diff options
| -rw-r--r-- | usr.bin/ssh/cipher.c | 95 | ||||
| -rw-r--r-- | usr.bin/ssh/cipher.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/packet.c | 35 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 18 |
7 files changed, 32 insertions, 141 deletions
diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c index 52b73791a70..44d7148293e 100644 --- a/usr.bin/ssh/cipher.c +++ b/usr.bin/ssh/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.106 2017/05/04 01:33:21 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.107 2017/05/07 23:12:57 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -63,7 +63,6 @@ struct sshcipher { u_int key_len; u_int iv_len; /* defaults to block_size */ u_int auth_len; - u_int discard_len; u_int flags; #define CFLAG_CBC (1<<0) #define CFLAG_CHACHAPOLY (1<<1) @@ -79,34 +78,29 @@ struct sshcipher { static const struct sshcipher ciphers[] = { #ifdef WITH_OPENSSL - { "3des-cbc", 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, - { "blowfish-cbc", 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, - { "cast128-cbc", 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, - { "arcfour", 8, 16, 0, 0, 0, 0, EVP_rc4 }, - { "arcfour128", 8, 16, 0, 0, 1536, 0, EVP_rc4 }, - { "arcfour256", 8, 32, 0, 0, 1536, 0, EVP_rc4 }, - { "aes128-cbc", 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, - { "aes192-cbc", 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, - { "aes256-cbc", 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, + { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc }, + { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc }, + { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc }, + { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", - 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, - { "aes128-ctr", 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr }, - { "aes192-ctr", 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr }, - { "aes256-ctr", 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr }, + 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc }, + { "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr }, + { "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr }, + { "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr }, { "aes128-gcm@openssh.com", - 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, + 16, 16, 12, 16, 0, EVP_aes_128_gcm }, { "aes256-gcm@openssh.com", - 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, + 16, 32, 12, 16, 0, EVP_aes_256_gcm }, #else - { "aes128-ctr", 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, - { "aes192-ctr", 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, - { "aes256-ctr", 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", 16, 24, 0, 0, CFLAG_AESCTR, NULL }, + { "aes256-ctr", 16, 32, 0, 0, CFLAG_AESCTR, NULL }, #endif { "chacha20-poly1305@openssh.com", - 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, - { "none", 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, + 8, 64, 0, 16, CFLAG_CHACHAPOLY, NULL }, + { "none", 8, 0, 0, 0, CFLAG_NONE, NULL }, - { NULL, 0, 0, 0, 0, 0, 0, NULL } + { NULL, 0, 0, 0, 0, 0, NULL } }; /*--*/ @@ -240,7 +234,6 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, #ifdef WITH_OPENSSL const EVP_CIPHER *type; int klen; - u_char *junk, *discard; #endif *ccp = NULL; @@ -302,23 +295,6 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } - - if (cipher->discard_len > 0) { - if ((junk = malloc(cipher->discard_len)) == NULL || - (discard = malloc(cipher->discard_len)) == NULL) { - free(junk); - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } - ret = EVP_Cipher(cc->evp, discard, junk, cipher->discard_len); - explicit_bzero(discard, cipher->discard_len); - free(junk); - free(discard); - if (ret != 1) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } - } ret = 0; #endif /* WITH_OPENSSL */ out: @@ -532,40 +508,3 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) return 0; } -#ifdef WITH_OPENSSL -#define EVP_X_STATE(evp) (evp)->cipher_data -#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size -#endif - -int -cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat) -{ -#ifdef WITH_OPENSSL - const struct sshcipher *c = cc->cipher; - int plen = 0; - - if (c->evptype == EVP_rc4) { - plen = EVP_X_STATE_LEN(cc->evp); - if (dat == NULL) - return (plen); - memcpy(dat, EVP_X_STATE(cc->evp), plen); - } - return (plen); -#else - return 0; -#endif -} - -void -cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat) -{ -#ifdef WITH_OPENSSL - const struct sshcipher *c = cc->cipher; - int plen; - - if (c->evptype == EVP_rc4) { - plen = EVP_X_STATE_LEN(cc->evp); - memcpy(EVP_X_STATE(cc->evp), dat, plen); - } -#endif -} diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h index f9ac151f71a..dc7ecf1139d 100644 --- a/usr.bin/ssh/cipher.h +++ b/usr.bin/ssh/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.51 2017/05/04 01:33:21 djm Exp $ */ +/* $OpenBSD: cipher.h,v 1.52 2017/05/07 23:12:57 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -71,7 +71,5 @@ u_int cipher_ctx_is_plaintext(struct sshcipher_ctx *); int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int); int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *); int cipher_get_keyiv_len(const struct sshcipher_ctx *); -int cipher_get_keycontext(const struct sshcipher_ctx *, u_char *); -void cipher_set_keycontext(struct sshcipher_ctx *, const u_char *); #endif /* CIPHER_H */ diff --git a/usr.bin/ssh/packet.c b/usr.bin/ssh/packet.c index eaba7f245df..24521e15bb1 100644 --- a/usr.bin/ssh/packet.c +++ b/usr.bin/ssh/packet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: packet.c,v 1.253 2017/05/03 21:08:09 naddy Exp $ */ +/* $OpenBSD: packet.c,v 1.254 2017/05/07 23:12:57 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -873,7 +873,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode) } /* * The 2^(blocksize*2) limit is too expensive for 3DES, - * blowfish, etc, so enforce a 1GB limit for small blocksizes. + * so enforce a 1GB limit for small blocksizes. */ if (enc->block_size >= 16) *max_blocks = (u_int64_t)1 << (enc->block_size*2); @@ -2203,8 +2203,6 @@ int ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) { struct session_state *state = ssh->state; - u_char *p; - size_t slen, rlen; int r; if ((r = kex_to_blob(m, ssh->kex)) != 0 || @@ -2222,22 +2220,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m) (r = sshbuf_put_u64(m, state->p_read.bytes)) != 0) return r; - slen = cipher_get_keycontext(state->send_context, NULL); - rlen = cipher_get_keycontext(state->receive_context, NULL); - if ((r = sshbuf_put_u32(m, slen)) != 0 || - (r = sshbuf_reserve(m, slen, &p)) != 0) - return r; - if (cipher_get_keycontext(state->send_context, p) != (int)slen) - return SSH_ERR_INTERNAL_ERROR; - if ((r = sshbuf_put_u32(m, rlen)) != 0 || - (r = sshbuf_reserve(m, rlen, &p)) != 0) - return r; - if (cipher_get_keycontext(state->receive_context, p) != (int)rlen) - return SSH_ERR_INTERNAL_ERROR; - if ((r = sshbuf_put_stringb(m, state->input)) != 0 || - (r = sshbuf_put_stringb(m, state->output)) != 0) - return r; - return 0; } @@ -2359,8 +2341,8 @@ int ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) { struct session_state *state = ssh->state; - const u_char *keyin, *keyout, *input, *output; - size_t rlen, slen, ilen, olen; + const u_char *input, *output; + size_t ilen, olen; int r; if ((r = kex_from_blob(m, &ssh->kex)) != 0 || @@ -2387,15 +2369,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m) (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0) return r; - if ((r = sshbuf_get_string_direct(m, &keyout, &slen)) != 0 || - (r = sshbuf_get_string_direct(m, &keyin, &rlen)) != 0) - return r; - if (cipher_get_keycontext(state->send_context, NULL) != (int)slen || - cipher_get_keycontext(state->receive_context, NULL) != (int)rlen) - return SSH_ERR_INVALID_FORMAT; - cipher_set_keycontext(state->send_context, keyout); - cipher_set_keycontext(state->receive_context, keyin); - if ((r = ssh_packet_set_postauth(ssh)) != 0) return r; diff --git a/usr.bin/ssh/ssh_config b/usr.bin/ssh/ssh_config index e16174dd4d5..cceda919013 100644 --- a/usr.bin/ssh/ssh_config +++ b/usr.bin/ssh/ssh_config @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.32 2017/05/03 10:01:44 jmc Exp $ +# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -33,8 +33,8 @@ # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Protocol 2 -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 +# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc +# MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ # Tunnel no # TunnelDevice any:any diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 68fd028e5b2..db37b92cd33 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.247 2017/05/03 21:49:18 naddy Exp $ -.Dd $Mdocdate: May 3 2017 $ +.\" $OpenBSD: ssh_config.5,v 1.248 2017/05/07 23:12:57 djm Exp $ +.Dd $Mdocdate: May 7 2017 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -414,11 +414,6 @@ aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com -arcfour -arcfour128 -arcfour256 -blowfish-cbc -cast128-cbc chacha20-poly1305@openssh.com .Ed .Pp diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index c7a9c2b33be..3f20dba96e4 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.288 2017/01/30 23:27:39 dtucker Exp $ -.Dd $Mdocdate: January 30 2017 $ +.\" $OpenBSD: sshd.8,v 1.289 2017/05/07 23:12:57 djm Exp $ +.Dd $Mdocdate: May 7 2017 $ .Dt SSHD 8 .Os .Sh NAME @@ -260,7 +260,7 @@ The client selects the encryption algorithm to use from those offered by the server. Additionally, session integrity is provided through a cryptographic message authentication code -(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160, +(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-sha2-256 or hmac-sha2-512). .Pp Finally, the server and the client enter an authentication dialog. diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 63b7e355f1b..5401c6bec2e 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $ -.Dd $Mdocdate: March 14 2017 $ +.\" $OpenBSD: sshd_config.5,v 1.244 2017/05/07 23:12:57 djm Exp $ +.Dd $Mdocdate: May 7 2017 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -465,16 +465,6 @@ aes128-gcm@openssh.com .It aes256-gcm@openssh.com .It -arcfour -.It -arcfour128 -.It -arcfour256 -.It -blowfish-cbc -.It -cast128-cbc -.It chacha20-poly1305@openssh.com .El .Pp @@ -963,8 +953,6 @@ hmac-md5 .It hmac-md5-96 .It -hmac-ripemd160 -.It hmac-sha1 .It hmac-sha1-96 @@ -981,8 +969,6 @@ hmac-md5-etm@openssh.com .It hmac-md5-96-etm@openssh.com .It -hmac-ripemd160-etm@openssh.com -.It hmac-sha1-etm@openssh.com .It hmac-sha1-96-etm@openssh.com |