summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-07-04 13:49:31 +0000
committerDamien Miller <djm@mindrot.org>2018-07-04 23:51:52 +1000
commit312d2f2861a2598ed08587cb6c45c0e98a85408f (patch)
treee3bdc4facef48a89cd76fa793d9e70211b7ff8d2 /servconf.c
parent303af5803bd74bf05d375c04e1a83b40c30b2be5 (diff)
upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA
signature work - returns ability to add/remove/specify algorithms by wildcard. Algorithm lists are now fully expanded when the server/client configs are finalised, so errors are reported early and the config dumps (e.g. "ssh -G ...") now list the actual algorithms selected. Clarify that, while wildcards are accepted in algorithm lists, they aren't full pattern-lists that support negation. (lots of) feedback, ok markus@ OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c32
1 files changed, 23 insertions, 9 deletions
diff --git a/servconf.c b/servconf.c
index a41fdc26a..a54219f01 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.334 2018/07/03 10:59:35 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.335 2018/07/04 13:49:31 djm Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -190,15 +190,29 @@ option_clear_or_none(const char *o)
190static void 190static void
191assemble_algorithms(ServerOptions *o) 191assemble_algorithms(ServerOptions *o)
192{ 192{
193 if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || 193 char *all_cipher, *all_mac, *all_kex, *all_key;
194 kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || 194
195 kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || 195 all_cipher = cipher_alg_list(',', 0);
196 kex_assemble_names(KEX_DEFAULT_PK_ALG, 196 all_mac = mac_alg_list(',');
197 &o->hostkeyalgorithms) != 0 || 197 all_kex = kex_alg_list(',');
198 kex_assemble_names(KEX_DEFAULT_PK_ALG, 198 all_key = sshkey_alg_list(0, 0, 1, ',');
199 &o->hostbased_key_types) != 0 || 199 if (kex_assemble_names(&o->ciphers,
200 kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) 200 KEX_SERVER_ENCRYPT, all_cipher) != 0 ||
201 kex_assemble_names(&o->macs,
202 KEX_SERVER_MAC, all_mac) != 0 ||
203 kex_assemble_names(&o->kex_algorithms,
204 KEX_SERVER_KEX, all_kex) != 0 ||
205 kex_assemble_names(&o->hostkeyalgorithms,
206 KEX_DEFAULT_PK_ALG, all_key) != 0 ||
207 kex_assemble_names(&o->hostbased_key_types,
208 KEX_DEFAULT_PK_ALG, all_key) != 0 ||
209 kex_assemble_names(&o->pubkey_key_types,
210 KEX_DEFAULT_PK_ALG, all_key) != 0)
201 fatal("kex_assemble_names failed"); 211 fatal("kex_assemble_names failed");
212 free(all_cipher);
213 free(all_mac);
214 free(all_kex);
215 free(all_key);
202} 216}
203 217
204static void 218static void