- (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old

   OpenSSL; ok tim

diff --git a/ChangeLog b/ChangeLog
index 22d94cb574e7a39c97d3b0c89e925aeb9512df9c..853b166cf74c2dc897d9b449c08d9fdd78719a7f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,8 @@
    /usr/include/crypto.  Hint from djm@.
  - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
    Disable sha256 when openssl < 0.9.7. Patch from djm@.
+ - (djm) [kex.c] Slightly more clean deactivation of dhgex-sha256 on old
+   OpenSSL; ok tim
 
 20060315
  - (djm) OpenBSD CVS Sync:

diff --git a/kex.c b/kex.c
index 8610a7dab7f396b0ba0c7179b670a558ed51ded6..23d8d292359278db7ef6c72db8c418c3721d7066 100644 (file)
--- a/kex.c
+++ b/kex.c
@@ -44,12 +44,12 @@ RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $");
 
 #define KEX_COOKIE_LEN 16
 
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-# define evp_ssh_sha256() NULL
-#elif defined(HAVE_EVP_SHA256)
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+# if defined(HAVE_EVP_SHA256)
 # define evp_ssh_sha256 EVP_sha256
-#else
+# else
 extern const EVP_MD *evp_ssh_sha256(void);
+# endif
 #endif
 
 /* prototype */
@@ -309,9 +309,11 @@ choose_kex(Kex *k, char *client, char *server)
        } else if (strcmp(k->name, KEX_DHGEX_SHA1) == 0) {
                k->kex_type = KEX_DH_GEX_SHA1;
                k->evp_md = EVP_sha1();
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
        } else if (strcmp(k->name, KEX_DHGEX_SHA256) == 0) {
                k->kex_type = KEX_DH_GEX_SHA256;
                k->evp_md = evp_ssh_sha256();
+#endif
        } else
                fatal("bad kex alg %s", k->name);
 }