5 files changed, 67 insertions, 30 deletions
diff --git a/ChangeLog b/ChangeLog
index a12c4b98e..a26c48967 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -32,6 +32,25 @@
     [scp.1]
     there is no need for rcp anymore
     ok deraadt millert
+   - markus@cvs.openbsd.org 2014/03/25 09:40:03
+     [myproposal.h]
+     trimm default proposals.
+     
+     This commit removes the weaker pre-SHA2 hashes, the broken ciphers
+     (arcfour), and the broken modes (CBC) from the default configuration
+     (the patch only changes the default, all the modes are still available
+     for the config files).
+     
+     ok djm@, reminded by tedu@ & naddy@ and discussed with many
+   - deraadt@cvs.openbsd.org 2014/03/26 17:16:26
+     [myproposal.h]
+     The current sharing of myproposal[] between both client and server code
+     makes the previous diff highly unpallatable.  We want to go in that
+     direction for the server, but not for the client.  Sigh.
+     Brought up by naddy.
+   - markus@cvs.openbsd.org 2014/03/27 23:01:27
+     [myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
+     disable weak proposals in sshd, but keep them in ssh; ok djm@
 20140401
 - (djm) On platforms that support it, use prctl() to prevent sftp-server
diff --git a/myproposal.h b/myproposal.h
index 3a0f5aeab..94d6f7061 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.35 2013/12/06 13:39:49 markus Exp $ */
+/* $OpenBSD: myproposal.h,v 1.38 2014/03/27 23:01:27 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -69,23 +69,22 @@
 #ifdef HAVE_EVP_SHA256
 # define KEX_SHA256_METHODS \
        "diffie-hellman-group-exchange-sha256,"
-#define KEX_CURVE25519_METHODS \
-        "curve25519-sha256@libssh.org,"
 #define SHA2_HMAC_MODES \
        "hmac-sha2-256," \
        "hmac-sha2-512,"
 #else
 # define KEX_SHA256_METHODS
-# define KEX_CURVE25519_METHODS
 # define SHA2_HMAC_MODES
 #endif
-# define KEX_DEFAULT_KEX \
+#define KEX_SERVER_KEX          \
-        KEX_CURVE25519_METHODS \
+        "curve25519-sha256@libssh.org," \
        KEX_ECDH_METHODS \
        KEX_SHA256_METHODS \
+        "diffie-hellman-group14-sha1"
+#define KEX_CLIENT_KEX KEX_SERVER_KEX "," \
        "diffie-hellman-group-exchange-sha1," \
-        "diffie-hellman-group14-sha1," \
        "diffie-hellman-group1-sha1"
 #define KEX_DEFAULT_PK_ALG      \
@@ -102,29 +101,34 @@
 /* the actual algorithms */
-#define KEX_DEFAULT_ENCRYPT \
+#define KEX_SERVER_ENCRYPT \
        "aes128-ctr,aes192-ctr,aes256-ctr," \
-        "arcfour256,arcfour128," \
        AESGCM_CIPHER_MODES \
-        "chacha20-poly1305@openssh.com," \
+        "chacha20-poly1305@openssh.com"
+#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
+        "arcfour256,arcfour128," \
        "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
        "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
-#define KEX_DEFAULT_MAC \
+#define KEX_SERVER_MAC \
-        "hmac-md5-etm@openssh.com," \
-        "hmac-sha1-etm@openssh.com," \
        "umac-64-etm@openssh.com," \
        "umac-128-etm@openssh.com," \
        "hmac-sha2-256-etm@openssh.com," \
        "hmac-sha2-512-etm@openssh.com," \
+        "umac-64@openssh.com," \
+        "umac-128@openssh.com," \
+        "hmac-sha2-256," \
+        "hmac-sha2-512"
+#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
+        "hmac-md5-etm@openssh.com," \
+        "hmac-sha1-etm@openssh.com," \
        "hmac-ripemd160-etm@openssh.com," \
        "hmac-sha1-96-etm@openssh.com," \
        "hmac-md5-96-etm@openssh.com," \
        "hmac-md5," \
        "hmac-sha1," \
-        "umac-64@openssh.com," \
-        "umac-128@openssh.com," \
-        SHA2_HMAC_MODES \
        "hmac-ripemd160," \
        "hmac-ripemd160@openssh.com," \
        "hmac-sha1-96," \
@@ -133,16 +137,27 @@
 #define KEX_DEFAULT_COMP        "none,zlib@openssh.com,zlib"
 #define KEX_DEFAULT_LANG        ""
+#define KEX_CLIENT \
+        KEX_CLIENT_KEX, \
+        KEX_DEFAULT_PK_ALG, \
+        KEX_CLIENT_ENCRYPT, \
+        KEX_CLIENT_ENCRYPT, \
+        KEX_CLIENT_MAC, \
+        KEX_CLIENT_MAC, \
+        KEX_DEFAULT_COMP, \
+        KEX_DEFAULT_COMP, \
+        KEX_DEFAULT_LANG, \
+        KEX_DEFAULT_LANG
-static char *myproposal[PROPOSAL_MAX] = {
+#define KEX_SERVER \
-        KEX_DEFAULT_KEX,
+        KEX_SERVER_KEX, \
-        KEX_DEFAULT_PK_ALG,
+        KEX_DEFAULT_PK_ALG, \
-        KEX_DEFAULT_ENCRYPT,
+        KEX_SERVER_ENCRYPT, \
-        KEX_DEFAULT_ENCRYPT,
+        KEX_SERVER_ENCRYPT, \
-        KEX_DEFAULT_MAC,
+        KEX_SERVER_MAC, \
-        KEX_DEFAULT_MAC,
+        KEX_SERVER_MAC, \
-        KEX_DEFAULT_COMP,
+        KEX_DEFAULT_COMP, \
-        KEX_DEFAULT_COMP,
+        KEX_DEFAULT_COMP, \
-        KEX_DEFAULT_LANG,
+        KEX_DEFAULT_LANG, \
        KEX_DEFAULT_LANG
-};
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 5d77dcfd2..de456364b 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.90 2014/03/12 04:44:58 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.91 2014/03/27 23:01:27 markus Exp $ */
 /*
 * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 *
@@ -242,6 +242,7 @@ ssh2_capable(int remote_major, int remote_minor)
 static Key *
 keygrab_ssh2(con *c)
 {
+        char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
        int j;
        packet_set_connection(c->c_fd, c->c_fd);
diff --git a/sshconnect2.c b/sshconnect2.c
index 7f4ff4189..f123194b0 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.205 2014/03/27 23:01:27 markus Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -156,6 +156,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
 void
 ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
 {
+        char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
        Kex *kex;
        xxx_host = host;
diff --git a/sshd.c b/sshd.c
index 7523de977..045f14941 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.420 2014/02/26 21:53:37 markus Exp $ */
+/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2437,6 +2437,7 @@ sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen,
 static void
 do_ssh2_kex(void)
 {
+        char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
        Kex *kex;
        if (options.ciphers != NULL) {

diff --git a/ChangeLog b/ChangeLog index a12c4b98e..a26c48967 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -32,6 +32,25 @@
32	[scp.1]	32	[scp.1]
33	there is no need for rcp anymore	33	there is no need for rcp anymore
34	ok deraadt millert	34	ok deraadt millert
		35	- markus@cvs.openbsd.org 2014/03/25 09:40:03
		36	[myproposal.h]
		37	trimm default proposals.
		38
		39	This commit removes the weaker pre-SHA2 hashes, the broken ciphers
		40	(arcfour), and the broken modes (CBC) from the default configuration
		41	(the patch only changes the default, all the modes are still available
		42	for the config files).
		43
		44	ok djm@, reminded by tedu@ & naddy@ and discussed with many
		45	- deraadt@cvs.openbsd.org 2014/03/26 17:16:26
		46	[myproposal.h]
		47	The current sharing of myproposal[] between both client and server code
		48	makes the previous diff highly unpallatable. We want to go in that
		49	direction for the server, but not for the client. Sigh.
		50	Brought up by naddy.
		51	- markus@cvs.openbsd.org 2014/03/27 23:01:27
		52	[myproposal.h ssh-keyscan.c sshconnect2.c sshd.c]
		53	disable weak proposals in sshd, but keep them in ssh; ok djm@
35		54
36	20140401	55	20140401
37	- (djm) On platforms that support it, use prctl() to prevent sftp-server	56	- (djm) On platforms that support it, use prctl() to prevent sftp-server


diff --git a/myproposal.h b/myproposal.h index 3a0f5aeab..94d6f7061 100644 --- a/myproposal.h +++ b/myproposal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: myproposal.h,v 1.35 2013/12/06 13:39:49 markus Exp $ */	1	/* $OpenBSD: myproposal.h,v 1.38 2014/03/27 23:01:27 markus Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2000 Markus Friedl. All rights reserved.	4	* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -69,23 +69,22 @@
69	#ifdef HAVE_EVP_SHA256	69	#ifdef HAVE_EVP_SHA256
70	# define KEX_SHA256_METHODS \	70	# define KEX_SHA256_METHODS \
71	"diffie-hellman-group-exchange-sha256,"	71	"diffie-hellman-group-exchange-sha256,"
72	#define KEX_CURVE25519_METHODS \
73	"curve25519-sha256@libssh.org,"
74	#define SHA2_HMAC_MODES \	72	#define SHA2_HMAC_MODES \
75	"hmac-sha2-256," \	73	"hmac-sha2-256," \
76	"hmac-sha2-512,"	74	"hmac-sha2-512,"
77	#else	75	#else
78	# define KEX_SHA256_METHODS	76	# define KEX_SHA256_METHODS
79	# define KEX_CURVE25519_METHODS
80	# define SHA2_HMAC_MODES	77	# define SHA2_HMAC_MODES
81	#endif	78	#endif
82		79
83	# define KEX_DEFAULT_KEX \	80	#define KEX_SERVER_KEX \
84	KEX_CURVE25519_METHODS \	81	"curve25519-sha256@libssh.org," \
85	KEX_ECDH_METHODS \	82	KEX_ECDH_METHODS \
86	KEX_SHA256_METHODS \	83	KEX_SHA256_METHODS \
		84	"diffie-hellman-group14-sha1"
		85
		86	#define KEX_CLIENT_KEX KEX_SERVER_KEX "," \
87	"diffie-hellman-group-exchange-sha1," \	87	"diffie-hellman-group-exchange-sha1," \
88	"diffie-hellman-group14-sha1," \
89	"diffie-hellman-group1-sha1"	88	"diffie-hellman-group1-sha1"
90		89
91	#define KEX_DEFAULT_PK_ALG \	90	#define KEX_DEFAULT_PK_ALG \
@@ -102,29 +101,34 @@
102		101
103	/* the actual algorithms */	102	/* the actual algorithms */
104		103
105	#define KEX_DEFAULT_ENCRYPT \	104	#define KEX_SERVER_ENCRYPT \
106	"aes128-ctr,aes192-ctr,aes256-ctr," \	105	"aes128-ctr,aes192-ctr,aes256-ctr," \
107	"arcfour256,arcfour128," \
108	AESGCM_CIPHER_MODES \	106	AESGCM_CIPHER_MODES \
109	"chacha20-poly1305@openssh.com," \	107	"chacha20-poly1305@openssh.com"
		108
		109	#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
		110	"arcfour256,arcfour128," \
110	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \	111	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
111	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"	112	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
112		113
113	#define KEX_DEFAULT_MAC \	114	#define KEX_SERVER_MAC \
114	"hmac-md5-etm@openssh.com," \
115	"hmac-sha1-etm@openssh.com," \
116	"umac-64-etm@openssh.com," \	115	"umac-64-etm@openssh.com," \
117	"umac-128-etm@openssh.com," \	116	"umac-128-etm@openssh.com," \
118	"hmac-sha2-256-etm@openssh.com," \	117	"hmac-sha2-256-etm@openssh.com," \
119	"hmac-sha2-512-etm@openssh.com," \	118	"hmac-sha2-512-etm@openssh.com," \
		119	"umac-64@openssh.com," \
		120	"umac-128@openssh.com," \
		121	"hmac-sha2-256," \
		122	"hmac-sha2-512"
		123
		124	#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \
		125	"hmac-md5-etm@openssh.com," \
		126	"hmac-sha1-etm@openssh.com," \
120	"hmac-ripemd160-etm@openssh.com," \	127	"hmac-ripemd160-etm@openssh.com," \
121	"hmac-sha1-96-etm@openssh.com," \	128	"hmac-sha1-96-etm@openssh.com," \
122	"hmac-md5-96-etm@openssh.com," \	129	"hmac-md5-96-etm@openssh.com," \
123	"hmac-md5," \	130	"hmac-md5," \
124	"hmac-sha1," \	131	"hmac-sha1," \
125	"umac-64@openssh.com," \
126	"umac-128@openssh.com," \
127	SHA2_HMAC_MODES \
128	"hmac-ripemd160," \	132	"hmac-ripemd160," \
129	"hmac-ripemd160@openssh.com," \	133	"hmac-ripemd160@openssh.com," \
130	"hmac-sha1-96," \	134	"hmac-sha1-96," \
@@ -133,16 +137,27 @@
133	#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"	137	#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
134	#define KEX_DEFAULT_LANG ""	138	#define KEX_DEFAULT_LANG ""
135		139
		140	#define KEX_CLIENT \
		141	KEX_CLIENT_KEX, \
		142	KEX_DEFAULT_PK_ALG, \
		143	KEX_CLIENT_ENCRYPT, \
		144	KEX_CLIENT_ENCRYPT, \
		145	KEX_CLIENT_MAC, \
		146	KEX_CLIENT_MAC, \
		147	KEX_DEFAULT_COMP, \
		148	KEX_DEFAULT_COMP, \
		149	KEX_DEFAULT_LANG, \
		150	KEX_DEFAULT_LANG
136		151
137	static char *myproposal[PROPOSAL_MAX] = {	152	#define KEX_SERVER \
138	KEX_DEFAULT_KEX,	153	KEX_SERVER_KEX, \
139	KEX_DEFAULT_PK_ALG,	154	KEX_DEFAULT_PK_ALG, \
140	KEX_DEFAULT_ENCRYPT,	155	KEX_SERVER_ENCRYPT, \
141	KEX_DEFAULT_ENCRYPT,	156	KEX_SERVER_ENCRYPT, \
142	KEX_DEFAULT_MAC,	157	KEX_SERVER_MAC, \
143	KEX_DEFAULT_MAC,	158	KEX_SERVER_MAC, \
144	KEX_DEFAULT_COMP,	159	KEX_DEFAULT_COMP, \
145	KEX_DEFAULT_COMP,	160	KEX_DEFAULT_COMP, \
146	KEX_DEFAULT_LANG,	161	KEX_DEFAULT_LANG, \
147	KEX_DEFAULT_LANG	162	KEX_DEFAULT_LANG
148	};	163


diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 5d77dcfd2..de456364b 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh-keyscan.c,v 1.90 2014/03/12 04:44:58 djm Exp $ */	1	/* $OpenBSD: ssh-keyscan.c,v 1.91 2014/03/27 23:01:27 markus Exp $ */
2	/*	2	/*
3	* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.	3	* Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4	*	4	*
@@ -242,6 +242,7 @@ ssh2_capable(int remote_major, int remote_minor)
242	static Key *	242	static Key *
243	keygrab_ssh2(con *c)	243	keygrab_ssh2(con *c)
244	{	244	{
		245	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
245	int j;	246	int j;
246		247
247	packet_set_connection(c->c_fd, c->c_fd);	248	packet_set_connection(c->c_fd, c->c_fd);


diff --git a/sshconnect2.c b/sshconnect2.c index 7f4ff4189..f123194b0 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */	1	/* $OpenBSD: sshconnect2.c,v 1.205 2014/03/27 23:01:27 markus Exp $ */
2	/*	2	/*
3	* Copyright (c) 2000 Markus Friedl. All rights reserved.	3	* Copyright (c) 2000 Markus Friedl. All rights reserved.
4	* Copyright (c) 2008 Damien Miller. All rights reserved.	4	* Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -156,6 +156,7 @@ order_hostkeyalgs(char host, struct sockaddr hostaddr, u_short port)
156	void	156	void
157	ssh_kex2(char host, struct sockaddr hostaddr, u_short port)	157	ssh_kex2(char host, struct sockaddr hostaddr, u_short port)
158	{	158	{
		159	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
159	Kex *kex;	160	Kex *kex;
160		161
161	xxx_host = host;	162	xxx_host = host;


diff --git a/sshd.c b/sshd.c index 7523de977..045f14941 100644 --- a/sshd.c +++ b/sshd.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: sshd.c,v 1.420 2014/02/26 21:53:37 markus Exp $ */	1	/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2437,6 +2437,7 @@ sshd_hostkey_sign(Key privkey, Key pubkey, u_char *signature, u_int slen,
2437	static void	2437	static void
2438	do_ssh2_kex(void)	2438	do_ssh2_kex(void)
2439	{	2439	{
		2440	char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
2440	Kex *kex;	2441	Kex *kex;
2441		2442
2442	if (options.ciphers != NULL) {	2443	if (options.ciphers != NULL) {