View | Details | Raw Unified | Return to bug 3064
Collapse All | Expand All

(-)kex.c (-2 / +11 lines)
Lines 202-209 kex_names_cat(const char *a, const char Link Here
202 
/*
 202 
/*
203 
 * Assemble a list of algorithms from a default list and a string from a
 203 
 * Assemble a list of algorithms from a default list and a string from a
204 
 * configuration file. The user-provided string may begin with '+' to
 204 
 * configuration file. The user-provided string may begin with '+' to
205 
 * indicate that it should be appended to the default or '-' that the
 205 
 * indicate that it should be appended to the default, '-' that the
206 
 * specified names should be removed.
 206 
 * specified names should be removed, or '^' that they should be placed
207 
 * at the head.
207 
 */
 208 
 */
208 
int
 209 
int
209 
kex_assemble_names(char **listp, const char *def, const char *all)
 210 
kex_assemble_names(char **listp, const char *def, const char *all)
Lines 237-242 kex_assemble_names(char **listp, const c Link Here
237 
		free(list);
 238 
		free(list);
238 
		/* filtering has already been done */
 239 
		/* filtering has already been done */
239 
		return 0;
 240 
		return 0;
241 
	} else if (*list == '^') {
242 
		/* Place names at head of default list */
243 
		if ((tmp = kex_names_cat(list + 1, def)) == NULL) {
244 
			r = SSH_ERR_ALLOC_FAIL;
245 
			goto fail;
246 
		}
247 
		free(list);
248 
		list = tmp;
240 
	} else {
 249 
	} else {
241 
		/* Explicit list, overrides default - just use "list" as is */
 250 
		/* Explicit list, overrides default - just use "list" as is */
242 
	}
 251 
	}
(-)readconf.c (-4 / +8 lines)
Lines 1184-1190 parse_int: Link Here
1184 
		arg = strdelim(&s);
 1184 
		arg = strdelim(&s);
1185 
		if (!arg || *arg == '\0')
 1185 
		if (!arg || *arg == '\0')
1186 
			fatal("%.200s line %d: Missing argument.", filename, linenum);
 1186 
			fatal("%.200s line %d: Missing argument.", filename, linenum);
1187 
		if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
 1187 
		if (*arg != '-' &&
1188 
		    !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
1188 
			fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
 1189 
			fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
1189 
			    filename, linenum, arg ? arg : "<NONE>");
 1190 
			    filename, linenum, arg ? arg : "<NONE>");
1190 
		if (*activep && options->ciphers == NULL)
 1191 
		if (*activep && options->ciphers == NULL)
Lines 1195-1201 parse_int: Link Here
1195 
		arg = strdelim(&s);
 1196 
		arg = strdelim(&s);
1196 
		if (!arg || *arg == '\0')
 1197 
		if (!arg || *arg == '\0')
1197 
			fatal("%.200s line %d: Missing argument.", filename, linenum);
 1198 
			fatal("%.200s line %d: Missing argument.", filename, linenum);
1198 
		if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
 1199 
		if (*arg != '-' &&
1200 
		    !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
1199 
			fatal("%.200s line %d: Bad SSH2 MAC spec '%s'.",
 1201 
			fatal("%.200s line %d: Bad SSH2 MAC spec '%s'.",
1200 
			    filename, linenum, arg ? arg : "<NONE>");
 1202 
			    filename, linenum, arg ? arg : "<NONE>");
1201 
		if (*activep && options->macs == NULL)
 1203 
		if (*activep && options->macs == NULL)
Lines 1208-1214 parse_int: Link Here
1208 
			fatal("%.200s line %d: Missing argument.",
 1210 
			fatal("%.200s line %d: Missing argument.",
1209 
			    filename, linenum);
 1211 
			    filename, linenum);
1210 
		if (*arg != '-' &&
 1212 
		if (*arg != '-' &&
1211 
		    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
 1213 
		    !kex_names_valid(*arg == '+' || *arg == '^' ?
1214 
		    arg + 1 : arg))
1212 
			fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
 1215 
			fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
1213 
			    filename, linenum, arg ? arg : "<NONE>");
 1216 
			    filename, linenum, arg ? arg : "<NONE>");
1214 
		if (*activep && options->kex_algorithms == NULL)
 1217 
		if (*activep && options->kex_algorithms == NULL)
Lines 1223-1229 parse_keytypes: Link Here
1223 
			fatal("%.200s line %d: Missing argument.",
 1226 
			fatal("%.200s line %d: Missing argument.",
1224 
			    filename, linenum);
 1227 
			    filename, linenum);
1225 
		if (*arg != '-' &&
 1228 
		if (*arg != '-' &&
1226 
		    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
 1229 
		    !sshkey_names_valid2(*arg == '+' || *arg == '^' ?
1230 
		    arg + 1 : arg, 1))
1227 
			fatal("%s line %d: Bad key types '%s'.",
 1231 
			fatal("%s line %d: Bad key types '%s'.",
1228 
				filename, linenum, arg ? arg : "<NONE>");
 1232 
				filename, linenum, arg ? arg : "<NONE>");
1229 
		if (*activep && *charptr == NULL)
 1233 
		if (*activep && *charptr == NULL)
(-)servconf.c (-4 / +8 lines)
Lines 1381-1387 process_server_config_line(ServerOptions Link Here
1381 
			fatal("%s line %d: Missing argument.",
 1381 
			fatal("%s line %d: Missing argument.",
1382 
			    filename, linenum);
 1382 
			    filename, linenum);
1383 
		if (*arg != '-' &&
 1383 
		if (*arg != '-' &&
1384 
		    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
 1384 
		    !sshkey_names_valid2(*arg == '+' || *arg == '^' ?
1385 
		    arg + 1 : arg, 1))
1385 
			fatal("%s line %d: Bad key types '%s'.",
 1386 
			fatal("%s line %d: Bad key types '%s'.",
1386 
			    filename, linenum, arg ? arg : "<NONE>");
 1387 
			    filename, linenum, arg ? arg : "<NONE>");
1387 
		if (*activep && *charptr == NULL)
 1388 
		if (*activep && *charptr == NULL)
Lines 1652-1658 process_server_config_line(ServerOptions Link Here
1652 
		arg = strdelim(&cp);
 1653 
		arg = strdelim(&cp);
1653 
		if (!arg || *arg == '\0')
 1654 
		if (!arg || *arg == '\0')
1654 
			fatal("%s line %d: Missing argument.", filename, linenum);
 1655 
			fatal("%s line %d: Missing argument.", filename, linenum);
1655 
		if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
 1656 
		if (*arg != '-' &&
1657 
		    !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
1656 
			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
 1658 
			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
1657 
			    filename, linenum, arg ? arg : "<NONE>");
 1659 
			    filename, linenum, arg ? arg : "<NONE>");
1658 
		if (options->ciphers == NULL)
 1660 
		if (options->ciphers == NULL)
Lines 1663-1669 process_server_config_line(ServerOptions Link Here
1663 
		arg = strdelim(&cp);
 1665 
		arg = strdelim(&cp);
1664 
		if (!arg || *arg == '\0')
 1666 
		if (!arg || *arg == '\0')
1665 
			fatal("%s line %d: Missing argument.", filename, linenum);
 1667 
			fatal("%s line %d: Missing argument.", filename, linenum);
1666 
		if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
 1668 
		if (*arg != '-' &&
1669 
		    !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
1667 
			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
 1670 
			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
1668 
			    filename, linenum, arg ? arg : "<NONE>");
 1671 
			    filename, linenum, arg ? arg : "<NONE>");
1669 
		if (options->macs == NULL)
 1672 
		if (options->macs == NULL)
Lines 1676-1682 process_server_config_line(ServerOptions Link Here
1676 
			fatal("%s line %d: Missing argument.",
 1679 
			fatal("%s line %d: Missing argument.",
1677 
			    filename, linenum);
 1680 
			    filename, linenum);
1678 
		if (*arg != '-' &&
 1681 
		if (*arg != '-' &&
1679 
		    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
 1682 
		    !kex_names_valid(*arg == '+' || *arg == '^' ?
1683 
		    arg + 1 : arg))
1680 
			fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
 1684 
			fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
1681 
			    filename, linenum, arg ? arg : "<NONE>");
 1685 
			    filename, linenum, arg ? arg : "<NONE>");
1682 
		if (options->kex_algorithms == NULL)
 1686 
		if (options->kex_algorithms == NULL)
(-)ssh.c (-1 / +1 lines)
Lines 851-857 main(int ac, char **av) Link Here
851 
			}
 851 
			}
852 
			break;
 852 
			break;
853 
		case 'c':
 853 
		case 'c':
854 
			if (!ciphers_valid(*optarg == '+' ?
 854 
			if (!ciphers_valid(*optarg == '+' || *optarg == '^' ?
855 
			    optarg + 1 : optarg)) {
 855 
			    optarg + 1 : optarg)) {
856 
				fprintf(stderr, "Unknown cipher type '%s'\n",
 856 
				fprintf(stderr, "Unknown cipher type '%s'\n",
857 
				    optarg);
 857 
				    optarg);
(-)ssh_config.5 (+24 lines)
Lines 430-435 If the specified list begins with a Link Here
430 
.Sq -
 430 
.Sq -
431 
character, then the specified ciphers (including wildcards) will be removed
 431 
character, then the specified ciphers (including wildcards) will be removed
432 
from the default set instead of replacing them.
 432 
from the default set instead of replacing them.
433 
If the specified list begins with a
434 
.Sq ^
435 
character, then the specified ciphers will be placed at the head of the
436 
default set.
433 
.Pp
 437 
.Pp
434 
The supported ciphers are:
 438 
The supported ciphers are:
435 
.Bd -literal -offset indent
 439 
.Bd -literal -offset indent
Lines 794-799 If the specified value begins with a Link Here
794 
.Sq -
 798 
.Sq -
795 
character, then the specified key types (including wildcards) will be removed
 799 
character, then the specified key types (including wildcards) will be removed
796 
from the default set instead of replacing them.
 800 
from the default set instead of replacing them.
801 
If the specified list begins with a
802 
.Sq ^
803 
character, then the specified key types will be placed at the head of the
804 
default set.
797 
The default for this option is:
 805 
The default for this option is:
798 
.Bd -literal -offset 3n
 806 
.Bd -literal -offset 3n
799 
ecdsa-sha2-nistp256-cert-v01@openssh.com,
 807 
ecdsa-sha2-nistp256-cert-v01@openssh.com,
Lines 822-827 If the specified value begins with a Link Here
822 
.Sq -
 830 
.Sq -
823 
character, then the specified key types (including wildcards) will be removed
 831 
character, then the specified key types (including wildcards) will be removed
824 
from the default set instead of replacing them.
 832 
from the default set instead of replacing them.
833 
If the specified list begins with a
834 
.Sq ^
835 
character, then the specified key types will be placed at the head of the
836 
default set.
825 
The default for this option is:
 837 
The default for this option is:
826 
.Bd -literal -offset 3n
 838 
.Bd -literal -offset 3n
827 
ecdsa-sha2-nistp256-cert-v01@openssh.com,
 839 
ecdsa-sha2-nistp256-cert-v01@openssh.com,
Lines 1052-1057 If the specified list begins with a Link Here
1052 
.Sq -
 1064 
.Sq -
1053 
character, then the specified methods (including wildcards) will be removed
 1065 
character, then the specified methods (including wildcards) will be removed
1054 
from the default set instead of replacing them.
 1066 
from the default set instead of replacing them.
1067 
If the specified list begins with a
1068 
.Sq ^
1069 
character, then the specified methods will be placed at the head of the
1070 
default set.
1055 
The default is:
 1071 
The default is:
1056 
.Bd -literal -offset indent
 1072 
.Bd -literal -offset indent
1057 
curve25519-sha256,curve25519-sha256@libssh.org,
 1073 
curve25519-sha256,curve25519-sha256@libssh.org,
Lines 1133-1138 If the specified list begins with a Link Here
1133 
.Sq -
 1149 
.Sq -
1134 
character, then the specified algorithms (including wildcards) will be removed
 1150 
character, then the specified algorithms (including wildcards) will be removed
1135 
from the default set instead of replacing them.
 1151 
from the default set instead of replacing them.
1152 
If the specified list begins with a
1153 
.Sq ^
1154 
character, then the specified algorithms will be placed at the head of the
1155 
default set.
1136 
.Pp
 1156 
.Pp
1137 
The algorithms that contain
 1157 
The algorithms that contain
1138 
.Qq -etm
 1158 
.Qq -etm
Lines 1290-1295 If the specified list begins with a Link Here
1290 
.Sq -
 1310 
.Sq -
1291 
character, then the specified key types (including wildcards) will be removed
 1311 
character, then the specified key types (including wildcards) will be removed
1292 
from the default set instead of replacing them.
 1312 
from the default set instead of replacing them.
1313 
If the specified list begins with a
1314 
.Sq ^
1315 
character, then the specified key types will be placed at the head of the
1316 
default set.
1293 
The default for this option is:
 1317 
The default for this option is:
1294 
.Bd -literal -offset 3n
 1318 
.Bd -literal -offset 3n
1295 
ecdsa-sha2-nistp256-cert-v01@openssh.com,
 1319 
ecdsa-sha2-nistp256-cert-v01@openssh.com,
(-)sshd_config.5 (+20 lines)
Lines 464-469 If the specified value begins with a Link Here
464 
.Sq -
 464 
.Sq -
465 
character, then the specified ciphers (including wildcards) will be removed
 465 
character, then the specified ciphers (including wildcards) will be removed
466 
from the default set instead of replacing them.
 466 
from the default set instead of replacing them.
467 
If the specified list begins with a
468 
.Sq ^
469 
character, then the specified ciphers will be placed at the head of the
470 
default set.
467 
.Pp
 471 
.Pp
468 
The supported ciphers are:
 472 
The supported ciphers are:
469 
.Pp
 473 
.Pp
Lines 678-683 If the specified value begins with a Link Here
678 
.Sq -
 682 
.Sq -
679 
character, then the specified key types (including wildcards) will be removed
 683 
character, then the specified key types (including wildcards) will be removed
680 
from the default set instead of replacing them.
 684 
from the default set instead of replacing them.
685 
If the specified list begins with a
686 
.Sq ^
687 
character, then the specified key types will be placed at the head of the
688 
default set.
681 
The default for this option is:
 689 
The default for this option is:
682 
.Bd -literal -offset 3n
 690 
.Bd -literal -offset 3n
683 
ecdsa-sha2-nistp256-cert-v01@openssh.com,
 691 
ecdsa-sha2-nistp256-cert-v01@openssh.com,
Lines 883-888 If the specified value begins with a Link Here
883 
.Sq -
 891 
.Sq -
884 
character, then the specified methods (including wildcards) will be removed
 892 
character, then the specified methods (including wildcards) will be removed
885 
from the default set instead of replacing them.
 893 
from the default set instead of replacing them.
894 
If the specified list begins with a
895 
.Sq ^
896 
character, then the specified methods will be placed at the head of the
897 
default set.
886 
The supported algorithms are:
 898 
The supported algorithms are:
887 
.Pp
 899 
.Pp
888 
.Bl -item -compact -offset indent
 900 
.Bl -item -compact -offset indent
Lines 1000-1005 If the specified value begins with a Link Here
1000 
.Sq -
 1012 
.Sq -
1001 
character, then the specified algorithms (including wildcards) will be removed
 1013 
character, then the specified algorithms (including wildcards) will be removed
1002 
from the default set instead of replacing them.
 1014 
from the default set instead of replacing them.
1015 
If the specified list begins with a
1016 
.Sq ^
1017 
character, then the specified algorithms will be placed at the head of the
1018 
default set.
1003 
.Pp
 1019 
.Pp
1004 
The algorithms that contain
 1020 
The algorithms that contain
1005 
.Qq -etm
 1021 
.Qq -etm
Lines 1405-1410 If the specified value begins with a Link Here
1405 
.Sq -
 1421 
.Sq -
1406 
character, then the specified key types (including wildcards) will be removed
 1422 
character, then the specified key types (including wildcards) will be removed
1407 
from the default set instead of replacing them.
 1423 
from the default set instead of replacing them.
1424 
If the specified list begins with a
1425 
.Sq ^
1426 
character, then the specified key types will be placed at the head of the
1427 
default set.
1408 
The default for this option is:
 1428 
The default for this option is:
1409 
.Bd -literal -offset 3n
 1429 
.Bd -literal -offset 3n
1410 
ecdsa-sha2-nistp256-cert-v01@openssh.com,
 1430 
ecdsa-sha2-nistp256-cert-v01@openssh.com,

Return to bug 3064