diff options
| -rw-r--r-- | usr.bin/ssh/myproposal.h | 65 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keyscan.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect2.c | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 3 |
4 files changed, 47 insertions, 27 deletions
diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h index aad64f48571..ef60dae5da2 100644 --- a/usr.bin/ssh/myproposal.h +++ b/usr.bin/ssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.37 2014/03/26 17:16:26 deraadt Exp $ */ +/* $OpenBSD: myproposal.h,v 1.38 2014/03/27 23:01:27 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -24,14 +24,16 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#define KEX_DEFAULT_KEX \ +#define KEX_SERVER_KEX \ "curve25519-sha256@libssh.org," \ "ecdh-sha2-nistp256," \ "ecdh-sha2-nistp384," \ "ecdh-sha2-nistp521," \ "diffie-hellman-group-exchange-sha256," \ + "diffie-hellman-group14-sha1" \ + +#define KEX_CLIENT_KEX KEX_SERVER_KEX "," \ "diffie-hellman-group-exchange-sha1," \ - "diffie-hellman-group14-sha1," \ "diffie-hellman-group1-sha1" #define KEX_DEFAULT_PK_ALG \ @@ -50,29 +52,34 @@ "ssh-rsa," \ "ssh-dss" -#define KEX_DEFAULT_ENCRYPT \ +#define KEX_SERVER_ENCRYPT \ "aes128-ctr,aes192-ctr,aes256-ctr," \ - "arcfour256,arcfour128," \ "aes128-gcm@openssh.com,aes256-gcm@openssh.com," \ - "chacha20-poly1305@openssh.com," \ + "chacha20-poly1305@openssh.com" + +#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \ + "arcfour256,arcfour128," \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \ "aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se" -#define KEX_DEFAULT_MAC \ - "hmac-md5-etm@openssh.com," \ - "hmac-sha1-etm@openssh.com," \ + +#define KEX_SERVER_MAC \ "umac-64-etm@openssh.com," \ "umac-128-etm@openssh.com," \ "hmac-sha2-256-etm@openssh.com," \ "hmac-sha2-512-etm@openssh.com," \ + "umac-64@openssh.com," \ + "umac-128@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512" \ + +#define KEX_CLIENT_MAC KEX_SERVER_MAC "," \ + "hmac-md5-etm@openssh.com," \ + "hmac-sha1-etm@openssh.com," \ "hmac-ripemd160-etm@openssh.com," \ "hmac-sha1-96-etm@openssh.com," \ "hmac-md5-96-etm@openssh.com," \ "hmac-md5," \ "hmac-sha1," \ - "umac-64@openssh.com," \ - "umac-128@openssh.com," \ - "hmac-sha2-256," \ - "hmac-sha2-512," \ "hmac-ripemd160," \ "hmac-ripemd160@openssh.com," \ "hmac-sha1-96," \ @@ -81,16 +88,26 @@ #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" #define KEX_DEFAULT_LANG "" +#define KEX_CLIENT \ + KEX_CLIENT_KEX, \ + KEX_DEFAULT_PK_ALG, \ + KEX_CLIENT_ENCRYPT, \ + KEX_CLIENT_ENCRYPT, \ + KEX_CLIENT_MAC, \ + KEX_CLIENT_MAC, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_LANG, \ + KEX_DEFAULT_LANG -static char *myproposal[PROPOSAL_MAX] = { - KEX_DEFAULT_KEX, - KEX_DEFAULT_PK_ALG, - KEX_DEFAULT_ENCRYPT, - KEX_DEFAULT_ENCRYPT, - KEX_DEFAULT_MAC, - KEX_DEFAULT_MAC, - KEX_DEFAULT_COMP, - KEX_DEFAULT_COMP, - KEX_DEFAULT_LANG, +#define KEX_SERVER \ + KEX_SERVER_KEX, \ + KEX_DEFAULT_PK_ALG, \ + KEX_SERVER_ENCRYPT, \ + KEX_SERVER_ENCRYPT, \ + KEX_SERVER_MAC, \ + KEX_SERVER_MAC, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_COMP, \ + KEX_DEFAULT_LANG, \ KEX_DEFAULT_LANG -}; diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index 362b732ddad..61fd5bbd22c 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keyscan.c,v 1.90 2014/03/12 04:44:58 djm Exp $ */ +/* $OpenBSD: ssh-keyscan.c,v 1.91 2014/03/27 23:01:27 markus Exp $ */ /* * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. * @@ -227,6 +227,7 @@ ssh2_capable(int remote_major, int remote_minor) static Key * keygrab_ssh2(con *c) { + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; int j; packet_set_connection(c->c_fd, c->c_fd); diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 23e2f7f5240..4848cd48af8 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.204 2014/02/02 03:44:32 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.205 2014/03/27 23:01:27 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -150,6 +150,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) void ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) { + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; Kex *kex; xxx_host = host; diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index b827c269bf4..9efd1b142c3 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.421 2014/03/26 19:58:37 tedu Exp $ */ +/* $OpenBSD: sshd.c,v 1.422 2014/03/27 23:01:27 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -2266,6 +2266,7 @@ sshd_hostkey_sign(Key *privkey, Key *pubkey, u_char **signature, u_int *slen, static void do_ssh2_kex(void) { + char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; Kex *kex; if (options.ciphers != NULL) { |