- (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in

the proposal if the version of OpenSSL we're using doesn't support ECC.
2014-06-11 07:37:25 +10:00 · 2014-06-11 07:37:25 +10:00 · d7af0cc5bf
parent 67508ac256
commit d7af0cc5bf
2 changed files with 9 additions and 2 deletions
--- a/2
+++ b/2
@ -2,6 +2,8 @@
 - (dtucker) [regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
   regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c] Only do NISTP256
   curve tests if OpenSSL has them.
+ - (dtucker) [myprosal.h] Don't include curve25519-sha256@libssh.org in
+   the proposal if the version of OpenSSL we're using doesn't support ECC.

 20140527
 - (djm) [cipher.c] Fix merge botch.
--- a/myproposal.h
+++ b/myproposal.h
@ -78,8 +78,13 @@
 #endif

 #ifdef WITH_OPENSSL
-#define KEX_SERVER_KEX          \
-	"curve25519-sha256@libssh.org," \
+# ifdef OPENSSL_HAS_ECC
+#  define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org,"
+# else
+#  define KEX_CURVE25519_METHODS ""
+# endif
+#define KEX_SERVER_KEX \
+	KEX_CURVE25519_METHODS \
 	KEX_ECDH_METHODS \
 	KEX_SHA256_METHODS \
 	"diffie-hellman-group14-sha1"