Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 425a6886f99235e61faf8ea67c8f573f188eb2b2^! / .
commit425a6886f99235e61faf8ea67c8f573f188eb2b2[log] [tgz]
authorTim Rice <tim@multitalents.net>Wed Mar 15 20:17:05 2006 -0800
committerTim Rice <tim@multitalents.net>Wed Mar 15 20:17:05 2006 -0800
tree5351bc87a8e9cdc499b20b698cdbc8beb8d4ba59
parentc495301bf8cd3a05512e702af212631abab52b88 [diff]
 - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h] Disable
   sha256 when openssl < 0.9.7. Patch from djm@. Corrections/testing by me.

diff --git a/ChangeLog b/ChangeLog
index 1c4fdef..aa29184 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -2,6 +2,8 @@
  - (dtucker) [entropy.c] Add headers for WIFEXITED and friends.
  - (dtucker) [configure.ac md-sha256.c] NetBSD has sha2.h in
    /usr/include/crypto.  Hint from djm@.
+ - (tim) [kex.c myproposal.h md-sha256.c openbsd-compat/sha2.c,h]
+   Disable sha256 when openssl < 0.9.7. Patch from djm@.
 
 20060315
  - (djm) OpenBSD CVS Sync:
@@ -4178,4 +4180,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4226 2006/03/15 21:14:34 dtucker Exp $
+$Id: ChangeLog,v 1.4227 2006/03/16 04:17:05 tim Exp $

diff --git a/kex.c b/kex.c
index 70c2c97..8610a7d 100644
--- a/kex.c
+++ b/kex.c

@@ -44,11 +44,13 @@
 
 #define KEX_COOKIE_LEN	16
 
-#ifdef HAVE_EVP_SHA256
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define evp_ssh_sha256() NULL
+#elif defined(HAVE_EVP_SHA256)
 # define evp_ssh_sha256 EVP_sha256
-#else /* HAVE_EVP_SHA256 */
+#else
 extern const EVP_MD *evp_ssh_sha256(void);
-#endif /* HAVE_EVP_SHA256 */
+#endif
 
 /* prototype */
 static void kex_kexinit_finish(Kex *);

diff --git a/md-sha256.c b/md-sha256.c
index 0b1ed58..064228a 100644
--- a/md-sha256.c
+++ b/md-sha256.c

@@ -17,8 +17,9 @@
 /* EVP wrapper for SHA256 */
 
 #include "includes.h"
+#include <openssl/opensslv.h>
 
-#ifndef HAVE_EVP_SHA256
+#if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
 
 #include <string.h>
 #include <openssl/evp.h>
@@ -80,5 +81,5 @@
 	return (&ssh_sha256);
 }
 
-#endif /* HAVE_EVP_SHA256 */
+#endif /* !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
 

diff --git a/myproposal.h b/myproposal.h
index cc94a8e..43c5402 100644
--- a/myproposal.h
+++ b/myproposal.h

@@ -23,11 +23,23 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-#define KEX_DEFAULT_KEX		\
+
+#include <openssl/opensslv.h>
+
+/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define KEX_DEFAULT_KEX		\
+	"diffie-hellman-group-exchange-sha1," \
+ 	"diffie-hellman-group14-sha1," \
+ 	"diffie-hellman-group1-sha1"
+#else
+# define KEX_DEFAULT_KEX		\
 	"diffie-hellman-group-exchange-sha256," \
 	"diffie-hellman-group-exchange-sha1," \
  	"diffie-hellman-group14-sha1," \
  	"diffie-hellman-group1-sha1"
+#endif
+
 #define	KEX_DEFAULT_PK_ALG	"ssh-rsa,ssh-dss"
 #define	KEX_DEFAULT_ENCRYPT \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \

diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c
index 36ab60e..cf8e0ad 100644
--- a/openbsd-compat/sha2.c
+++ b/openbsd-compat/sha2.c

@@ -38,7 +38,10 @@
 
 #include "includes.h"
 
-#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256)
+#include <openssl/opensslv.h>
+
+#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+    (OPENSSL_VERSION_NUMBER >= 0x00907000L)
 #include <sys/types.h>
 #include <string.h>
 #include "sha2.h"
@@ -875,4 +878,5 @@
 }
 #endif
 
-#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */
+#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+    (OPENSSL_VERSION_NUMBER >= 0x00907000L) */

diff --git a/openbsd-compat/sha2.h b/openbsd-compat/sha2.h
index 1d6aa61..821f2dd 100644
--- a/openbsd-compat/sha2.h
+++ b/openbsd-compat/sha2.h

@@ -41,7 +41,10 @@
 
 #include "includes.h"
 
-#if !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256)
+#include <openssl/opensslv.h>
+
+#if !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+    (OPENSSL_VERSION_NUMBER >= 0x00907000L)
 
 /*** SHA-256/384/512 Various Length Definitions ***********************/
 #define SHA256_BLOCK_LENGTH		64
@@ -124,6 +127,7 @@
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
 
-#endif /* !defined(HAVE_SHA256_UPDATE) && !defined(HAVE_EVP_SHA256) */
+#endif /* !defined(HAVE_EVP_SHA256) && !defined(HAVE_SHA256_UPDATE) && \
+    (OPENSSL_VERSION_NUMBER >= 0x00907000L) */
 
 #endif /* _SSHSHA2_H */