upstream: Allow prepending a list of algorithms to the default set

by starting the list with the '^' character, e.g. HostKeyAlgorithms ^ssh-ed25519 Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com ok djm@ dtucker@ OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
author: naddy@openbsd.org <naddy@openbsd.org> 2019-09-06 14:45:34 +0000
committer: Damien Miller <djm@mindrot.org> 2019-09-08 14:49:04 +1000
commit: 91a2135f32acdd6378476c5bae475a6e7811a6a2 (patch)
tree: da8ddb5e4236cb12f3c70ab939e3abe674aa8ba4 /servconf.c
parent: c8bdd2db77ac2369d5cdee237656f266c8f41552 (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/servconf.c b/servconf.c
index 340045b28..e76f9c39e 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.351 2019/04/18 18:56:16 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.352 2019/09/06 14:45:34 naddy Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -1444,7 +1444,8 @@ process_server_config_line(ServerOptions *options, char *line,
                        fatal("%s line %d: Missing argument.",
                            filename, linenum);
                if (*arg != '-' &&
-                    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
+                    !sshkey_names_valid2(*arg == '+' || *arg == '^' ?
+                    arg + 1 : arg, 1))
                        fatal("%s line %d: Bad key types '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && *charptr == NULL)
@@ -1715,7 +1716,8 @@ process_server_config_line(ServerOptions *options, char *line,
                arg = strdelim(&cp);
                if (!arg || *arg == '\0')
                        fatal("%s line %d: Missing argument.", filename, linenum);
-                if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
+                if (*arg != '-' &&
+                    !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
                        fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (options->ciphers == NULL)
@@ -1726,7 +1728,8 @@ process_server_config_line(ServerOptions *options, char *line,
                arg = strdelim(&cp);
                if (!arg || *arg == '\0')
                        fatal("%s line %d: Missing argument.", filename, linenum);
-                if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
+                if (*arg != '-' &&
+                    !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
                        fatal("%s line %d: Bad SSH2 mac spec '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (options->macs == NULL)
@@ -1739,7 +1742,8 @@ process_server_config_line(ServerOptions *options, char *line,
                        fatal("%s line %d: Missing argument.",
                            filename, linenum);
                if (*arg != '-' &&
-                    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
+                    !kex_names_valid(*arg == '+' || *arg == '^' ?
+                    arg + 1 : arg))
                        fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
                            filename, linenum, arg ? arg : "<NONE>");
                if (options->kex_algorithms == NULL)
author	naddy@openbsd.org <naddy@openbsd.org>	2019-09-06 14:45:34 +0000
committer	Damien Miller <djm@mindrot.org>	2019-09-08 14:49:04 +1000
commit	91a2135f32acdd6378476c5bae475a6e7811a6a2 (patch)
tree	da8ddb5e4236cb12f3c70ab939e3abe674aa8ba4 /servconf.c
parent	c8bdd2db77ac2369d5cdee237656f266c8f41552 (diff)