diff options
author | Damien Miller <djm@mindrot.org> | 2010-09-24 22:11:14 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-09-24 22:11:14 +1000 |
commit | d5f62bf280b0798d7009d4424594a648a4e887fb (patch) | |
tree | 5f18078ea61f6c5503dc4addfb2f17d13844692c /kex.c | |
parent | 603134e077e667b4819effb0e121803842df621f (diff) |
- djm@cvs.openbsd.org 2010/09/22 05:01:30
[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h]
[servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5]
add a KexAlgorithms knob to the client and server configuration to allow
selection of which key exchange methods are used by ssh(1) and sshd(8)
and their order of preference.
ok markus@
Diffstat (limited to 'kex.c')
-rw-r--r-- | kex.c | 30 |
1 files changed, 29 insertions, 1 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: kex.c,v 1.85 2010/09/09 10:45:45 djm Exp $ */ | 1 | /* $OpenBSD: kex.c,v 1.86 2010/09/22 05:01:29 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -62,6 +62,34 @@ extern const EVP_MD *evp_ssh_sha256(void); | |||
62 | static void kex_kexinit_finish(Kex *); | 62 | static void kex_kexinit_finish(Kex *); |
63 | static void kex_choose_conf(Kex *); | 63 | static void kex_choose_conf(Kex *); |
64 | 64 | ||
65 | /* Validate KEX method name list */ | ||
66 | int | ||
67 | kex_names_valid(const char *names) | ||
68 | { | ||
69 | char *s, *cp, *p; | ||
70 | |||
71 | if (names == NULL || strcmp(names, "") == 0) | ||
72 | return 0; | ||
73 | s = cp = xstrdup(names); | ||
74 | for ((p = strsep(&cp, ",")); p && *p != '\0'; | ||
75 | (p = strsep(&cp, ","))) { | ||
76 | if (strcmp(p, KEX_DHGEX_SHA256) != 0 && | ||
77 | strcmp(p, KEX_DHGEX_SHA1) != 0 && | ||
78 | strcmp(p, KEX_DH14) != 0 && | ||
79 | strcmp(p, KEX_DH1) != 0 && | ||
80 | (strncmp(p, KEX_ECDH_SHA2_STEM, | ||
81 | sizeof(KEX_ECDH_SHA2_STEM) - 1) != 0 || | ||
82 | kex_ecdh_name_to_nid(p) == -1)) { | ||
83 | error("Unsupported KEX algorithm \"%.100s\"", p); | ||
84 | xfree(s); | ||
85 | return 0; | ||
86 | } | ||
87 | } | ||
88 | debug3("kex names ok: [%s]", names); | ||
89 | xfree(s); | ||
90 | return 1; | ||
91 | } | ||
92 | |||
65 | /* put algorithm proposal into buffer */ | 93 | /* put algorithm proposal into buffer */ |
66 | static void | 94 | static void |
67 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) | 95 | kex_prop2buf(Buffer *b, char *proposal[PROPOSAL_MAX]) |