- (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the

underlying libraries support them.
2013-05-10 18:11:55 +10:00 · 2013-05-10 18:11:55 +10:00 · a75d247a18
parent 0abfb559e3
commit a75d247a18
2 changed files with 5 additions and 1 deletions
--- a/2
+++ b/2
@ -12,6 +12,8 @@
 - (dtucker) [openbsd-compat/getopt.h openbsd-compat/getopt_long.c
   openbsd-compat/openbsd-compat.h] pull in getopt.h from openbsd and plumb
   in to use it when we're using our own getopt.
+ - (dtucker) [kex.c] Only include sha256 and ECC key exchange methods when the
+   underlying libraries support them.

 20130423
 - (djm) [auth.c configure.ac misc.c monitor.c monitor_wrap.c] Support
--- a/kex.c
+++ b/kex.c
@ -72,8 +72,10 @@ static const struct kexalg kexalgs[] = {
 	{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, EVP_sha1 },
 	{ KEX_DH14, KEX_DH_GRP14_SHA1, 0, EVP_sha1 },
 	{ KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, EVP_sha1 },
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+#ifdef HAVE_EVP_SHA256
 	{ KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, EVP_sha256 },
+#endif
+#ifdef OPENSSL_HAS_ECC
 	{ KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2, NID_X9_62_prime256v1, EVP_sha256 },
 	{ KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1, EVP_sha384 },
 	{ KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1, EVP_sha512 },