upstream: better diagnosics on alg list assembly errors; ok

deraadt@ markus@ OpenBSD-Commit-ID: 5a557e74b839daf13cc105924d2af06a1560faee
author: djm@openbsd.org <djm@openbsd.org> 2018-08-12 20:19:13 +0000
committer: Damien Miller <djm@mindrot.org> 2018-08-13 12:42:13 +1000
commit: 1b9dd4aa15208100fbc3650f33ea052255578282 (patch)
tree: 6b733b4ececbe643a04a405d82c2d2ba86a8d7dd
parent: e36a5f61b0f5bebf6d49c215d228cd99dfe86e28 (diff)
2 files changed, 29 insertions, 26 deletions
diff --git a/readconf.c b/readconf.c
index 4b11bab5e..db5f2d547 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.296 2018/07/27 05:34:42 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.297 2018/08/12 20:19:13 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -53,6 +53,7 @@
 #include "xmalloc.h"
 #include "ssh.h"
+#include "ssherr.h"
 #include "compat.h"
 #include "cipher.h"
 #include "pathnames.h"
@@ -1924,6 +1925,7 @@ void
 fill_default_options(Options * options)
 {
        char *all_cipher, *all_mac, *all_kex, *all_key;
+        int r;
        if (options->forward_agent == -1)
                options->forward_agent = 0;
@@ -2075,17 +2077,18 @@ fill_default_options(Options * options)
        all_mac = mac_alg_list(',');
        all_kex = kex_alg_list(',');
        all_key = sshkey_alg_list(0, 0, 1, ',');
-        if (kex_assemble_names(&options->ciphers,
+#define ASSEMBLE(what, defaults, all) \
-            KEX_CLIENT_ENCRYPT, all_cipher) != 0 ||
+        do { \
-            kex_assemble_names(&options->macs,
+                if ((r = kex_assemble_names(&options->what, \
-            KEX_CLIENT_MAC, all_mac) != 0 ||
+                    defaults, all)) != 0) \
-            kex_assemble_names(&options->kex_algorithms,
+                        fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
-            KEX_CLIENT_KEX, all_kex) != 0 ||
+        } while (0)
-            kex_assemble_names(&options->hostbased_key_types,
+        ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
-            KEX_DEFAULT_PK_ALG, all_key) != 0 ||
+        ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
-            kex_assemble_names(&options->pubkey_key_types,
+        ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
-            KEX_DEFAULT_PK_ALG, all_key) != 0)
+        ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
-                fatal("%s: kex_assemble_names failed", __func__);
+        ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
+#undef ASSEMBLE
        free(all_cipher);
        free(all_mac);
        free(all_kex);
diff --git a/servconf.c b/servconf.c
index f1010b3b9..c0f6af0be 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.339 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -192,24 +192,24 @@ static void
 assemble_algorithms(ServerOptions *o)
 {
        char *all_cipher, *all_mac, *all_kex, *all_key;
+        int r;
        all_cipher = cipher_alg_list(',', 0);
        all_mac = mac_alg_list(',');
        all_kex = kex_alg_list(',');
        all_key = sshkey_alg_list(0, 0, 1, ',');
-        if (kex_assemble_names(&o->ciphers,
+#define ASSEMBLE(what, defaults, all) \
-            KEX_SERVER_ENCRYPT, all_cipher) != 0 ||
+        do { \
-            kex_assemble_names(&o->macs,
+                if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
-            KEX_SERVER_MAC, all_mac) != 0 ||
+                        fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
-            kex_assemble_names(&o->kex_algorithms,
+        } while (0)
-            KEX_SERVER_KEX, all_kex) != 0 ||
+        ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
-            kex_assemble_names(&o->hostkeyalgorithms,
+        ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
-            KEX_DEFAULT_PK_ALG, all_key) != 0 ||
+        ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
-            kex_assemble_names(&o->hostbased_key_types,
+        ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
-            KEX_DEFAULT_PK_ALG, all_key) != 0 ||
+        ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
-            kex_assemble_names(&o->pubkey_key_types,
+        ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
-            KEX_DEFAULT_PK_ALG, all_key) != 0)
+#undef ASSEMBLE
-                fatal("kex_assemble_names failed");
        free(all_cipher);
        free(all_mac);
        free(all_kex);
author	djm@openbsd.org <djm@openbsd.org>	2018-08-12 20:19:13 +0000
committer	Damien Miller <djm@mindrot.org>	2018-08-13 12:42:13 +1000
commit	1b9dd4aa15208100fbc3650f33ea052255578282 (patch)
tree	6b733b4ececbe643a04a405d82c2d2ba86a8d7dd
parent	e36a5f61b0f5bebf6d49c215d228cd99dfe86e28 (diff)

diff --git a/readconf.c b/readconf.c index 4b11bab5e..db5f2d547 100644 --- a/readconf.c +++ b/readconf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: readconf.c,v 1.296 2018/07/27 05:34:42 dtucker Exp $ */	1	/* $OpenBSD: readconf.c,v 1.297 2018/08/12 20:19:13 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -53,6 +53,7 @@
53		53
54	#include "xmalloc.h"	54	#include "xmalloc.h"
55	#include "ssh.h"	55	#include "ssh.h"
		56	#include "ssherr.h"
56	#include "compat.h"	57	#include "compat.h"
57	#include "cipher.h"	58	#include "cipher.h"
58	#include "pathnames.h"	59	#include "pathnames.h"
@@ -1924,6 +1925,7 @@ void
1924	fill_default_options(Options * options)	1925	fill_default_options(Options * options)
1925	{	1926	{
1926	char all_cipher, all_mac, all_kex, all_key;	1927	char all_cipher, all_mac, all_kex, all_key;
		1928	int r;
1927		1929
1928	if (options->forward_agent == -1)	1930	if (options->forward_agent == -1)
1929	options->forward_agent = 0;	1931	options->forward_agent = 0;
@@ -2075,17 +2077,18 @@ fill_default_options(Options * options)
2075	all_mac = mac_alg_list(',');	2077	all_mac = mac_alg_list(',');
2076	all_kex = kex_alg_list(',');	2078	all_kex = kex_alg_list(',');
2077	all_key = sshkey_alg_list(0, 0, 1, ',');	2079	all_key = sshkey_alg_list(0, 0, 1, ',');
2078	if (kex_assemble_names(&options->ciphers,	2080	#define ASSEMBLE(what, defaults, all) \
2079	KEX_CLIENT_ENCRYPT, all_cipher) != 0 \|\|	2081	do { \
2080	kex_assemble_names(&options->macs,	2082	if ((r = kex_assemble_names(&options->what, \
2081	KEX_CLIENT_MAC, all_mac) != 0 \|\|	2083	defaults, all)) != 0) \
2082	kex_assemble_names(&options->kex_algorithms,	2084	fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
2083	KEX_CLIENT_KEX, all_kex) != 0 \|\|	2085	} while (0)
2084	kex_assemble_names(&options->hostbased_key_types,	2086	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
2085	KEX_DEFAULT_PK_ALG, all_key) != 0 \|\|	2087	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
2086	kex_assemble_names(&options->pubkey_key_types,	2088	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
2087	KEX_DEFAULT_PK_ALG, all_key) != 0)	2089	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
2088	fatal("%s: kex_assemble_names failed", __func__);	2090	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
		2091	#undef ASSEMBLE
2089	free(all_cipher);	2092	free(all_cipher);
2090	free(all_mac);	2093	free(all_mac);
2091	free(all_kex);	2094	free(all_kex);


diff --git a/servconf.c b/servconf.c index f1010b3b9..c0f6af0be 100644 --- a/servconf.c +++ b/servconf.c
@@ -1,5 +1,5 @@
1		1
2	/* $OpenBSD: servconf.c,v 1.339 2018/07/11 18:53:29 markus Exp $ */	2	/* $OpenBSD: servconf.c,v 1.340 2018/08/12 20:19:13 djm Exp $ */
3	/*	3	/*
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5	* All rights reserved	5	* All rights reserved
@@ -192,24 +192,24 @@ static void
192	assemble_algorithms(ServerOptions *o)	192	assemble_algorithms(ServerOptions *o)
193	{	193	{
194	char all_cipher, all_mac, all_kex, all_key;	194	char all_cipher, all_mac, all_kex, all_key;
		195	int r;
195		196
196	all_cipher = cipher_alg_list(',', 0);	197	all_cipher = cipher_alg_list(',', 0);
197	all_mac = mac_alg_list(',');	198	all_mac = mac_alg_list(',');
198	all_kex = kex_alg_list(',');	199	all_kex = kex_alg_list(',');
199	all_key = sshkey_alg_list(0, 0, 1, ',');	200	all_key = sshkey_alg_list(0, 0, 1, ',');
200	if (kex_assemble_names(&o->ciphers,	201	#define ASSEMBLE(what, defaults, all) \
201	KEX_SERVER_ENCRYPT, all_cipher) != 0 \|\|	202	do { \
202	kex_assemble_names(&o->macs,	203	if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
203	KEX_SERVER_MAC, all_mac) != 0 \|\|	204	fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
204	kex_assemble_names(&o->kex_algorithms,	205	} while (0)
205	KEX_SERVER_KEX, all_kex) != 0 \|\|	206	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
206	kex_assemble_names(&o->hostkeyalgorithms,	207	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
207	KEX_DEFAULT_PK_ALG, all_key) != 0 \|\|	208	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
208	kex_assemble_names(&o->hostbased_key_types,	209	ASSEMBLE(hostkeyalgorithms, KEX_DEFAULT_PK_ALG, all_key);
209	KEX_DEFAULT_PK_ALG, all_key) != 0 \|\|	210	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
210	kex_assemble_names(&o->pubkey_key_types,	211	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
211	KEX_DEFAULT_PK_ALG, all_key) != 0)	212	#undef ASSEMBLE
212	fatal("kex_assemble_names failed");
213	free(all_cipher);	213	free(all_cipher);
214	free(all_mac);	214	free(all_mac);
215	free(all_kex);	215	free(all_kex);