Commit acaf34fd authored by djm@openbsd.org's avatar djm@openbsd.org Committed by Damien Miller

upstream commit

As promised in last release announcement: remove
support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@

Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
parent 3e371bd2
/* $OpenBSD: cipher.c,v 1.106 2017/05/04 01:33:21 djm Exp $ */
/* $OpenBSD: cipher.c,v 1.107 2017/05/07 23:12:57 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -67,7 +67,6 @@ struct sshcipher {
u_int key_len;
u_int iv_len; /* defaults to block_size */
u_int auth_len;
u_int discard_len;
u_int flags;
#define CFLAG_CBC (1<<0)
#define CFLAG_CHACHAPOLY (1<<1)
......@@ -83,42 +82,31 @@ struct sshcipher {
static const struct sshcipher ciphers[] = {
#ifdef WITH_OPENSSL
{ "3des-cbc", 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
# ifndef OPENSSL_NO_BF
{ "blowfish-cbc", 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
# endif /* OPENSSL_NO_BF */
# ifndef OPENSSL_NO_CAST
{ "cast128-cbc", 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
# endif /* OPENSSL_NO_CAST */
# ifndef OPENSSL_NO_RC4
{ "arcfour", 8, 16, 0, 0, 0, 0, EVP_rc4 },
{ "arcfour128", 8, 16, 0, 0, 1536, 0, EVP_rc4 },
{ "arcfour256", 8, 32, 0, 0, 1536, 0, EVP_rc4 },
# endif /* OPENSSL_NO_RC4 */
{ "aes128-cbc", 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc },
{ "aes192-cbc", 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc },
{ "aes256-cbc", 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
{ "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
{ "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
{ "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
{ "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
{ "rijndael-cbc@lysator.liu.se",
16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
{ "aes128-ctr", 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
{ "aes192-ctr", 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr },
{ "aes256-ctr", 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr },
16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
{ "aes128-ctr", 16, 16, 0, 0, 0, EVP_aes_128_ctr },
{ "aes192-ctr", 16, 24, 0, 0, 0, EVP_aes_192_ctr },
{ "aes256-ctr", 16, 32, 0, 0, 0, EVP_aes_256_ctr },
# ifdef OPENSSL_HAVE_EVPGCM
{ "aes128-gcm@openssh.com",
16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
16, 16, 12, 16, 0, EVP_aes_128_gcm },
{ "aes256-gcm@openssh.com",
16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
16, 32, 12, 16, 0, EVP_aes_256_gcm },
# endif /* OPENSSL_HAVE_EVPGCM */
#else
{ "aes128-ctr", 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL },
{ "aes192-ctr", 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL },
{ "aes256-ctr", 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL },
{ "aes128-ctr", 16, 16, 0, 0, CFLAG_AESCTR, NULL },
{ "aes192-ctr", 16, 24, 0, 0, CFLAG_AESCTR, NULL },
{ "aes256-ctr", 16, 32, 0, 0, CFLAG_AESCTR, NULL },
#endif
{ "chacha20-poly1305@openssh.com",
8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL },
{ "none", 8, 0, 0, 0, 0, CFLAG_NONE, NULL },
8, 64, 0, 16, CFLAG_CHACHAPOLY, NULL },
{ "none", 8, 0, 0, 0, CFLAG_NONE, NULL },
{ NULL, 0, 0, 0, 0, 0, 0, NULL }
{ NULL, 0, 0, 0, 0, 0, NULL }
};
/*--*/
......@@ -252,7 +240,6 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
#ifdef WITH_OPENSSL
const EVP_CIPHER *type;
int klen;
u_char *junk, *discard;
#endif
*ccp = NULL;
......@@ -314,23 +301,6 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
if (cipher->discard_len > 0) {
if ((junk = malloc(cipher->discard_len)) == NULL ||
(discard = malloc(cipher->discard_len)) == NULL) {
free(junk);
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
ret = EVP_Cipher(cc->evp, discard, junk, cipher->discard_len);
explicit_bzero(discard, cipher->discard_len);
free(junk);
free(discard);
if (ret != 1) {
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
}
ret = 0;
#endif /* WITH_OPENSSL */
out:
......
/* $OpenBSD: cipher.h,v 1.51 2017/05/04 01:33:21 djm Exp $ */
/* $OpenBSD: cipher.h,v 1.52 2017/05/07 23:12:57 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
......@@ -71,7 +71,5 @@ u_int cipher_ctx_is_plaintext(struct sshcipher_ctx *);
int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int);
int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *);
int cipher_get_keyiv_len(const struct sshcipher_ctx *);
int cipher_get_keycontext(const struct sshcipher_ctx *, u_char *);
void cipher_set_keycontext(struct sshcipher_ctx *, const u_char *);
#endif /* CIPHER_H */
/* $OpenBSD: packet.c,v 1.253 2017/05/03 21:08:09 naddy Exp $ */
/* $OpenBSD: packet.c,v 1.254 2017/05/07 23:12:57 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -884,7 +884,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
}
/*
* The 2^(blocksize*2) limit is too expensive for 3DES,
* blowfish, etc, so enforce a 1GB limit for small blocksizes.
* so enforce a 1GB limit for small blocksizes.
*/
if (enc->block_size >= 16)
*max_blocks = (u_int64_t)1 << (enc->block_size*2);
......@@ -2223,8 +2223,6 @@ int
ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
{
struct session_state *state = ssh->state;
u_char *p;
size_t slen, rlen;
int r;
if ((r = kex_to_blob(m, ssh->kex)) != 0 ||
......@@ -2242,22 +2240,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
(r = sshbuf_put_u64(m, state->p_read.bytes)) != 0)
return r;
slen = cipher_get_keycontext(state->send_context, NULL);
rlen = cipher_get_keycontext(state->receive_context, NULL);
if ((r = sshbuf_put_u32(m, slen)) != 0 ||
(r = sshbuf_reserve(m, slen, &p)) != 0)
return r;
if (cipher_get_keycontext(state->send_context, p) != (int)slen)
return SSH_ERR_INTERNAL_ERROR;
if ((r = sshbuf_put_u32(m, rlen)) != 0 ||
(r = sshbuf_reserve(m, rlen, &p)) != 0)
return r;
if (cipher_get_keycontext(state->receive_context, p) != (int)rlen)
return SSH_ERR_INTERNAL_ERROR;
if ((r = sshbuf_put_stringb(m, state->input)) != 0 ||
(r = sshbuf_put_stringb(m, state->output)) != 0)
return r;
return 0;
}
......@@ -2379,8 +2361,8 @@ int
ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
{
struct session_state *state = ssh->state;
const u_char *keyin, *keyout, *input, *output;
size_t rlen, slen, ilen, olen;
const u_char *input, *output;
size_t ilen, olen;
int r;
if ((r = kex_from_blob(m, &ssh->kex)) != 0 ||
......@@ -2407,15 +2389,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
(r = ssh_set_newkeys(ssh, MODE_OUT)) != 0)
return r;
if ((r = sshbuf_get_string_direct(m, &keyout, &slen)) != 0 ||
(r = sshbuf_get_string_direct(m, &keyin, &rlen)) != 0)
return r;
if (cipher_get_keycontext(state->send_context, NULL) != (int)slen ||
cipher_get_keycontext(state->receive_context, NULL) != (int)rlen)
return SSH_ERR_INVALID_FORMAT;
cipher_set_keycontext(state->send_context, keyout);
cipher_set_keycontext(state->receive_context, keyin);
if ((r = ssh_packet_set_postauth(ssh)) != 0)
return r;
......
# $OpenBSD: ssh_config,v 1.32 2017/05/03 10:01:44 jmc Exp $
# $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
......@@ -35,8 +35,8 @@
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Protocol 2
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
......
......@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.247 2017/05/03 21:49:18 naddy Exp $
.Dd $Mdocdate: May 3 2017 $
.\" $OpenBSD: ssh_config.5,v 1.248 2017/05/07 23:12:57 djm Exp $
.Dd $Mdocdate: May 7 2017 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
......@@ -414,11 +414,6 @@ aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
arcfour
arcfour128
arcfour256
blowfish-cbc
cast128-cbc
chacha20-poly1305@openssh.com
.Ed
.Pp
......
......@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.288 2017/01/30 23:27:39 dtucker Exp $
.Dd $Mdocdate: January 30 2017 $
.\" $OpenBSD: sshd.8,v 1.289 2017/05/07 23:12:57 djm Exp $
.Dd $Mdocdate: May 7 2017 $
.Dt SSHD 8
.Os
.Sh NAME
......@@ -260,7 +260,7 @@ The client selects the encryption algorithm
to use from those offered by the server.
Additionally, session integrity is provided
through a cryptographic message authentication code
(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160,
(hmac-md5, hmac-sha1, umac-64, umac-128,
hmac-sha2-256 or hmac-sha2-512).
.Pp
Finally, the server and the client enter an authentication dialog.
......
......@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $
.Dd $Mdocdate: March 14 2017 $
.\" $OpenBSD: sshd_config.5,v 1.244 2017/05/07 23:12:57 djm Exp $
.Dd $Mdocdate: May 7 2017 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
......@@ -464,16 +464,6 @@ aes128-gcm@openssh.com
.It
aes256-gcm@openssh.com
.It
arcfour
.It
arcfour128
.It
arcfour256
.It
blowfish-cbc
.It
cast128-cbc
.It
chacha20-poly1305@openssh.com
.El
.Pp
......@@ -962,8 +952,6 @@ hmac-md5
.It
hmac-md5-96
.It
hmac-ripemd160
.It
hmac-sha1
.It
hmac-sha1-96
......@@ -980,8 +968,6 @@ hmac-md5-etm@openssh.com
.It
hmac-md5-96-etm@openssh.com
.It
hmac-ripemd160-etm@openssh.com
.It
hmac-sha1-etm@openssh.com
.It
hmac-sha1-96-etm@openssh.com
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment