openssh-7.9 accidentally reused the server's algorithm lists in the

client for KEX, ciphers and MACs. The ciphers and MACs were
identical between the client and server, but the error accidentially
disabled the diffie-hellman-group-exchange-sha1 KEX method.

This fixes the client code to use the correct method list, but
because nobody complained, it also disables the
diffie-hellman-group-exchange-sha1 KEX method.

Reported by nuxi AT vault24.org via bz#2697; ok dtucker

3 files changed, 10 insertions, 16 deletions

diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h
index bd46b55fb67..d4e0dc89879 100644
--- a/usr.bin/ssh/myproposal.h
+++ b/usr.bin/ssh/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.57 2018/09/12 01:34:02 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.58 2019/02/23 08:20:43 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,7 +26,7 @@
 
 #ifdef WITH_OPENSSL
 
-#define KEX_COMMON_KEX		\
+#define KEX_SERVER_KEX	\
 	"curve25519-sha256," \
 	"curve25519-sha256@libssh.org," \
 	"ecdh-sha2-nistp256," \
@@ -34,16 +34,11 @@
 	"ecdh-sha2-nistp521," \
 	"diffie-hellman-group-exchange-sha256," \
 	"diffie-hellman-group16-sha512," \
-	"diffie-hellman-group18-sha512" \
-
-#define KEX_SERVER_KEX KEX_COMMON_KEX "," \
+	"diffie-hellman-group18-sha512," \
 	"diffie-hellman-group14-sha256," \
 	"diffie-hellman-group14-sha1"
 
-#define KEX_CLIENT_KEX KEX_COMMON_KEX "," \
-	"diffie-hellman-group-exchange-sha1," \
-	"diffie-hellman-group14-sha256," \
-	"diffie-hellman-group14-sha1"
+#define KEX_CLIENT_KEX KEX_SERVER_KEX
 
 #define	KEX_DEFAULT_PK_ALG	\
 	"ecdsa-sha2-nistp256-cert-v01@openssh.com," \
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 2b6c82efea5..560362048fe 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.302 2018/11/23 05:08:07 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.303 2019/02/23 08:20:43 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2105,9 +2105,9 @@ fill_default_options(Options * options)
 		    defaults, all)) != 0) \
 			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
 	} while (0)
-	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
-	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
-	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
+	ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, all_cipher);
+	ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac);
+	ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex);
 	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
 	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
 	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index e648e5a468f..35c84432b70 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.290 2019/02/18 07:02:34 jmc Exp $
-.Dd $Mdocdate: February 18 2019 $
+.\" $OpenBSD: ssh_config.5,v 1.291 2019/02/23 08:20:43 djm Exp $
+.Dd $Mdocdate: February 23 2019 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1059,7 +1059,6 @@ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
 diffie-hellman-group-exchange-sha256,
 diffie-hellman-group16-sha512,
 diffie-hellman-group18-sha512,
-diffie-hellman-group-exchange-sha1,
 diffie-hellman-group14-sha256,
 diffie-hellman-group14-sha1
 .Ed