- markus@cvs.openbsd.org 2001/02/11 12:59:25

     [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@

18 files changed, 252 insertions, 119 deletions

diff --git a/ChangeLog b/ChangeLog
index e6bc60239..ec9e00be8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,14 @@
    - markus@cvs.openbsd.org 2001/02/12 12:45:06
      [sshconnect1.c]
      fix xmalloc(0), ok dugsong@
+   - markus@cvs.openbsd.org 2001/02/11 12:59:25
+     [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
+      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
+     1) clean up the MAC support for SSH-2
+     2) allow you to specify the MAC with 'ssh -m'
+     3) or the 'MACs' keyword in ssh(d)_config
+     4) add hmac-{md5,sha1}-96
+             ok stevesk@, provos@
 
 20010214
  - (djm) Don't try to close PAM session or delete credentials if the
@@ -3935,4 +3943,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.762 2001/02/15 02:36:46 mouring Exp $
+$Id: ChangeLog,v 1.763 2001/02/15 03:01:59 mouring Exp $
diff --git a/Makefile.in b/Makefile.in
index f9c48d29a..1f8696a9c 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.151 2001/02/13 14:25:23 djm Exp $
+# $Id: Makefile.in,v 1.152 2001/02/15 03:01:59 mouring Exp $
 
 prefix=@prefix@
 exec_prefix=@exec_prefix@
@@ -44,7 +44,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
 
 TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP_PROGS)
 
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o deattack.o dispatch.o mac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
 
 SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
 
diff --git a/hmac.c b/hmac.c
deleted file mode 100644
index 831dd243a..000000000
--- a/hmac.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-RCSID("$OpenBSD: hmac.c,v 1.7 2001/02/08 19:30:51 itojun Exp $");
-
-#include "xmalloc.h"
-#include "getput.h"
-#include "log.h"
-
-#include <openssl/hmac.h>
-
-#include "hmac.h"
-
-u_char *
-hmac(
-    EVP_MD *evp_md,
-    u_int seqno,
-    u_char *data, int datalen,
-    u_char *key, int keylen)
-{
-        HMAC_CTX c;
-        static u_char m[EVP_MAX_MD_SIZE];
-        u_char b[4];
-
-        if (key == NULL)
-                fatal("hmac: no key");
-        HMAC_Init(&c, key, keylen, evp_md);
-        PUT_32BIT(b, seqno);
-        HMAC_Update(&c, b, sizeof b);
-        HMAC_Update(&c, data, datalen);
-        HMAC_Final(&c, m, NULL);
-        HMAC_cleanup(&c);
-        return(m);
-}
diff --git a/kex.c b/kex.c
index 7c1326ed0..1038546ca 100644
--- a/kex.c
+++ b/kex.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.20 2001/02/08 19:30:51 itojun Exp $");
+RCSID("$OpenBSD: kex.c,v 1.21 2001/02/11 12:59:24 markus Exp $");
 
 #include <openssl/crypto.h>
 #include <openssl/bio.h>
@@ -41,6 +41,7 @@ RCSID("$OpenBSD: kex.c,v 1.20 2001/02/08 19:30:51 itojun Exp $");
 #include "kex.h"
 #include "key.h"
 #include "log.h"
+#include "mac.h"
 
 #define KEX_COOKIE_LEN  16
 
@@ -412,18 +413,12 @@ choose_mac(Mac *mac, char *client, char *server)
         char *name = get_match(client, server);
         if (name == NULL)
                 fatal("no matching mac found: client %s server %s", client, server);
-        if (strcmp(name, "hmac-md5") == 0) {
-                mac->md = EVP_md5();
-        } else if (strcmp(name, "hmac-sha1") == 0) {
-                mac->md = EVP_sha1();
-        } else if (strcmp(name, "hmac-ripemd160@openssh.com") == 0) {
-                mac->md = EVP_ripemd160();
-        } else {
+        if (mac_init(mac, name) < 0)
                 fatal("unsupported mac %s", name);
-        }
+        /* truncate the key */
+        if (datafellows & SSH_BUG_HMAC)
+                mac->key_len = 16;
         mac->name = name;
-        mac->mac_len = mac->md->md_size;
-        mac->key_len = (datafellows & SSH_BUG_HMAC) ? 16 : mac->mac_len;
         mac->key = NULL;
         mac->enabled = 0;
 }
diff --git a/kex.h b/kex.h
index d8f37c1a6..90496fbdf 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: kex.h,v 1.13 2001/02/04 15:32:24 stevesk Exp $        */
+/*      $OpenBSD: kex.h,v 1.14 2001/02/11 12:59:24 markus Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,9 +26,11 @@
 #ifndef KEX_H
 #define KEX_H
 
+#include <openssl/evp.h>
+#include "buffer.h"
+
 #define KEX_DH1         "diffie-hellman-group1-sha1"
 #define KEX_DHGEX       "diffie-hellman-group-exchange-sha1"
-#define KEX_DSS         "ssh-dss"
 
 enum kex_init_proposals {
         PROPOSAL_KEX_ALGS,
diff --git a/mac.c b/mac.c
new file mode 100644
index 000000000..3ff107c8a
--- /dev/null
+++ b/mac.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: mac.c,v 1.1 2001/02/11 12:59:24 markus Exp $");
+
+#include <openssl/hmac.h>
+
+#include "xmalloc.h"
+#include "getput.h"
+#include "log.h"
+#include "cipher.h"
+#include "kex.h"
+#include "mac.h"
+
+struct {
+        char            *name;
+        EVP_MD *        (*mdfunc)(void);
+        int             truncatebits;   /* truncate digest if != 0 */
+} macs[] = {
+        { "hmac-sha1",                  EVP_sha1, 0, },
+        { "hmac-sha1-96",               EVP_sha1, 96 },
+        { "hmac-md5",                   EVP_md5, 0 },
+        { "hmac-md5-96",                EVP_md5, 96 },
+        { "hmac-ripemd160",             EVP_ripemd160, 0 },
+        { "hmac-ripemd160@openssh.com", EVP_ripemd160, 0 },
+        { NULL,                         NULL, 0 }
+};
+
+int
+mac_init(Mac *mac, char *name)
+{
+        int i;
+        for (i = 0; macs[i].name; i++) {
+                if (strcmp(name, macs[i].name) == 0) {
+                        if (mac != NULL) {
+                                mac->md = (*macs[i].mdfunc)();
+                                mac->key_len = mac->mac_len = mac->md->md_size;
+                                if (macs[i].truncatebits != 0)
+                                        mac->mac_len = macs[i].truncatebits/8;
+                        }
+                        debug2("mac_init: found %s", name);
+                        return (0);
+                }
+        }
+        debug2("mac_init: unknown %s", name);
+        return (-1);
+}
+
+u_char *
+mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
+{
+        HMAC_CTX c;
+        static u_char m[EVP_MAX_MD_SIZE];
+        u_char b[4];
+
+        if (mac->key == NULL)
+                fatal("mac_compute: no key");
+        if (mac->mac_len > sizeof(m))
+                fatal("mac_compute: mac too long");
+        HMAC_Init(&c, mac->key, mac->key_len, mac->md);
+        PUT_32BIT(b, seqno);
+        HMAC_Update(&c, b, sizeof(b));
+        HMAC_Update(&c, data, datalen);
+        HMAC_Final(&c, m, NULL);
+        HMAC_cleanup(&c);
+        return (m);
+}
+
+/* XXX copied from ciphers_valid */
+#define MAC_SEP ","
+int
+mac_valid(const char *names)
+{
+        char *maclist, *cp, *p;
+
+        if (names == NULL || strcmp(names, "") == 0)
+                return (0);
+        maclist = cp = xstrdup(names);
+        for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0';
+             (p = strsep(&cp, MAC_SEP))) {
+                if (mac_init(NULL, p) < 0) {
+                        debug("bad mac %s [%s]", p, names);
+                        xfree(maclist);
+                        return (0);
+                } else {
+                        debug3("mac ok: %s [%s]", p, names);
+                }
+        }
+        debug3("macs ok: [%s]", names);
+        xfree(maclist);
+        return (1);
+}
diff --git a/hmac.h b/mac.h
index d9dc048a7..6173eaa66 100644
--- a/hmac.h
+++ b/mac.h
@@ -1,7 +1,6 @@
-/*      $OpenBSD: hmac.h,v 1.4 2001/01/29 01:58:15 niklas Exp $ */
-
+/*      $OpenBSD: mac.h,v 1.1 2001/02/11 12:59:24 markus Exp $   */
 /*
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,14 +22,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-#ifndef HMAC_H
-#define HMAC_H
-
-u_char *
-hmac(
-    EVP_MD *evp_md,
-    u_int seqno,
-    u_char *data, int datalen,
-    u_char *key, int len);
 
-#endif
+int     mac_valid(const char *names);
+int     mac_init(Mac *mac, char *name);
+u_char  *mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen);
diff --git a/myproposal.h b/myproposal.h
index 9dfecdafc..03f76839b 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: myproposal.h,v 1.10 2001/01/29 01:58:17 niklas Exp $  */
+/*      $OpenBSD: myproposal.h,v 1.11 2001/02/11 12:59:24 markus Exp $  */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -30,7 +30,10 @@
         "aes128-cbc,aes192-cbc,aes256-cbc," \
         "rijndael128-cbc,rijndael192-cbc,rijndael256-cbc," \
         "rijndael-cbc@lysator.liu.se"
-#define KEX_DEFAULT_MAC         "hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com"
+#define KEX_DEFAULT_MAC \
+        "hmac-sha1,hmac-md5,hmac-ripemd160," \
+        "hmac-ripemd160@openssh.com," \
+        "hmac-sha1-96,hmac-md5-96"
 #define KEX_DEFAULT_COMP        "none,zlib"
 #define KEX_DEFAULT_LANG        ""
 
diff --git a/packet.c b/packet.c
index 956e711ec..46e89bc0c 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.49 2001/02/08 19:30:52 itojun Exp $");
+RCSID("$OpenBSD: packet.c,v 1.50 2001/02/11 12:59:25 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -54,12 +54,9 @@ RCSID("$OpenBSD: packet.c,v 1.49 2001/02/08 19:30:52 itojun Exp $");
 #include "ssh1.h"
 #include "ssh2.h"
 
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/hmac.h>
 #include "cipher.h"
 #include "kex.h"
-#include "hmac.h"
+#include "mac.h"
 #include "log.h"
 #include "canohost.h"
 
@@ -531,12 +528,12 @@ packet_send1(void)
 void
 packet_send2(void)
 {
+        static u_int32_t seqnr = 0;
         u_char *macbuf = NULL;
         char *cp;
         u_int packet_length = 0;
         u_int i, padlen, len;
         u_int32_t rand = 0;
-        static u_int seqnr = 0;
         int type;
         Enc *enc   = NULL;
         Mac *mac   = NULL;
@@ -604,11 +601,9 @@ packet_send2(void)
 
         /* compute MAC over seqnr and packet(length fields, payload, padding) */
         if (mac && mac->enabled) {
-                macbuf = hmac( mac->md, seqnr,
+                macbuf = mac_compute(mac, seqnr,
                     (u_char *) buffer_ptr(&outgoing_packet),
-                    buffer_len(&outgoing_packet),
-                    mac->key, mac->key_len
-                );
+                    buffer_len(&outgoing_packet));
                 DBG(debug("done calc MAC out #%d", seqnr));
         }
         /* encrypt packet and append to output buffer. */
@@ -818,12 +813,12 @@ packet_read_poll1(int *payload_len_ptr)
 int
 packet_read_poll2(int *payload_len_ptr)
 {
+        static u_int32_t seqnr = 0;
+        static u_int packet_length = 0;
         u_int padlen, need;
         u_char buf[8], *macbuf;
         u_char *ucp;
         char *cp;
-        static u_int packet_length = 0;
-        static u_int seqnr = 0;
         int type;
         int maclen, block_size;
         Enc *enc   = NULL;
@@ -883,11 +878,9 @@ packet_read_poll2(int *payload_len_ptr)
          * increment sequence number for incoming packet
          */
         if (mac && mac->enabled) {
-                macbuf = hmac( mac->md, seqnr,
+                macbuf = mac_compute(mac, seqnr,
                     (u_char *) buffer_ptr(&incoming_packet),
-                    buffer_len(&incoming_packet),
-                    mac->key, mac->key_len
-                );
+                    buffer_len(&incoming_packet));
                 if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
                         packet_disconnect("Corrupted MAC on input.");
                 DBG(debug("MAC #%d ok", seqnr));
diff --git a/readconf.c b/readconf.c
index f62905c29..3ac86ea06 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.61 2001/02/08 14:39:36 deraadt Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.62 2001/02/11 12:59:25 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -23,6 +23,8 @@ RCSID("$OpenBSD: readconf.c,v 1.61 2001/02/08 14:39:36 deraadt Exp $");
 #include "readconf.h"
 #include "match.h"
 #include "misc.h"
+#include "kex.h"
+#include "mac.h"
 
 /* Format of the configuration file:
 
@@ -105,7 +107,7 @@ typedef enum {
         oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
         oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
         oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
-        oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol,
+        oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
         oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
         oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias
 } OpCodes;
@@ -148,6 +150,7 @@ static struct {
         { "port", oPort },
         { "cipher", oCipher },
         { "ciphers", oCiphers },
+        { "macs", oMacs },
         { "protocol", oProtocol },
         { "remoteforward", oRemoteForward },
         { "localforward", oLocalForward },
@@ -502,6 +505,17 @@ parse_int:
                         options->ciphers = xstrdup(arg);
                 break;
 
+        case oMacs:
+                arg = strdelim(&s);
+                if (!arg || *arg == '\0')
+                        fatal("%.200s line %d: Missing argument.", filename, linenum);
+                if (!mac_valid(arg))
+                        fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
+                              filename, linenum, arg ? arg : "<NONE>");
+                if (*activep && options->macs == NULL)
+                        options->macs = xstrdup(arg);
+                break;
+
         case oProtocol:
                 intptr = &options->protocol;
                 arg = strdelim(&s);
@@ -693,6 +707,7 @@ initialize_options(Options * options)
         options->number_of_password_prompts = -1;
         options->cipher = -1;
         options->ciphers = NULL;
+        options->macs = NULL;
         options->protocol = SSH_PROTO_UNKNOWN;
         options->num_identity_files = 0;
         options->hostname = NULL;
@@ -781,6 +796,7 @@ fill_default_options(Options * options)
         if (options->cipher == -1)
                 options->cipher = SSH_CIPHER_NOT_SET;
         /* options->ciphers, default set in myproposals.h */
+        /* options->macs, default set in myproposals.h */
         if (options->protocol == SSH_PROTO_UNKNOWN)
                 options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
         if (options->num_identity_files == 0) {
diff --git a/readconf.h b/readconf.h
index 241b7165c..575b2646d 100644
--- a/readconf.h
+++ b/readconf.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: readconf.h,v 1.25 2001/01/22 23:06:39 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.26 2001/02/11 12:59:25 markus Exp $"); */
 
 #ifndef READCONF_H
 #define READCONF_H
@@ -68,6 +68,7 @@ typedef struct {
                                                  * prompts. */
         int     cipher;         /* Cipher to use. */
         char   *ciphers;        /* SSH2 ciphers in order of preference. */
+        char   *macs;           /* SSH2 macs in order of preference. */
         int     protocol;       /* Protocol in order of preference. */
         char   *hostname;       /* Real host to connect. */
         char   *host_key_alias; /* hostname alias for .ssh/known_hosts */
diff --git a/servconf.c b/servconf.c
index 59687e16d..43a2c111e 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.65 2001/02/04 15:32:24 stevesk Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.66 2001/02/11 12:59:25 markus Exp $");
 
 #ifdef KRB4
 #include <krb.h>
@@ -28,6 +28,8 @@ RCSID("$OpenBSD: servconf.c,v 1.65 2001/02/04 15:32:24 stevesk Exp $");
 #include "tildexpand.h"
 #include "misc.h"
 #include "cipher.h"
+#include "kex.h"
+#include "mac.h"
 
 /* add listen address */
 void add_listen_addr(ServerOptions *options, char *addr);
@@ -85,6 +87,7 @@ initialize_server_options(ServerOptions *options)
         options->num_allow_groups = 0;
         options->num_deny_groups = 0;
         options->ciphers = NULL;
+        options->macs = NULL;
         options->protocol = SSH_PROTO_UNKNOWN;
         options->gateway_ports = -1;
         options->num_subsystems = 0;
@@ -209,7 +212,7 @@ typedef enum {
         sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
         sUseLogin, sAllowTcpForwarding,
         sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-        sIgnoreUserKnownHosts, sCiphers, sProtocol, sPidFile,
+        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
         sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
         sBanner, sReverseMappingCheck
 } ServerOpCodes;
@@ -266,6 +269,7 @@ static struct {
         { "allowgroups", sAllowGroups },
         { "denygroups", sDenyGroups },
         { "ciphers", sCiphers },
+        { "macs", sMacs },
         { "protocol", sProtocol },
         { "gatewayports", sGatewayPorts },
         { "subsystem", sSubsystem },
@@ -658,6 +662,17 @@ parse_flag:
                                 options->ciphers = xstrdup(arg);
                         break;
 
+                case sMacs:
+                        arg = strdelim(&cp);
+                        if (!arg || *arg == '\0')
+                                fatal("%s line %d: Missing argument.", filename, linenum);
+                        if (!mac_valid(arg))
+                                fatal("%s line %d: Bad SSH2 mac spec '%s'.",
+                                    filename, linenum, arg ? arg : "<NONE>");
+                        if (options->macs == NULL)
+                                options->macs = xstrdup(arg);
+                        break;
+
                 case sProtocol:
                         intptr = &options->protocol;
                         arg = strdelim(&cp);
diff --git a/servconf.h b/servconf.h
index e7abb94d8..8236a6391 100644
--- a/servconf.h
+++ b/servconf.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: servconf.h,v 1.36 2001/02/03 10:08:37 markus Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.37 2001/02/11 12:59:25 markus Exp $"); */
 
 #ifndef SERVCONF_H
 #define SERVCONF_H
@@ -50,8 +50,9 @@ typedef struct {
         char   *xauth_location; /* Location of xauth program */
         int     strict_modes;   /* If true, require string home dir modes. */
         int     keepalives;     /* If true, set SO_KEEPALIVE. */
-        char   *ciphers;        /* Ciphers in order of preference. */
-        int     protocol;       /* Protocol in order of preference. */
+        char   *ciphers;        /* Supported SSH2 ciphers. */
+        char   *macs;           /* Supported SSH2 macs. */
+        int     protocol;       /* Supported protocol versions. */
         int     gateway_ports;  /* If true, allow remote connects to forwarded ports. */
         SyslogFacility log_facility;    /* Facility for system logging. */
         LogLevel log_level;     /* Level for system logging. */
diff --git a/ssh.1 b/ssh.1
index dc177c8ba..eeeab9bd1 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.90 2001/02/10 16:03:29 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.91 2001/02/11 12:59:25 markus Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -53,6 +53,7 @@
 .Op Fl e Ar escape_char
 .Op Fl i Ar identity_file
 .Op Fl l Ar login_name
+.Op Fl m Ar mac_spec
 .Op Fl o Ar option
 .Op Fl p Ar port
 .Oo Fl L Xo
@@ -425,6 +426,13 @@ This may also be specified on a per-host basis in the configuration file.
 .It Fl l Ar login_name
 Specifies the user to log in as on the remote machine.
 This also may be specified on a per-host basis in the configuration file.
+.It Fl m Ar mac_spec
+Additionally, for protocol version 2 a comma-separated list of MAC
+(message authentication code) algorithms can
+be specified in order of preference.
+See the
+.Cm MACs
+keyword for more information.
 .It Fl n
 Redirects stdin from
 .Pa /dev/null
@@ -814,6 +822,18 @@ Gives the verbosity level that is used when logging messages from
 The possible values are:
 QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
 The default is INFO.
+.It Cm MACs
+Specifies the MAC (message authentication code) algorithms 
+in order of preference.
+The MAC algorithm is used in protocol version 2
+for data integrity protection.
+Multiple algorithms must be comma-separated.
+The default is
+.Pp
+.Bd -literal
+  ``hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,
+    hmac-sha1-96,hmac-md5-96''
+.Ed
 .It Cm NumberOfPasswordPrompts
 Specifies the number of password prompts before giving up.
 The argument to this keyword must be an integer.
diff --git a/ssh.c b/ssh.c
index 4ca1e7bf8..1b022402d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.94 2001/02/10 01:46:28 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.95 2001/02/11 12:59:25 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -65,6 +65,8 @@ RCSID("$OpenBSD: ssh.c,v 1.94 2001/02/10 01:46:28 markus Exp $");
 #include "tildexpand.h"
 #include "dispatch.h"
 #include "misc.h"
+#include "kex.h"
+#include "mac.h"
 
 #ifdef HAVE___PROGNAME
 extern char *__progname;
@@ -305,7 +307,7 @@ main(int ac, char **av)
                 opt = av[optind][1];
                 if (!opt)
                         usage();
-                if (strchr("eilcpLRo", opt)) {  /* options with arguments */
+                if (strchr("eilcmpLRo", opt)) { /* options with arguments */
                         optarg = av[optind] + 2;
                         if (strcmp(optarg, "") == 0) {
                                 if (optind >= ac - 1)
@@ -434,6 +436,14 @@ main(int ac, char **av)
                                 }
                         }
                         break;
+                case 'm':
+                        if (mac_valid(optarg))
+                                options.macs = xstrdup(optarg);
+                        else {
+                                fprintf(stderr, "Unknown mac type '%s'\n", optarg);
+                                exit(1);
+                        }
+                        break;
                 case 'p':
                         options.port = atoi(optarg);
                         break;
diff --git a/sshconnect2.c b/sshconnect2.c
index 031f719ba..9681ca2d4 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.46 2001/02/10 12:09:21 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -84,12 +84,16 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
                 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
         }
         if (options.compression) {
-                myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
+                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
                 myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
         } else {
-                myproposal[PROPOSAL_COMP_ALGS_CTOS] = "none";
+                myproposal[PROPOSAL_COMP_ALGS_CTOS] =
                 myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
         }
+        if (options.macs != NULL) {
+                myproposal[PROPOSAL_MAC_ALGS_CTOS] =
+                myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
+        }
 
         /* buffers with raw kexinit messages */
         server_kexinit = xmalloc(sizeof(*server_kexinit));
diff --git a/sshd.8 b/sshd.8
index 5bf0b3a6e..1b1e9645c 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.92 2001/02/09 23:38:11 deraadt Exp $
+.\" $OpenBSD: sshd.8,v 1.93 2001/02/11 12:59:25 markus Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -501,6 +501,17 @@ QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
 The default is INFO.
 Logging with level DEBUG violates the privacy of users
 and is not recommended.
+.It Cm MACs
+Specifies the available MAC (message authentication code) algorithms.
+The MAC algorithm is used in protocol version 2
+for data integrity protection.
+Multiple algorithms must be comma-separated.
+The default is
+.Pp
+.Bd -literal
+  ``hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,
+    hmac-sha1-96,hmac-md5-96''
+.Ed
 .It Cm MaxStartups
 Specifies the maximum number of concurrent unauthenticated connections to the
 .Nm
diff --git a/sshd.c b/sshd.c
index 88ce79028..dd8f6d83d 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.165 2001/02/08 19:30:53 itojun Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.166 2001/02/11 12:59:25 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1412,6 +1412,10 @@ do_ssh2_kex(void)
                 myproposal[PROPOSAL_ENC_ALGS_CTOS] =
                 myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
         }
+        if (options.macs != NULL) {
+                myproposal[PROPOSAL_MAC_ALGS_CTOS] =
+                myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
+        }
         myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
 
         server_kexinit = kex_init(myproposal);