aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/config.c9
-rw-r--r--tests/unittests/torture_config.c7
-rw-r--r--tests/unittests/torture_options.c8
3 files changed, 23 insertions, 1 deletions
diff --git a/src/config.c b/src/config.c
index 8419d070..330fb7ee 100644
--- a/src/config.c
+++ b/src/config.c
@@ -49,6 +49,7 @@ enum ssh_config_opcode_e {
SOC_USERNAME,
SOC_IDENTITY,
SOC_CIPHERS,
+ SOC_MACS,
SOC_COMPRESSION,
SOC_TIMEOUT,
SOC_PROTOCOL,
@@ -85,6 +86,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
{ "user", SOC_USERNAME },
{ "identityfile", SOC_IDENTITY },
{ "ciphers", SOC_CIPHERS },
+ { "macs", SOC_MACS },
{ "compression", SOC_COMPRESSION },
{ "connecttimeout", SOC_TIMEOUT },
{ "protocol", SOC_PROTOCOL },
@@ -420,6 +422,13 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
ssh_options_set(session, SSH_OPTIONS_CIPHERS_S_C, p);
}
break;
+ case SOC_MACS:
+ p = ssh_config_get_str_tok(&s, NULL);
+ if (p && *parsing) {
+ ssh_options_set(session, SSH_OPTIONS_HMAC_C_S, p);
+ ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, p);
+ }
+ break;
case SOC_COMPRESSION:
i = ssh_config_get_yesno(&s, -1);
if (i >= 0 && *parsing) {
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index ec0dde53..a0b40239 100644
--- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c
@@ -15,6 +15,7 @@
#define PROXYCMD "ssh -q -W %h:%p gateway.example.com"
#define ID_FILE "/etc/xxx"
#define KEXALGORITHMS "ecdh-sha2-nistp521,diffie-hellman-group14-sha1"
+#define MACS "hmac-sha1,hmac-sha2-256"
static int setup_config_files(void **state)
{
@@ -32,7 +33,8 @@ static int setup_config_files(void **state)
"ProxyCommand "PROXYCMD"\n\n");
torture_write_file(LIBSSH_TESTCONFIG3,
"\n\nIdentityFile "ID_FILE"\n"
- "\n\nKexAlgorithms "KEXALGORITHMS"\n");
+ "\n\nKexAlgorithms "KEXALGORITHMS"\n"
+ "\n\nMACs "MACS"\n");
/* Multiple Port settings -> parsing returns early. */
torture_write_file(LIBSSH_TESTCONFIG4,
@@ -89,6 +91,9 @@ static void torture_config_from_file(void **state) {
ssh_string_free_char(v);
assert_string_equal(session->opts.wanted_methods[SSH_KEX], KEXALGORITHMS);
+
+ assert_string_equal(session->opts.wanted_methods[SSH_MAC_C_S], MACS);
+ assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], MACS);
}
/**
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index 1a791d22..7e18b1d7 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -96,6 +96,14 @@ static void torture_options_set_macs(void **state) {
assert_true(rc == 0);
assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C], "hmac-sha1");
+ /* Test multiple known MACs */
+ rc = ssh_options_set(session,
+ SSH_OPTIONS_HMAC_S_C,
+ "hmac-sha1,hmac-sha2-256");
+ assert_true(rc == 0);
+ assert_string_equal(session->opts.wanted_methods[SSH_MAC_S_C],
+ "hmac-sha1,hmac-sha2-256");
+
/* Test unknown MACs */
rc = ssh_options_set(session, SSH_OPTIONS_HMAC_S_C, "unknown-crap@example.com,hmac-sha1,unknown@example.com");
assert_true(rc == 0);