- (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for

   OpenSSL 0.9.7. ok djm

3 files changed, 16 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 2fc1f12a..cc29abce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20110817
+ - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs for
+   OpenSSL 0.9.7. ok djm
+
 20110812
  - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux context
    change error by reporting old and new context names  Patch from
diff --git a/mac.c b/mac.c
index 4965f38c..eef50f48 100644
--- a/mac.c
+++ b/mac.c
@@ -57,10 +57,12 @@ struct {
 } macs[] = {
 	{ "hmac-sha1",			SSH_EVP, EVP_sha1, 0, -1, -1 },
 	{ "hmac-sha1-96",		SSH_EVP, EVP_sha1, 96, -1, -1 },
+#ifdef HAVE_EVP_SHA256
 	{ "hmac-sha2-256",		SSH_EVP, EVP_sha256, 0, -1, -1 },
 	{ "hmac-sha2-256-96",		SSH_EVP, EVP_sha256, 96, -1, -1 },
 	{ "hmac-sha2-512",		SSH_EVP, EVP_sha512, 0, -1, -1 },
 	{ "hmac-sha2-512-96",		SSH_EVP, EVP_sha512, 96, -1, -1 },
+#endif
 	{ "hmac-md5",			SSH_EVP, EVP_md5, 0, -1, -1 },
 	{ "hmac-md5-96",		SSH_EVP, EVP_md5, 96, -1, -1 },
 	{ "hmac-ripemd160",		SSH_EVP, EVP_ripemd160, 0, -1, -1 },
diff --git a/myproposal.h b/myproposal.h
index aeb5201d..0bc1c778 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -75,14 +75,20 @@
 	"arcfour256,arcfour128," \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
 	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
+#ifdef HAVE_EVP_SHA256
+#define	SHA2_HMAC_MODES \
+	"hmac-sha2-256," \
+	"hmac-sha2-256-96," \
+	"hmac-sha2-512," \
+	"hmac-sha2-512-96,"
+#else
+# define SHA2_HMAC_MODES
+#endif
 #define	KEX_DEFAULT_MAC \
 	"hmac-md5," \
 	"hmac-sha1," \
 	"umac-64@openssh.com," \
-	"hmac-sha2-256," \
-	"hmac-sha2-256-96," \
-	"hmac-sha2-512," \
-	"hmac-sha2-512-96," \
+	SHA2_HMAC_MODES \
 	"hmac-ripemd160," \
 	"hmac-ripemd160@openssh.com," \
 	"hmac-sha1-96," \