upstream commit

As promised in last release announcement: remove
support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@

Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222

7 files changed, 32 insertions, 110 deletions

diff --git a/cipher.c b/cipher.c
index 9e26b96b8..c3cd5dcf4 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.106 2017/05/04 01:33:21 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.107 2017/05/07 23:12:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -67,7 +67,6 @@ struct sshcipher {
         u_int   key_len;
         u_int   iv_len;         /* defaults to block_size */
         u_int   auth_len;
-        u_int   discard_len;
         u_int   flags;
 #define CFLAG_CBC               (1<<0)
 #define CFLAG_CHACHAPOLY        (1<<1)
@@ -83,42 +82,31 @@ struct sshcipher {
 
 static const struct sshcipher ciphers[] = {
 #ifdef WITH_OPENSSL
-        { "3des-cbc",           8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
-# ifndef OPENSSL_NO_BF
-        { "blowfish-cbc",       8, 16, 0, 0, 0, 1, EVP_bf_cbc },
-# endif /* OPENSSL_NO_BF */
-# ifndef OPENSSL_NO_CAST
-        { "cast128-cbc",        8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
-# endif /* OPENSSL_NO_CAST */
-# ifndef OPENSSL_NO_RC4
-        { "arcfour",            8, 16, 0, 0, 0, 0, EVP_rc4 },
-        { "arcfour128",         8, 16, 0, 0, 1536, 0, EVP_rc4 },
-        { "arcfour256",         8, 32, 0, 0, 1536, 0, EVP_rc4 },
-# endif /* OPENSSL_NO_RC4 */
-        { "aes128-cbc",         16, 16, 0, 0, 0, 1, EVP_aes_128_cbc },
-        { "aes192-cbc",         16, 24, 0, 0, 0, 1, EVP_aes_192_cbc },
-        { "aes256-cbc",         16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
+        { "3des-cbc",           8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
+        { "aes128-cbc",         16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
+        { "aes192-cbc",         16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
+        { "aes256-cbc",         16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
         { "rijndael-cbc@lysator.liu.se",
-                                16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
-        { "aes128-ctr",         16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
-        { "aes192-ctr",         16, 24, 0, 0, 0, 0, EVP_aes_192_ctr },
-        { "aes256-ctr",         16, 32, 0, 0, 0, 0, EVP_aes_256_ctr },
+                                16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
+        { "aes128-ctr",         16, 16, 0, 0, 0, EVP_aes_128_ctr },
+        { "aes192-ctr",         16, 24, 0, 0, 0, EVP_aes_192_ctr },
+        { "aes256-ctr",         16, 32, 0, 0, 0, EVP_aes_256_ctr },
 # ifdef OPENSSL_HAVE_EVPGCM
         { "aes128-gcm@openssh.com",
-                                16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
+                                16, 16, 12, 16, 0, EVP_aes_128_gcm },
         { "aes256-gcm@openssh.com",
-                                16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
+                                16, 32, 12, 16, 0, EVP_aes_256_gcm },
 # endif /* OPENSSL_HAVE_EVPGCM */
 #else
-        { "aes128-ctr",         16, 16, 0, 0, 0, CFLAG_AESCTR, NULL },
-        { "aes192-ctr",         16, 24, 0, 0, 0, CFLAG_AESCTR, NULL },
-        { "aes256-ctr",         16, 32, 0, 0, 0, CFLAG_AESCTR, NULL },
+        { "aes128-ctr",         16, 16, 0, 0, CFLAG_AESCTR, NULL },
+        { "aes192-ctr",         16, 24, 0, 0, CFLAG_AESCTR, NULL },
+        { "aes256-ctr",         16, 32, 0, 0, CFLAG_AESCTR, NULL },
 #endif
         { "chacha20-poly1305@openssh.com",
-                                8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL },
-        { "none",               8, 0, 0, 0, 0, CFLAG_NONE, NULL },
+                                8, 64, 0, 16, CFLAG_CHACHAPOLY, NULL },
+        { "none",               8, 0, 0, 0, CFLAG_NONE, NULL },
 
-        { NULL,                 0, 0, 0, 0, 0, 0, NULL }
+        { NULL,                 0, 0, 0, 0, 0, NULL }
 };
 
 /*--*/
@@ -252,7 +240,6 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
 #ifdef WITH_OPENSSL
         const EVP_CIPHER *type;
         int klen;
-        u_char *junk, *discard;
 #endif
 
         *ccp = NULL;
@@ -314,23 +301,6 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
                 ret = SSH_ERR_LIBCRYPTO_ERROR;
                 goto out;
         }
-
-        if (cipher->discard_len > 0) {
-                if ((junk = malloc(cipher->discard_len)) == NULL ||
-                    (discard = malloc(cipher->discard_len)) == NULL) {
-                        free(junk);
-                        ret = SSH_ERR_ALLOC_FAIL;
-                        goto out;
-                }
-                ret = EVP_Cipher(cc->evp, discard, junk, cipher->discard_len);
-                explicit_bzero(discard, cipher->discard_len);
-                free(junk);
-                free(discard);
-                if (ret != 1) {
-                        ret = SSH_ERR_LIBCRYPTO_ERROR;
-                        goto out;
-                }
-        }
         ret = 0;
 #endif /* WITH_OPENSSL */
  out:
diff --git a/cipher.h b/cipher.h
index f9ac151f7..dc7ecf113 100644
--- a/cipher.h
+++ b/cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.51 2017/05/04 01:33:21 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.52 2017/05/07 23:12:57 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -71,7 +71,5 @@ u_int	 cipher_ctx_is_plaintext(struct sshcipher_ctx *);
 int      cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int);
 int      cipher_set_keyiv(struct sshcipher_ctx *, const u_char *);
 int      cipher_get_keyiv_len(const struct sshcipher_ctx *);
-int      cipher_get_keycontext(const struct sshcipher_ctx *, u_char *);
-void     cipher_set_keycontext(struct sshcipher_ctx *, const u_char *);
 
 #endif                          /* CIPHER_H */
diff --git a/packet.c b/packet.c
index 533bd1e61..ec0eb0cd3 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.253 2017/05/03 21:08:09 naddy Exp $ */
+/* $OpenBSD: packet.c,v 1.254 2017/05/07 23:12:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -884,7 +884,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
         }
         /*
          * The 2^(blocksize*2) limit is too expensive for 3DES,
-         * blowfish, etc, so enforce a 1GB limit for small blocksizes.
+         * so enforce a 1GB limit for small blocksizes.
          */
         if (enc->block_size >= 16)
                 *max_blocks = (u_int64_t)1 << (enc->block_size*2);
@@ -2223,8 +2223,6 @@ int
 ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
 {
         struct session_state *state = ssh->state;
-        u_char *p;
-        size_t slen, rlen;
         int r;
 
         if ((r = kex_to_blob(m, ssh->kex)) != 0 ||
@@ -2242,22 +2240,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
             (r = sshbuf_put_u64(m, state->p_read.bytes)) != 0)
                 return r;
 
-        slen = cipher_get_keycontext(state->send_context, NULL);
-        rlen = cipher_get_keycontext(state->receive_context, NULL);
-        if ((r = sshbuf_put_u32(m, slen)) != 0 ||
-            (r = sshbuf_reserve(m, slen, &p)) != 0)
-                return r;
-        if (cipher_get_keycontext(state->send_context, p) != (int)slen)
-                return SSH_ERR_INTERNAL_ERROR;
-        if ((r = sshbuf_put_u32(m, rlen)) != 0 ||
-            (r = sshbuf_reserve(m, rlen, &p)) != 0)
-                return r;
-        if (cipher_get_keycontext(state->receive_context, p) != (int)rlen)
-                return SSH_ERR_INTERNAL_ERROR;
-        if ((r = sshbuf_put_stringb(m, state->input)) != 0 ||
-            (r = sshbuf_put_stringb(m, state->output)) != 0)
-                return r;
-
         return 0;
 }
 
@@ -2379,8 +2361,8 @@ int
 ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
 {
         struct session_state *state = ssh->state;
-        const u_char *keyin, *keyout, *input, *output;
-        size_t rlen, slen, ilen, olen;
+        const u_char *input, *output;
+        size_t ilen, olen;
         int r;
 
         if ((r = kex_from_blob(m, &ssh->kex)) != 0 ||
@@ -2407,15 +2389,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
             (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0)
                 return r;
 
-        if ((r = sshbuf_get_string_direct(m, &keyout, &slen)) != 0 ||
-            (r = sshbuf_get_string_direct(m, &keyin, &rlen)) != 0)
-                return r;
-        if (cipher_get_keycontext(state->send_context, NULL) != (int)slen ||
-            cipher_get_keycontext(state->receive_context, NULL) != (int)rlen)
-                return SSH_ERR_INVALID_FORMAT;
-        cipher_set_keycontext(state->send_context, keyout);
-        cipher_set_keycontext(state->receive_context, keyin);
-
         if ((r = ssh_packet_set_postauth(ssh)) != 0)
                 return r;
 
diff --git a/ssh_config b/ssh_config
index 515513c3b..c12f5ef52 100644
--- a/ssh_config
+++ b/ssh_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: ssh_config,v 1.32 2017/05/03 10:01:44 jmc Exp $
+#       $OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -35,8 +35,8 @@
 #   IdentityFile ~/.ssh/id_ed25519
 #   Port 22
 #   Protocol 2
-#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
-#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
 #   EscapeChar ~
 #   Tunnel no
 #   TunnelDevice any:any
diff --git a/ssh_config.5 b/ssh_config.5
index 68fd028e5..db37b92cd 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.247 2017/05/03 21:49:18 naddy Exp $
-.Dd $Mdocdate: May 3 2017 $
+.\" $OpenBSD: ssh_config.5,v 1.248 2017/05/07 23:12:57 djm Exp $
+.Dd $Mdocdate: May 7 2017 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -414,11 +414,6 @@ aes192-ctr
 aes256-ctr
 aes128-gcm@openssh.com
 aes256-gcm@openssh.com
-arcfour
-arcfour128
-arcfour256
-blowfish-cbc
-cast128-cbc
 chacha20-poly1305@openssh.com
 .Ed
 .Pp
diff --git a/sshd.8 b/sshd.8
index 7725a692c..05368f947 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.288 2017/01/30 23:27:39 dtucker Exp $
-.Dd $Mdocdate: January 30 2017 $
+.\" $OpenBSD: sshd.8,v 1.289 2017/05/07 23:12:57 djm Exp $
+.Dd $Mdocdate: May 7 2017 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -260,7 +260,7 @@ The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
 through a cryptographic message authentication code
-(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160,
+(hmac-md5, hmac-sha1, umac-64, umac-128,
 hmac-sha2-256 or hmac-sha2-512).
 .Pp
 Finally, the server and the client enter an authentication dialog.
diff --git a/sshd_config.5 b/sshd_config.5
index ac6ccc793..7ccf6fd4e 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $
-.Dd $Mdocdate: March 14 2017 $
+.\" $OpenBSD: sshd_config.5,v 1.244 2017/05/07 23:12:57 djm Exp $
+.Dd $Mdocdate: May 7 2017 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -464,16 +464,6 @@ aes128-gcm@openssh.com
 .It
 aes256-gcm@openssh.com
 .It
-arcfour
-.It
-arcfour128
-.It
-arcfour256
-.It
-blowfish-cbc
-.It
-cast128-cbc
-.It
 chacha20-poly1305@openssh.com
 .El
 .Pp
@@ -962,8 +952,6 @@ hmac-md5
 .It
 hmac-md5-96
 .It
-hmac-ripemd160
-.It
 hmac-sha1
 .It
 hmac-sha1-96
@@ -980,8 +968,6 @@ hmac-md5-etm@openssh.com
 .It
 hmac-md5-96-etm@openssh.com
 .It
-hmac-ripemd160-etm@openssh.com
-.It
 hmac-sha1-etm@openssh.com
 .It
 hmac-sha1-96-etm@openssh.com