1 files changed, 18 insertions, 10 deletions

diff --git a/crypto/openssh/myproposal.h b/crypto/openssh/myproposal.h
index 26e0029a043c..a2b1a99b6c32 100644
--- a/crypto/openssh/myproposal.h
+++ b/crypto/openssh/myproposal.h
@@ -27,6 +27,8 @@
 
 #include <openssl/opensslv.h>
 
+/* conditional algorithm support */
+
 #ifdef OPENSSL_HAS_ECC
 # define KEX_ECDH_METHODS \
 	"ecdh-sha2-nistp256," \
@@ -46,12 +48,22 @@
 # define HOSTKEY_ECDSA_METHODS
 #endif
 
-/* Old OpenSSL doesn't support what we need for DHGEX-sha256 */
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+#ifdef OPENSSL_HAVE_EVPGCM
+# define AESGCM_CIPHER_MODES \
+	"aes128-gcm@openssh.com,aes256-gcm@openssh.com,"
+#else
+# define AESGCM_CIPHER_MODES
+#endif
+
+#ifdef HAVE_EVP_SHA256
 # define KEX_SHA256_METHODS \
 	"diffie-hellman-group-exchange-sha256,"
+#define	SHA2_HMAC_MODES \
+	"hmac-sha2-256," \
+	"hmac-sha2-512,"
 #else
 # define KEX_SHA256_METHODS
+# define SHA2_HMAC_MODES
 #endif
 
 # define KEX_DEFAULT_KEX \
@@ -71,23 +83,19 @@
 	"ssh-rsa," \
 	"ssh-dss"
 
+/* the actual algorithms */
+
 #define	KEX_DEFAULT_ENCRYPT \
 	"aes128-ctr,aes192-ctr,aes256-ctr," \
 	"arcfour256,arcfour128," \
-	"aes128-gcm@openssh.com,aes256-gcm@openssh.com," \
+	AESGCM_CIPHER_MODES \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
 	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
 #ifdef	NONE_CIPHER_ENABLED
 #define KEX_ENCRYPT_INCLUDE_NONE KEX_DEFAULT_ENCRYPT \
 	",none"
 #endif
-#ifdef HAVE_EVP_SHA256
-#define	SHA2_HMAC_MODES \
-	"hmac-sha2-256," \
-	"hmac-sha2-512,"
-#else
-# define SHA2_HMAC_MODES
-#endif
+
 #define	KEX_DEFAULT_MAC \
 	"hmac-md5-etm@openssh.com," \
 	"hmac-sha1-etm@openssh.com," \