- (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't haveV_6_2

the required OpenSSL support. Patch from naddy at freebsd.
author: dtucker <dtucker> 2013-06-11 01:47:40 +0000
committer: dtucker <dtucker> 2013-06-11 01:47:40 +0000
commit: 185fe88b27c5f548438f399868bd44a49b90afb8 (patch)
tree: 05cc6c251760a1317a34ea1bcfe5d85b7200ddd2
parent: b16b354c52bc6e03274fc2c04819d9897f73ffbe (diff)
download: openssh-V_6_2.tar.gz
2 files changed, 12 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index f5e2df0d..fd88e094 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20130610
+ - (dtucker) [myproposal.h] Do not advertise AES GSM ciphers if we don't have
+   the required OpenSSL support.  Patch from naddy at freebsd.
+
 20130516
  - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
    executed if mktemp failed; bz#2105 ok dtucker@
diff --git a/myproposal.h b/myproposal.h
index 99d09346..05b17dbb 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -45,6 +45,13 @@
 # define HOSTKEY_ECDSA_METHODS
 #endif
 
+#ifdef OPENSSL_HAVE_EVPGCM
+# define AESGCM_CIPHER_MODES \
+	"aes128-gcm@openssh.com,aes256-gcm@openssh.com,"
+#else
+# define AESGCM_CIPHER_MODES
+#endif
+
 /* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
 # define KEX_SHA256_METHODS \
@@ -73,7 +80,7 @@
 #define	KEX_DEFAULT_ENCRYPT \
 	"aes128-ctr,aes192-ctr,aes256-ctr," \
 	"arcfour256,arcfour128," \
-	"aes128-gcm@openssh.com,aes256-gcm@openssh.com," \
+	AESGCM_CIPHER_MODES \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
 	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
 #ifdef HAVE_EVP_SHA256
author	dtucker <dtucker>	2013-06-11 01:47:40 +0000
committer	dtucker <dtucker>	2013-06-11 01:47:40 +0000
commit	185fe88b27c5f548438f399868bd44a49b90afb8 (patch)
tree	05cc6c251760a1317a34ea1bcfe5d85b7200ddd2
parent	b16b354c52bc6e03274fc2c04819d9897f73ffbe (diff)
download	openssh-V_6_2.tar.gz