diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2012-06-28 05:07:46 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2012-06-28 05:07:46 +0000 |
| commit | 37506ca84866a2d113fc1244ba2a52855bbbf11c (patch) | |
| tree | 79ed11d53adddd7ed44943e8ff3d177d86ed5d61 | |
| parent | 8b17b0be4ce3faf2c60fd8a80e8cd1c60901932e (diff) | |
Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
from draft6 of the spec and will not be in the RFC when published. Patch
from mdb at juniper net via bz#2023, ok markus.
| -rw-r--r-- | regress/usr.bin/ssh/cipher-speed.sh | 4 | ||||
| -rw-r--r-- | regress/usr.bin/ssh/try-ciphers.sh | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/mac.c | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/myproposal.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 7 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 7 |
6 files changed, 12 insertions, 18 deletions
diff --git a/regress/usr.bin/ssh/cipher-speed.sh b/regress/usr.bin/ssh/cipher-speed.sh index 1457d60c906..9cc2613d0d6 100644 --- a/regress/usr.bin/ssh/cipher-speed.sh +++ b/regress/usr.bin/ssh/cipher-speed.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cipher-speed.sh,v 1.4 2011/08/02 01:23:41 djm Exp $ +# $OpenBSD: cipher-speed.sh,v 1.5 2012/06/28 05:07:45 dtucker Exp $ # Placed in the Public Domain. tid="cipher speed" @@ -17,7 +17,7 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr" macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96 - hmac-sha2-256 hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96" + hmac-sha2-256 hmac-sha2-512" for c in $ciphers; do for m in $macs; do trace "proto 2 cipher $c mac $m" diff --git a/regress/usr.bin/ssh/try-ciphers.sh b/regress/usr.bin/ssh/try-ciphers.sh index 42d57e32619..558924fced1 100644 --- a/regress/usr.bin/ssh/try-ciphers.sh +++ b/regress/usr.bin/ssh/try-ciphers.sh @@ -1,4 +1,4 @@ -# $OpenBSD: try-ciphers.sh,v 1.12 2011/08/02 01:23:41 djm Exp $ +# $OpenBSD: try-ciphers.sh,v 1.13 2012/06/28 05:07:45 dtucker Exp $ # Placed in the Public Domain. tid="try ciphers" @@ -8,7 +8,7 @@ ciphers="aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se aes128-ctr aes192-ctr aes256-ctr" macs="hmac-sha1 hmac-md5 umac-64@openssh.com hmac-sha1-96 hmac-md5-96 - hmac-sha2-256 hmac-sha2-256-96 hmac-sha2-512 hmac-sha2-512-96" + hmac-sha2-256hmac-sha2-512" for c in $ciphers; do for m in $macs; do diff --git a/usr.bin/ssh/mac.c b/usr.bin/ssh/mac.c index 1fdad8745e8..da4fdbf6318 100644 --- a/usr.bin/ssh/mac.c +++ b/usr.bin/ssh/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.17 2011/12/02 00:43:57 djm Exp $ */ +/* $OpenBSD: mac.c,v 1.18 2012/06/28 05:07:45 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -55,9 +55,7 @@ struct { { "hmac-sha1", SSH_EVP, EVP_sha1, 0, -1, -1 }, { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, { "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, -1, -1 }, - { "hmac-sha2-256-96", SSH_EVP, EVP_sha256, 96, -1, -1 }, { "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, -1, -1 }, - { "hmac-sha2-512-96", SSH_EVP, EVP_sha512, 96, -1, -1 }, { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 }, { "hmac-ripemd160", SSH_EVP, EVP_ripemd160, 0, -1, -1 }, diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h index a49e85398f6..a714358ca45 100644 --- a/usr.bin/ssh/myproposal.h +++ b/usr.bin/ssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.28 2011/08/02 01:22:11 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.29 2012/06/28 05:07:45 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -57,9 +57,7 @@ "hmac-sha1," \ "umac-64@openssh.com," \ "hmac-sha2-256," \ - "hmac-sha2-256-96," \ "hmac-sha2-512," \ - "hmac-sha2-512-96," \ "hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ "hmac-sha1-96," \ diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index c9917d25b65..db7ea5cddd5 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.155 2012/06/18 11:49:58 dtucker Exp $ -.Dd $Mdocdate: June 18 2012 $ +.\" $OpenBSD: ssh_config.5,v 1.156 2012/06/28 05:07:45 dtucker Exp $ +.Dd $Mdocdate: June 28 2012 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -794,8 +794,7 @@ The default is: .Bd -literal -offset indent hmac-md5,hmac-sha1,umac-64@openssh.com, hmac-ripemd160,hmac-sha1-96,hmac-md5-96, -hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512, -hmac-sha2-512-96 +hmac-sha2-256,hmac-sha2-512 .Ed .It Cm NoHostAuthenticationForLocalhost This option can be used if the home directory is shared across machines. diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index d2f857d8191..5656b502086 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.142 2012/06/19 21:35:54 jmc Exp $ -.Dd $Mdocdate: June 19 2012 $ +.\" $OpenBSD: sshd_config.5,v 1.143 2012/06/28 05:07:45 dtucker Exp $ +.Dd $Mdocdate: June 28 2012 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -659,8 +659,7 @@ The default is: .Bd -literal -offset indent hmac-md5,hmac-sha1,umac-64@openssh.com, hmac-ripemd160,hmac-sha1-96,hmac-md5-96, -hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, -hmac-sha2-512-96 +hmac-sha2-256,hmac-sha2-512 .Ed .It Cm Match Introduces a conditional block. |