Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 97b62f41adcb0dcbeff142d0540793a7ea17c910^! / . / myproposal.h
commit97b62f41adcb0dcbeff142d0540793a7ea17c910[log] [tgz]
authorDarren Tucker <dtucker@zip.com.au>Tue Jun 11 11:47:24 2013 +1000
committerDarren Tucker <dtucker@zip.com.au>Tue Jun 11 11:47:24 2013 +1000
tree72760674310073300403bc8a3f864323ee9323a3
parent6d8bd57448b45b42809da32857d7804444349ee7 [diff] [blame]
 - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
   the required OpenSSL support.  Patch from naddy at freebsd.

diff --git a/myproposal.h b/myproposal.h
index f13c748..276108b 100644
--- a/myproposal.h
+++ b/myproposal.h

@@ -45,6 +45,13 @@
 # define HOSTKEY_ECDSA_METHODS
 #endif
 
+#ifdef OPENSSL_HAVE_EVPGCM
+# define AESGCM_CIPHER_MODES \
+	"aes128-gcm@openssh.com,aes256-gcm@openssh.com,"
+#else
+# define AESGCM_CIPHER_MODES
+#endif
+
 /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
 #ifdef HAVE_EVP_SHA256
 # define KEX_SHA256_METHODS \
@@ -73,7 +80,7 @@
 #define	KEX_DEFAULT_ENCRYPT \
 	"aes128-ctr,aes192-ctr,aes256-ctr," \
 	"arcfour256,arcfour128," \
-	"aes128-gcm@openssh.com,aes256-gcm@openssh.com," \
+	AESGCM_CIPHER_MODES \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
 	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
 #ifdef HAVE_EVP_SHA256