sha256 when openssl < 0.9.7. Patch from djm@. Corrections/testing by me.
- (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
- (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
/usr/include/crypto. Hint from djm@.
+ - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
+ Disable sha256 when openssl < 0.9.7. Patch from djm@.
20060315
- (djm) OpenBSD CVS Sync:
#define KEX_COOKIE_LEN 16
-#ifdef HAVE_EVP_SHA256
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define evp_ssh_sha256() NULL
+#elif defined(HAVE_EVP_SHA256)
# define evp_ssh_sha256 EVP_sha256
-#else /* HAVE_EVP_SHA256 */
+#else
extern const EVP_MD *evp_ssh_sha256(void);
-#endif /* HAVE_EVP_SHA256 */
+#endif
/* prototype */
static void kex_kexinit_finish(Kex *);
/* EVP wrapper for SHA256 */
#include "includes.h"
+#include <openssl/opensslv.h>
-#ifndef HAVE_EVP_SHA256
+#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
#include <string.h>
#include <openssl/evp.h>
return (&ssh_sha256);
}
-#endif /* HAVE_EVP_SHA256 */
+#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#define KEX_DEFAULT_KEX \
+
+#include <openssl/opensslv.h>
+
+/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define KEX_DEFAULT_KEX \
+ "diffie-hellman-group-exchange-sha1," \
+ "diffie-hellman-group14-sha1," \
+ "diffie-hellman-group1-sha1"
+#else
+# define KEX_DEFAULT_KEX \
"diffie-hellman-group-exchange-sha256," \
"diffie-hellman-group-exchange-sha1," \
"diffie-hellman-group14-sha1," \
"diffie-hellman-group1-sha1"
+#endif
+
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
#define KEX_DEFAULT_ENCRYPT \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
#include "includes.h"
-#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256)
+#include <openssl/opensslv.h>
+
+#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+ (OPENSSL_VERSION_NUMBER >= 0x00907000L)
#include <sys/types.h>
#include <string.h>
#include "sha2.h"
}
#endif
-#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */
+#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+ (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
#include "includes.h"
-#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256)
+#include <openssl/opensslv.h>
+
+#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+ (OPENSSL_VERSION_NUMBER >= 0x00907000L)
/*** SHA-256/384/512 Various Length Definitions ***********************/
#define SHA256_BLOCK_LENGTH 64
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
-#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */
+#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+ (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
#endif /* _SSHSHA2_H */