upstream commit

As promised in last release announcement: remove
support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@

Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222

cipher.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.106 2017/05/04 01:33:21 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.107 2017/05/07 23:12:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -67,7 +67,6 @@ struct sshcipher {
 	u_int	key_len;
 	u_int	iv_len;		/* defaults to block_size */
 	u_int	auth_len;
-	u_int	discard_len;
 	u_int	flags;
 #define CFLAG_CBC		(1<<0)
 #define CFLAG_CHACHAPOLY	(1<<1)
@@ -83,42 +82,31 @@ struct sshcipher {
 
 static const struct sshcipher ciphers[] = {
 #ifdef WITH_OPENSSL
-	{ "3des-cbc",		8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
-# ifndef OPENSSL_NO_BF
-	{ "blowfish-cbc",	8, 16, 0, 0, 0, 1, EVP_bf_cbc },
-# endif /* OPENSSL_NO_BF */
-# ifndef OPENSSL_NO_CAST
-	{ "cast128-cbc",	8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
-# endif /* OPENSSL_NO_CAST */
-# ifndef OPENSSL_NO_RC4
-	{ "arcfour",		8, 16, 0, 0, 0, 0, EVP_rc4 },
-	{ "arcfour128",		8, 16, 0, 0, 1536, 0, EVP_rc4 },
-	{ "arcfour256",		8, 32, 0, 0, 1536, 0, EVP_rc4 },
-# endif /* OPENSSL_NO_RC4 */
-	{ "aes128-cbc",		16, 16, 0, 0, 0, 1, EVP_aes_128_cbc },
-	{ "aes192-cbc",		16, 24, 0, 0, 0, 1, EVP_aes_192_cbc },
-	{ "aes256-cbc",		16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
+	{ "3des-cbc",		8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
+	{ "aes128-cbc",		16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
+	{ "aes192-cbc",		16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
+	{ "aes256-cbc",		16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
 	{ "rijndael-cbc@lysator.liu.se",
-				16, 32, 0, 0, 0, 1, EVP_aes_256_cbc },
-	{ "aes128-ctr",		16, 16, 0, 0, 0, 0, EVP_aes_128_ctr },
-	{ "aes192-ctr",		16, 24, 0, 0, 0, 0, EVP_aes_192_ctr },
-	{ "aes256-ctr",		16, 32, 0, 0, 0, 0, EVP_aes_256_ctr },
+				16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
+	{ "aes128-ctr",		16, 16, 0, 0, 0, EVP_aes_128_ctr },
+	{ "aes192-ctr",		16, 24, 0, 0, 0, EVP_aes_192_ctr },
+	{ "aes256-ctr",		16, 32, 0, 0, 0, EVP_aes_256_ctr },
 # ifdef OPENSSL_HAVE_EVPGCM
 	{ "aes128-gcm@openssh.com",
-				16, 16, 12, 16, 0, 0, EVP_aes_128_gcm },
+				16, 16, 12, 16, 0, EVP_aes_128_gcm },
 	{ "aes256-gcm@openssh.com",
-				16, 32, 12, 16, 0, 0, EVP_aes_256_gcm },
+				16, 32, 12, 16, 0, EVP_aes_256_gcm },
 # endif /* OPENSSL_HAVE_EVPGCM */
 #else
-	{ "aes128-ctr",		16, 16, 0, 0, 0, CFLAG_AESCTR, NULL },
-	{ "aes192-ctr",		16, 24, 0, 0, 0, CFLAG_AESCTR, NULL },
-	{ "aes256-ctr",		16, 32, 0, 0, 0, CFLAG_AESCTR, NULL },
+	{ "aes128-ctr",		16, 16, 0, 0, CFLAG_AESCTR, NULL },
+	{ "aes192-ctr",		16, 24, 0, 0, CFLAG_AESCTR, NULL },
+	{ "aes256-ctr",		16, 32, 0, 0, CFLAG_AESCTR, NULL },
 #endif
 	{ "chacha20-poly1305@openssh.com",
-				8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL },
-	{ "none",		8, 0, 0, 0, 0, CFLAG_NONE, NULL },
+				8, 64, 0, 16, CFLAG_CHACHAPOLY, NULL },
+	{ "none",		8, 0, 0, 0, CFLAG_NONE, NULL },
 
-	{ NULL,			0, 0, 0, 0, 0, 0, NULL }
+	{ NULL,			0, 0, 0, 0, 0, NULL }
 };
 
 /*--*/
@@ -252,7 +240,6 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
 #ifdef WITH_OPENSSL
 	const EVP_CIPHER *type;
 	int klen;
-	u_char *junk, *discard;
 #endif
 
 	*ccp = NULL;
@@ -314,23 +301,6 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher,
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
-
-	if (cipher->discard_len > 0) {
-		if ((junk = malloc(cipher->discard_len)) == NULL ||
-		    (discard = malloc(cipher->discard_len)) == NULL) {
-			free(junk);
-			ret = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		ret = EVP_Cipher(cc->evp, discard, junk, cipher->discard_len);
-		explicit_bzero(discard, cipher->discard_len);
-		free(junk);
-		free(discard);
-		if (ret != 1) {
-			ret = SSH_ERR_LIBCRYPTO_ERROR;
-			goto out;
-		}
-	}
 	ret = 0;
 #endif /* WITH_OPENSSL */
  out:

cipher.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.51 2017/05/04 01:33:21 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.52 2017/05/07 23:12:57 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -71,7 +71,5 @@ u_int	 cipher_ctx_is_plaintext(struct sshcipher_ctx *);
 int	 cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int);
 int	 cipher_set_keyiv(struct sshcipher_ctx *, const u_char *);
 int	 cipher_get_keyiv_len(const struct sshcipher_ctx *);
-int	 cipher_get_keycontext(const struct sshcipher_ctx *, u_char *);
-void	 cipher_set_keycontext(struct sshcipher_ctx *, const u_char *);
 
 #endif				/* CIPHER_H */

packet.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.253 2017/05/03 21:08:09 naddy Exp $ */
+/* $OpenBSD: packet.c,v 1.254 2017/05/07 23:12:57 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -884,7 +884,7 @@ ssh_set_newkeys(struct ssh *ssh, int mode)
 	}
 	/*
 	 * The 2^(blocksize*2) limit is too expensive for 3DES,
-	 * blowfish, etc, so enforce a 1GB limit for small blocksizes.
+	 * so enforce a 1GB limit for small blocksizes.
 	 */
 	if (enc->block_size >= 16)
 		*max_blocks = (u_int64_t)1 << (enc->block_size*2);
@@ -2223,8 +2223,6 @@ int
 ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
 {
 	struct session_state *state = ssh->state;
-	u_char *p;
-	size_t slen, rlen;
 	int r;
 
 	if ((r = kex_to_blob(m, ssh->kex)) != 0 ||
@@ -2242,22 +2240,6 @@ ssh_packet_get_state(struct ssh *ssh, struct sshbuf *m)
 	    (r = sshbuf_put_u64(m, state->p_read.bytes)) != 0)
 		return r;
 
-	slen = cipher_get_keycontext(state->send_context, NULL);
-	rlen = cipher_get_keycontext(state->receive_context, NULL);
-	if ((r = sshbuf_put_u32(m, slen)) != 0 ||
-	    (r = sshbuf_reserve(m, slen, &p)) != 0)
-		return r;
-	if (cipher_get_keycontext(state->send_context, p) != (int)slen)
-		return SSH_ERR_INTERNAL_ERROR;
-	if ((r = sshbuf_put_u32(m, rlen)) != 0 ||
-	    (r = sshbuf_reserve(m, rlen, &p)) != 0)
-		return r;
-	if (cipher_get_keycontext(state->receive_context, p) != (int)rlen)
-		return SSH_ERR_INTERNAL_ERROR;
-	if ((r = sshbuf_put_stringb(m, state->input)) != 0 ||
-	    (r = sshbuf_put_stringb(m, state->output)) != 0)
-		return r;
-
 	return 0;
 }
 
@@ -2379,8 +2361,8 @@ int
 ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
 {
 	struct session_state *state = ssh->state;
-	const u_char *keyin, *keyout, *input, *output;
-	size_t rlen, slen, ilen, olen;
+	const u_char *input, *output;
+	size_t ilen, olen;
 	int r;
 
 	if ((r = kex_from_blob(m, &ssh->kex)) != 0 ||
@@ -2407,15 +2389,6 @@ ssh_packet_set_state(struct ssh *ssh, struct sshbuf *m)
 	    (r = ssh_set_newkeys(ssh, MODE_OUT)) != 0)
 		return r;
 
-	if ((r = sshbuf_get_string_direct(m, &keyout, &slen)) != 0 ||
-	    (r = sshbuf_get_string_direct(m, &keyin, &rlen)) != 0)
-		return r;
-	if (cipher_get_keycontext(state->send_context, NULL) != (int)slen ||
-	    cipher_get_keycontext(state->receive_context, NULL) != (int)rlen)
-		return SSH_ERR_INVALID_FORMAT;
-	cipher_set_keycontext(state->send_context, keyout);
-	cipher_set_keycontext(state->receive_context, keyin);
-
 	if ((r = ssh_packet_set_postauth(ssh)) != 0)
 		return r;
 

ssh_config

@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh_config,v 1.32 2017/05/03 10:01:44 jmc Exp $
+#	$OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -35,8 +35,8 @@
 #   IdentityFile ~/.ssh/id_ed25519
 #   Port 22
 #   Protocol 2
-#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
-#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
+#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
+#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
 #   EscapeChar ~
 #   Tunnel no
 #   TunnelDevice any:any

ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.247 2017/05/03 21:49:18 naddy Exp $
-.Dd $Mdocdate: May 3 2017 $
+.\" $OpenBSD: ssh_config.5,v 1.248 2017/05/07 23:12:57 djm Exp $
+.Dd $Mdocdate: May 7 2017 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -414,11 +414,6 @@ aes192-ctr
 aes256-ctr
 aes128-gcm@openssh.com
 aes256-gcm@openssh.com
-arcfour
-arcfour128
-arcfour256
-blowfish-cbc
-cast128-cbc
 chacha20-poly1305@openssh.com
 .Ed
 .Pp

sshd.8

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.288 2017/01/30 23:27:39 dtucker Exp $
-.Dd $Mdocdate: January 30 2017 $
+.\" $OpenBSD: sshd.8,v 1.289 2017/05/07 23:12:57 djm Exp $
+.Dd $Mdocdate: May 7 2017 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -260,7 +260,7 @@ The client selects the encryption algorithm
 to use from those offered by the server.
 Additionally, session integrity is provided
 through a cryptographic message authentication code
-(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160,
+(hmac-md5, hmac-sha1, umac-64, umac-128,
 hmac-sha2-256 or hmac-sha2-512).
 .Pp
 Finally, the server and the client enter an authentication dialog.

sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.243 2017/03/14 07:19:07 djm Exp $
-.Dd $Mdocdate: March 14 2017 $
+.\" $OpenBSD: sshd_config.5,v 1.244 2017/05/07 23:12:57 djm Exp $
+.Dd $Mdocdate: May 7 2017 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -464,16 +464,6 @@ aes128-gcm@openssh.com
 .It
 aes256-gcm@openssh.com
 .It
-arcfour
-.It
-arcfour128
-.It
-arcfour256
-.It
-blowfish-cbc
-.It
-cast128-cbc
-.It
 chacha20-poly1305@openssh.com
 .El
 .Pp
@@ -962,8 +952,6 @@ hmac-md5
 .It
 hmac-md5-96
 .It
-hmac-ripemd160
-.It
 hmac-sha1
 .It
 hmac-sha1-96
@@ -980,8 +968,6 @@ hmac-md5-etm@openssh.com
 .It
 hmac-md5-96-etm@openssh.com
 .It
-hmac-ripemd160-etm@openssh.com
-.It
 hmac-sha1-etm@openssh.com
 .It
 hmac-sha1-96-etm@openssh.com