summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--kex.c8
-rw-r--r--md-sha256.c5
-rw-r--r--myproposal.h14
-rw-r--r--openbsd-compat/sha2.c8
-rw-r--r--openbsd-compat/sha2.h8
6 files changed, 36 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index 1c4fdef8..aa291841 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
- (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
- (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
/usr/include/crypto. Hint from djm@.
+ - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
+ Disable sha256 when openssl < 0.9.7. Patch from djm@.
20060315
- (djm) OpenBSD CVS Sync:
@@ -4178,4 +4180,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.4226 2006/03/15 21:14:34 dtucker Exp $
+$Id: ChangeLog,v 1.4227 2006/03/16 04:17:05 tim Exp $
diff --git a/kex.c b/kex.c
index 70c2c970..8610a7da 100644
--- a/kex.c
+++ b/kex.c
@@ -44,11 +44,13 @@ RCSID("$OpenBSD: kex.c,v 1.66 2006/03/07 09:07:40 djm Exp $");
#define KEX_COOKIE_LEN 16
-#ifdef HAVE_EVP_SHA256
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define evp_ssh_sha256() NULL
+#elif defined(HAVE_EVP_SHA256)
# define evp_ssh_sha256 EVP_sha256
-#else /* HAVE_EVP_SHA256 */
+#else
extern const EVP_MD *evp_ssh_sha256(void);
-#endif /* HAVE_EVP_SHA256 */
+#endif
/* prototype */
static void kex_kexinit_finish(Kex *);
diff --git a/md-sha256.c b/md-sha256.c
index 0b1ed582..064228a4 100644
--- a/md-sha256.c
+++ b/md-sha256.c
@@ -17,8 +17,9 @@
/* EVP wrapper for SHA256 */
#include "includes.h"
+#include <openssl/opensslv.h>
-#ifndef HAVE_EVP_SHA256
+#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
#include <string.h>
#include <openssl/evp.h>
@@ -80,5 +81,5 @@ evp_ssh_sha256(void)
return (&ssh_sha256);
}
-#endif /* HAVE_EVP_SHA256 */
+#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
diff --git a/myproposal.h b/myproposal.h
index cc94a8ed..43c54020 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -23,11 +23,23 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#define KEX_DEFAULT_KEX \
+
+#include <openssl/opensslv.h>
+
+/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define KEX_DEFAULT_KEX \
+ "diffie-hellman-group-exchange-sha1," \
+ "diffie-hellman-group14-sha1," \
+ "diffie-hellman-group1-sha1"
+#else
+# define KEX_DEFAULT_KEX \
"diffie-hellman-group-exchange-sha256," \
"diffie-hellman-group-exchange-sha1," \
"diffie-hellman-group14-sha1," \
"diffie-hellman-group1-sha1"
+#endif
+
#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss"
#define KEX_DEFAULT_ENCRYPT \
"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c
index 36ab60e6..cf8e0ad6 100644
--- a/openbsd-compat/sha2.c
+++ b/openbsd-compat/sha2.c
@@ -38,7 +38,10 @@
#include "includes.h"
-#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256)
+#include <openssl/opensslv.h>
+
+#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+ (OPENSSL_VERSION_NUMBER >= 0x00907000L)
#include <sys/types.h>
#include <string.h>
#include "sha2.h"
@@ -875,4 +878,5 @@ SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context)
}
#endif
-#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */
+#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+ (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h
index 1d6aa61e..821f2dd6 100644
--- a/openbsd-compat/sha2.h
+++ b/openbsd-compat/sha2.h
@@ -41,7 +41,10 @@
#include "includes.h"
-#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256)
+#include <openssl/opensslv.h>
+
+#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+ (OPENSSL_VERSION_NUMBER >= 0x00907000L)
/*** SHA-256/384/512 Various Length Definitions ***********************/
#define SHA256_BLOCK_LENGTH 64
@@ -124,6 +127,7 @@ char *SHA512_Data(const u_int8_t *, size_t, char *)
__attribute__((__bounded__(__string__,1,2)))
__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
-#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */
+#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+ (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
#endif /* _SSHSHA2_H */