 +57,12 @@ struct { } macs[] = { { "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 }, { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, +#ifdef HAVE_EVP_SHA256 { "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, -1, -1 }, { "hmac-sha2-256-96", SSH_EVP, EVP_sha256, 96, -1, -1 }, { "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, -1, -1 }, { "hmac-sha2-512-96", SSH_EVP, EVP_sha512, 96, -1, -1 }, +#endif { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 }, { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, diff --git a/myproposal.h b/myproposal.h index aeb5201dc..0bc1c778c 100644 --- a/myproposal.h +++ b/myproposal.h @@ -75,14 +75,20 @@ "arcfour256,arcfour128," \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" +#ifdef HAVE_EVP_SHA256 +#define SHA2_HMAC_MODES \ + "hmac-sha2-256," \ + "hmac-sha2-256-96," \ + "hmac-sha2-512," \ + "hmac-sha2-512-96," +#else +# define SHA2_HMAC_MODES +#endif #define KEX_DEFAULT_MAC \ "hmac-md5," \ "hmac-sha1," \ "umac-64@openssh.com," \ - "hmac-sha2-256," \ - "hmac-sha2-256-96," \ - "hmac-sha2-512," \ - "hmac-sha2-512-96," \ + SHA2_HMAC_MODES \ "hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ "hmac-sha1-96," \