Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / d5f62bf280b0798d7009d4424594a648a4e887fb^! / . / readconf.c
commitd5f62bf280b0798d7009d4424594a648a4e887fb[log] [tgz]
authorDamien Miller <djm@mindrot.org>Fri Sep 24 22:11:14 2010 +1000
committerDamien Miller <djm@mindrot.org>Fri Sep 24 22:11:14 2010 +1000
tree5f18078ea61f6c5503dc4addfb2f17d13844692c
parent603134e077e667b4819effb0e121803842df621f [diff] [blame]
   - djm@cvs.openbsd.org 2010/09/22 05:01:30
     [kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
     [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
     add a KexAlgorithms knob to the client and server configuration to allow
     selection of which key exchange methods are used by ssh(1) and sshd(8)
     and their order of preference.
     ok markus@

diff --git a/readconf.c b/readconf.c
index 5864229..da7efd1 100644
--- a/readconf.c
+++ b/readconf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.188 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.189 2010/09/22 05:01:29 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -132,6 +132,7 @@
 	oHashKnownHosts,
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
 	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
+	oKexAlgorithms,
 	oDeprecated, oUnsupported
 } OpCodes;
 
@@ -240,6 +241,7 @@
 #else
 	{ "zeroknowledgepasswordauthentication", oUnsupported },
 #endif
+	{ "kexalgorithms", oKexAlgorithms },
 
 	{ NULL, oBadOption }
 };
@@ -699,6 +701,18 @@
 			options->macs = xstrdup(arg);
 		break;
 
+	case oKexAlgorithms:
+		arg = strdelim(&s);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing argument.",
+			    filename, linenum);
+		if (!kex_names_valid(arg))
+			fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
+			    filename, linenum, arg ? arg : "<NONE>");
+		if (*activep && options->kex_algorithms == NULL)
+			options->kex_algorithms = xstrdup(arg);
+		break;
+
 	case oHostKeyAlgorithms:
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
@@ -1078,6 +1092,7 @@
 	options->cipher = -1;
 	options->ciphers = NULL;
 	options->macs = NULL;
+	options->kex_algorithms = NULL;
 	options->hostkeyalgorithms = NULL;
 	options->protocol = SSH_PROTO_UNKNOWN;
 	options->num_identity_files = 0;
@@ -1191,6 +1206,7 @@
 		options->cipher = SSH_CIPHER_NOT_SET;
 	/* options->ciphers, default set in myproposals.h */
 	/* options->macs, default set in myproposals.h */
+	/* options->kex_algorithms, default set in myproposals.h */
 	/* options->hostkeyalgorithms, default set in myproposals.h */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
 		options->protocol = SSH_PROTO_2;