- djm@cvs.openbsd.org 2010/09/22 05:01:30

[kex.c kex.h kexecdh.c kexecdhc.c kexecdhs.c readconf.c readconf.h] [servconf.c servconf.h ssh_config.5 sshconnect2.c sshd.c sshd_config.5] add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. ok markus@
author: Damien Miller <djm@mindrot.org> 2010-09-24 22:11:14 +1000
committer: Damien Miller <djm@mindrot.org> 2010-09-24 22:11:14 +1000
commit: d5f62bf280b0798d7009d4424594a648a4e887fb (patch)
tree: 5f18078ea61f6c5503dc4addfb2f17d13844692c /readconf.c
parent: 603134e077e667b4819effb0e121803842df621f (diff)
1 files changed, 17 insertions, 1 deletions
diff --git a/readconf.c b/readconf.c
index 586422930..da7efd193 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.188 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.189 2010/09/22 05:01:29 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -132,6 +132,7 @@ typedef enum {
        oHashKnownHosts,
        oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
        oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
+        oKexAlgorithms,
        oDeprecated, oUnsupported
 } OpCodes;
@@ -240,6 +241,7 @@ static struct {
 #else
        { "zeroknowledgepasswordauthentication", oUnsupported },
 #endif
+        { "kexalgorithms", oKexAlgorithms },
        { NULL, oBadOption }
 };
@@ -699,6 +701,18 @@ parse_int:
                        options->macs = xstrdup(arg);
                break;
+        case oKexAlgorithms:
+                arg = strdelim(&s);
+                if (!arg || *arg == '\0')
+                        fatal("%.200s line %d: Missing argument.",
+                            filename, linenum);
+                if (!kex_names_valid(arg))
+                        fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
+                            filename, linenum, arg ? arg : "<NONE>");
+                if (*activep && options->kex_algorithms == NULL)
+                        options->kex_algorithms = xstrdup(arg);
+                break;
        case oHostKeyAlgorithms:
                arg = strdelim(&s);
                if (!arg || *arg == '\0')
@@ -1078,6 +1092,7 @@ initialize_options(Options * options)
        options->cipher = -1;
        options->ciphers = NULL;
        options->macs = NULL;
+        options->kex_algorithms = NULL;
        options->hostkeyalgorithms = NULL;
        options->protocol = SSH_PROTO_UNKNOWN;
        options->num_identity_files = 0;
@@ -1191,6 +1206,7 @@ fill_default_options(Options * options)
                options->cipher = SSH_CIPHER_NOT_SET;
        /* options->ciphers, default set in myproposals.h */
        /* options->macs, default set in myproposals.h */
+        /* options->kex_algorithms, default set in myproposals.h */
        /* options->hostkeyalgorithms, default set in myproposals.h */
        if (options->protocol == SSH_PROTO_UNKNOWN)
                options->protocol = SSH_PROTO_2;
author	Damien Miller <djm@mindrot.org>	2010-09-24 22:11:14 +1000
committer	Damien Miller <djm@mindrot.org>	2010-09-24 22:11:14 +1000
commit	d5f62bf280b0798d7009d4424594a648a4e887fb (patch)
tree	5f18078ea61f6c5503dc4addfb2f17d13844692c /readconf.c
parent	603134e077e667b4819effb0e121803842df621f (diff)