From 76745bed426e9df44bd9ddcc7c5d7d5c29b538b5 Mon Sep 17 00:00:00 2001 From: djm Date: Sun, 30 Apr 2017 23:15:04 +0000 Subject: [PATCH] remove SSHv1 ciphers; ok markus@ --- usr.bin/ssh/cipher-3des1.c | 153 -------------------------- usr.bin/ssh/cipher-bf1.c | 76 ------------- usr.bin/ssh/cipher.c | 217 +++++++++++-------------------------- usr.bin/ssh/cipher.h | 25 +---- usr.bin/ssh/readconf.c | 25 +---- usr.bin/ssh/readconf.h | 3 +- usr.bin/ssh/ssh.c | 21 +--- usr.bin/ssh/sshkey.c | 8 +- 8 files changed, 75 insertions(+), 453 deletions(-) delete mode 100644 usr.bin/ssh/cipher-3des1.c delete mode 100644 usr.bin/ssh/cipher-bf1.c diff --git a/usr.bin/ssh/cipher-3des1.c b/usr.bin/ssh/cipher-3des1.c deleted file mode 100644 index a93a3458e0a..00000000000 --- a/usr.bin/ssh/cipher-3des1.c +++ /dev/null @@ -1,153 +0,0 @@ -/* $OpenBSD: cipher-3des1.c,v 1.12 2015/01/14 10:24:42 markus Exp $ */ -/* - * Copyright (c) 2003 Markus Friedl. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include - -#include "ssherr.h" - -/* - * This is used by SSH1: - * - * What kind of triple DES are these 2 routines? - * - * Why is there a redundant initialization vector? - * - * If only iv3 was used, then, this would till effect have been - * outer-cbc. However, there is also a private iv1 == iv2 which - * perhaps makes differential analysis easier. On the other hand, the - * private iv1 probably makes the CRC-32 attack ineffective. This is a - * result of that there is no longer any known iv1 to use when - * choosing the X block. - */ -struct ssh1_3des_ctx -{ - EVP_CIPHER_CTX k1, k2, k3; -}; - -const EVP_CIPHER * evp_ssh1_3des(void); -int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); - -static int -ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, - int enc) -{ - struct ssh1_3des_ctx *c; - u_char *k1, *k2, *k3; - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) { - if ((c = calloc(1, sizeof(*c))) == NULL) - return 0; - EVP_CIPHER_CTX_set_app_data(ctx, c); - } - if (key == NULL) - return 1; - if (enc == -1) - enc = ctx->encrypt; - k1 = k2 = k3 = (u_char *) key; - k2 += 8; - if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) { - if (enc) - k3 += 16; - else - k1 += 16; - } - EVP_CIPHER_CTX_init(&c->k1); - EVP_CIPHER_CTX_init(&c->k2); - EVP_CIPHER_CTX_init(&c->k3); - if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || - EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || - EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { - explicit_bzero(c, sizeof(*c)); - free(c); - EVP_CIPHER_CTX_set_app_data(ctx, NULL); - return 0; - } - return 1; -} - -static int -ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) -{ - struct ssh1_3des_ctx *c; - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) - return 0; - if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 || - EVP_Cipher(&c->k2, dest, dest, len) == 0 || - EVP_Cipher(&c->k3, dest, dest, len) == 0) - return 0; - return 1; -} - -static int -ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) -{ - struct ssh1_3des_ctx *c; - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { - EVP_CIPHER_CTX_cleanup(&c->k1); - EVP_CIPHER_CTX_cleanup(&c->k2); - EVP_CIPHER_CTX_cleanup(&c->k3); - explicit_bzero(c, sizeof(*c)); - free(c); - EVP_CIPHER_CTX_set_app_data(ctx, NULL); - } - return 1; -} - -int -ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len) -{ - struct ssh1_3des_ctx *c; - - if (len != 24) - return SSH_ERR_INVALID_ARGUMENT; - if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) - return SSH_ERR_INTERNAL_ERROR; - if (doset) { - memcpy(c->k1.iv, iv, 8); - memcpy(c->k2.iv, iv + 8, 8); - memcpy(c->k3.iv, iv + 16, 8); - } else { - memcpy(iv, c->k1.iv, 8); - memcpy(iv + 8, c->k2.iv, 8); - memcpy(iv + 16, c->k3.iv, 8); - } - return 0; -} - -const EVP_CIPHER * -evp_ssh1_3des(void) -{ - static EVP_CIPHER ssh1_3des; - - memset(&ssh1_3des, 0, sizeof(ssh1_3des)); - ssh1_3des.nid = NID_undef; - ssh1_3des.block_size = 8; - ssh1_3des.iv_len = 0; - ssh1_3des.key_len = 16; - ssh1_3des.init = ssh1_3des_init; - ssh1_3des.cleanup = ssh1_3des_cleanup; - ssh1_3des.do_cipher = ssh1_3des_cbc; - ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; - return &ssh1_3des; -} diff --git a/usr.bin/ssh/cipher-bf1.c b/usr.bin/ssh/cipher-bf1.c deleted file mode 100644 index 436586189b0..00000000000 --- a/usr.bin/ssh/cipher-bf1.c +++ /dev/null @@ -1,76 +0,0 @@ -/* $OpenBSD: cipher-bf1.c,v 1.7 2015/01/14 10:24:42 markus Exp $ */ -/* - * Copyright (c) 2003 Markus Friedl. All rights reserved. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include - -/* - * SSH1 uses a variation on Blowfish, all bytes must be swapped before - * and after encryption/decryption. Thus the swap_bytes stuff (yuk). - */ - -const EVP_CIPHER * evp_ssh1_bf(void); - -static void -swap_bytes(const u_char *src, u_char *dst, int n) -{ - u_char c[4]; - - /* Process 4 bytes every lap. */ - for (n = n / 4; n > 0; n--) { - c[3] = *src++; - c[2] = *src++; - c[1] = *src++; - c[0] = *src++; - - *dst++ = c[0]; - *dst++ = c[1]; - *dst++ = c[2]; - *dst++ = c[3]; - } -} - -static int (*orig_bf)(EVP_CIPHER_CTX *, u_char *, - const u_char *, size_t) = NULL; - -static int -bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, size_t len) -{ - int ret; - - swap_bytes(in, out, len); - ret = (*orig_bf)(ctx, out, out, len); - swap_bytes(out, out, len); - return (ret); -} - -const EVP_CIPHER * -evp_ssh1_bf(void) -{ - static EVP_CIPHER ssh1_bf; - - memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); - orig_bf = ssh1_bf.do_cipher; - ssh1_bf.nid = NID_undef; - ssh1_bf.do_cipher = bf_ssh1_cipher; - ssh1_bf.key_len = 32; - return (&ssh1_bf); -} diff --git a/usr.bin/ssh/cipher.c b/usr.bin/ssh/cipher.c index eac7732a1ae..c1d628c9812 100644 --- a/usr.bin/ssh/cipher.c +++ b/usr.bin/ssh/cipher.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.c,v 1.103 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: cipher.c,v 1.104 2017/04/30 23:15:04 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -59,7 +59,6 @@ struct sshcipher_ctx { struct sshcipher { char *name; - int number; /* for ssh1 only */ u_int block_size; u_int key_len; u_int iv_len; /* defaults to block_size */ @@ -70,6 +69,7 @@ struct sshcipher { #define CFLAG_CHACHAPOLY (1<<1) #define CFLAG_AESCTR (1<<2) #define CFLAG_NONE (1<<3) +#define CFLAG_INTERNAL CFLAG_NONE /* Don't use "none" for packets */ #ifdef WITH_OPENSSL const EVP_CIPHER *(*evptype)(void); #else @@ -79,37 +79,34 @@ struct sshcipher { static const struct sshcipher ciphers[] = { #ifdef WITH_OPENSSL - { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, - { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, - { "blowfish-cbc", - SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, - { "cast128-cbc", - SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, - { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, - { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, - { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, - { "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, - { "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, - { "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, + { "3des-cbc", 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, + { "blowfish-cbc", 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, + { "cast128-cbc", 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, + { "arcfour", 8, 16, 0, 0, 0, 0, EVP_rc4 }, + { "arcfour128", 8, 16, 0, 0, 1536, 0, EVP_rc4 }, + { "arcfour256", 8, 32, 0, 0, 1536, 0, EVP_rc4 }, + { "aes128-cbc", 16, 16, 0, 0, 0, 1, EVP_aes_128_cbc }, + { "aes192-cbc", 16, 24, 0, 0, 0, 1, EVP_aes_192_cbc }, + { "aes256-cbc", 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, { "rijndael-cbc@lysator.liu.se", - SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr }, + 16, 32, 0, 0, 0, 1, EVP_aes_256_cbc }, + { "aes128-ctr", 16, 16, 0, 0, 0, 0, EVP_aes_128_ctr }, + { "aes192-ctr", 16, 24, 0, 0, 0, 0, EVP_aes_192_ctr }, + { "aes256-ctr", 16, 32, 0, 0, 0, 0, EVP_aes_256_ctr }, { "aes128-gcm@openssh.com", - SSH_CIPHER_SSH2, 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, + 16, 16, 12, 16, 0, 0, EVP_aes_128_gcm }, { "aes256-gcm@openssh.com", - SSH_CIPHER_SSH2, 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, + 16, 32, 12, 16, 0, 0, EVP_aes_256_gcm }, #else - { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, - { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, - { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, - { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, + { "aes128-ctr", 16, 16, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes192-ctr", 16, 24, 0, 0, 0, CFLAG_AESCTR, NULL }, + { "aes256-ctr", 16, 32, 0, 0, 0, CFLAG_AESCTR, NULL }, #endif { "chacha20-poly1305@openssh.com", - SSH_CIPHER_SSH2, 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, + 8, 64, 0, 16, 0, CFLAG_CHACHAPOLY, NULL }, + { "none", 8, 0, 0, 0, 0, CFLAG_NONE, NULL }, - { NULL, SSH_CIPHER_INVALID, 0, 0, 0, 0, 0, 0, NULL } + { NULL, 0, 0, 0, 0, 0, 0, NULL } }; /*--*/ @@ -123,7 +120,7 @@ cipher_alg_list(char sep, int auth_only) const struct sshcipher *c; for (c = ciphers; c->name != NULL; c++) { - if (c->number != SSH_CIPHER_SSH2) + if ((c->flags & CFLAG_INTERNAL) != 0) continue; if (auth_only && c->auth_len == 0) continue; @@ -178,12 +175,6 @@ cipher_ivlen(const struct sshcipher *c) c->iv_len : c->block_size; } -u_int -cipher_get_number(const struct sshcipher *c) -{ - return (c->number); -} - u_int cipher_is_cbc(const struct sshcipher *c) { @@ -196,24 +187,6 @@ cipher_ctx_is_plaintext(struct sshcipher_ctx *cc) return cc->plaintext; } -u_int -cipher_ctx_get_number(struct sshcipher_ctx *cc) -{ - return cc->cipher->number; -} - -u_int -cipher_mask_ssh1(int client) -{ - u_int mask = 0; - mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ - mask |= 1 << SSH_CIPHER_BLOWFISH; - if (client) { - mask |= 1 << SSH_CIPHER_DES; - } - return mask; -} - const struct sshcipher * cipher_by_name(const char *name) { @@ -224,16 +197,6 @@ cipher_by_name(const char *name) return NULL; } -const struct sshcipher * -cipher_by_number(int id) -{ - const struct sshcipher *c; - for (c = ciphers; c->name != NULL; c++) - if (c->number == id) - return c; - return NULL; -} - #define CIPHER_SEP "," int ciphers_valid(const char *names) @@ -249,7 +212,7 @@ ciphers_valid(const char *names) for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0'; (p = strsep(&cp, CIPHER_SEP))) { c = cipher_by_name(p); - if (c == NULL || c->number != SSH_CIPHER_SSH2) { + if (c == NULL || (c->flags & CFLAG_INTERNAL) != 0) { free(cipher_list); return 0; } @@ -258,38 +221,12 @@ ciphers_valid(const char *names) return 1; } -/* - * Parses the name of the cipher. Returns the number of the corresponding - * cipher, or -1 on error. - */ - -int -cipher_number(const char *name) -{ - const struct sshcipher *c; - if (name == NULL) - return -1; - for (c = ciphers; c->name != NULL; c++) - if (strcasecmp(c->name, name) == 0) - return c->number; - return -1; -} - -char * -cipher_name(int id) -{ - const struct sshcipher *c = cipher_by_number(id); - return (c==NULL) ? "" : c->name; -} - const char * cipher_warning_message(const struct sshcipher_ctx *cc) { if (cc == NULL || cc->cipher == NULL) return NULL; - if (cc->cipher->number == SSH_CIPHER_DES) - return "use of DES is strongly discouraged due to " - "cryptographic weaknesses"; + /* XXX repurpose for CBC warning */ return NULL; } @@ -310,12 +247,7 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, if ((cc = calloc(sizeof(*cc), 1)) == NULL) return SSH_ERR_ALLOC_FAIL; - if (cipher->number == SSH_CIPHER_DES) { - if (keylen > 8) - keylen = 8; - } - - cc->plaintext = (cipher->number == SSH_CIPHER_NONE); + cc->plaintext = 0; /* XXX */ cc->encrypt = do_encrypt; if (keylen < cipher->key_len || @@ -329,6 +261,10 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, ret = chachapoly_init(&cc->cp_ctx, key, keylen); goto out; } + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + ret = 0; + goto out; + } #ifndef WITH_OPENSSL if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { aesctr_keysetup(&cc->ac_ctx, key, 8 * keylen, 8 * ivlen); @@ -336,10 +272,6 @@ cipher_init(struct sshcipher_ctx **ccp, const struct sshcipher *cipher, ret = 0; goto out; } - if ((cc->cipher->flags & CFLAG_NONE) != 0) { - ret = 0; - goto out; - } ret = SSH_ERR_INVALID_ARGUMENT; goto out; #else /* WITH_OPENSSL */ @@ -424,6 +356,10 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, return chachapoly_crypt(&cc->cp_ctx, seqnr, dest, src, len, aadlen, authlen, cc->encrypt); } + if ((cc->cipher->flags & CFLAG_NONE) != 0) { + memcpy(dest, src, aadlen + len); + return 0; + } #ifndef WITH_OPENSSL if ((cc->cipher->flags & CFLAG_AESCTR) != 0) { if (aadlen) @@ -432,10 +368,6 @@ cipher_crypt(struct sshcipher_ctx *cc, u_int seqnr, u_char *dest, dest + aadlen, len); return 0; } - if ((cc->cipher->flags & CFLAG_NONE) != 0) { - memcpy(dest, src, aadlen + len); - return 0; - } return SSH_ERR_INVALID_ARGUMENT; #else if (authlen) { @@ -542,19 +474,16 @@ int cipher_get_keyiv_len(const struct sshcipher_ctx *cc) { const struct sshcipher *c = cc->cipher; - int ivlen = 0; - if (c->number == SSH_CIPHER_3DES) - ivlen = 24; - else if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) - ivlen = 0; - else if ((cc->cipher->flags & CFLAG_AESCTR) != 0) - ivlen = sizeof(cc->ac_ctx.ctr); + if ((c->flags & CFLAG_CHACHAPOLY) != 0) + return 0; + else if ((c->flags & CFLAG_AESCTR) != 0) + return sizeof(cc->ac_ctx.ctr); #ifdef WITH_OPENSSL - else - ivlen = EVP_CIPHER_CTX_iv_length(cc->evp); -#endif /* WITH_OPENSSL */ - return (ivlen); + return EVP_CIPHER_CTX_iv_length(cc->evp); +#else + return 0; +#endif } int @@ -579,29 +508,21 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) if ((cc->cipher->flags & CFLAG_NONE) != 0) return 0; - switch (c->number) { #ifdef WITH_OPENSSL - case SSH_CIPHER_SSH2: - case SSH_CIPHER_DES: - case SSH_CIPHER_BLOWFISH: - evplen = EVP_CIPHER_CTX_iv_length(cc->evp); - if (evplen == 0) - return 0; - else if (evplen < 0) - return SSH_ERR_LIBCRYPTO_ERROR; - if ((u_int)evplen != len) - return SSH_ERR_INVALID_ARGUMENT; - if (cipher_authlen(c)) { - if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, - len, iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else - memcpy(iv, cc->evp->iv, len); - break; -#endif - default: + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); + if (evplen == 0) + return 0; + else if (evplen < 0) + return SSH_ERR_LIBCRYPTO_ERROR; + if ((u_int)evplen != len) return SSH_ERR_INVALID_ARGUMENT; - } + if (cipher_authlen(c)) { + if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN, + len, iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else + memcpy(iv, cc->evp->iv, len); +#endif return 0; } @@ -618,26 +539,18 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) if ((cc->cipher->flags & CFLAG_NONE) != 0) return 0; - switch (c->number) { #ifdef WITH_OPENSSL - case SSH_CIPHER_SSH2: - case SSH_CIPHER_DES: - case SSH_CIPHER_BLOWFISH: - evplen = EVP_CIPHER_CTX_iv_length(cc->evp); - if (evplen <= 0) + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); + if (evplen <= 0) + return SSH_ERR_LIBCRYPTO_ERROR; + if (cipher_authlen(c)) { + /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ + if (!EVP_CIPHER_CTX_ctrl(cc->evp, + EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) return SSH_ERR_LIBCRYPTO_ERROR; - if (cipher_authlen(c)) { - /* XXX iv arg is const, but EVP_CIPHER_CTX_ctrl isn't */ - if (!EVP_CIPHER_CTX_ctrl(cc->evp, - EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else - memcpy(cc->evp->iv, iv, evplen); - break; + } else + memcpy(cc->evp->iv, iv, evplen); #endif - default: - return SSH_ERR_INVALID_ARGUMENT; - } return 0; } diff --git a/usr.bin/ssh/cipher.h b/usr.bin/ssh/cipher.h index f4bca6285fa..312bbc8a0fa 100644 --- a/usr.bin/ssh/cipher.h +++ b/usr.bin/ssh/cipher.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cipher.h,v 1.49 2016/08/03 05:41:57 djm Exp $ */ +/* $OpenBSD: cipher.h,v 1.50 2017/04/30 23:15:04 djm Exp $ */ /* * Author: Tatu Ylonen @@ -42,34 +42,13 @@ #include "cipher-chachapoly.h" #include "cipher-aesctr.h" -/* - * Cipher types for SSH-1. New types can be added, but old types should not - * be removed for compatibility. The maximum allowed value is 31. - */ -#define SSH_CIPHER_SSH2 -3 -#define SSH_CIPHER_INVALID -2 /* No valid cipher selected. */ -#define SSH_CIPHER_NOT_SET -1 /* None selected (invalid number). */ -#define SSH_CIPHER_NONE 0 /* no encryption */ -#define SSH_CIPHER_IDEA 1 /* IDEA CFB */ -#define SSH_CIPHER_DES 2 /* DES CBC */ -#define SSH_CIPHER_3DES 3 /* 3DES CBC */ -#define SSH_CIPHER_BROKEN_TSS 4 /* TRI's Simple Stream encryption CBC */ -#define SSH_CIPHER_BROKEN_RC4 5 /* Alleged RC4 */ -#define SSH_CIPHER_BLOWFISH 6 -#define SSH_CIPHER_RESERVED 7 -#define SSH_CIPHER_MAX 31 - #define CIPHER_ENCRYPT 1 #define CIPHER_DECRYPT 0 struct sshcipher; struct sshcipher_ctx; -u_int cipher_mask_ssh1(int); const struct sshcipher *cipher_by_name(const char *); -const struct sshcipher *cipher_by_number(int); -int cipher_number(const char *); -char *cipher_name(int); const char *cipher_warning_message(const struct sshcipher_ctx *); int ciphers_valid(const char *); char *cipher_alg_list(char, int); @@ -90,9 +69,7 @@ u_int cipher_ivlen(const struct sshcipher *); u_int cipher_is_cbc(const struct sshcipher *); u_int cipher_ctx_is_plaintext(struct sshcipher_ctx *); -u_int cipher_ctx_get_number(struct sshcipher_ctx *); -u_int cipher_get_number(const struct sshcipher *); int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int); int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *); int cipher_get_keyiv_len(const struct sshcipher_ctx *); diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index e690d9321e7..a9bd86c5f67 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.273 2017/04/30 23:11:45 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.274 2017/04/30 23:15:04 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -167,6 +167,7 @@ static struct { } keywords[] = { /* Deprecated options */ { "protocol", oIgnore }, /* NB. silently ignored */ + { "cipher", oDeprecated }, { "fallbacktorsh", oDeprecated }, { "globalknownhostsfile2", oDeprecated }, { "rhostsauthentication", oDeprecated }, @@ -225,7 +226,6 @@ static struct { { "hostkeyalias", oHostKeyAlias }, { "proxycommand", oProxyCommand }, { "port", oPort }, - { "cipher", oCipher }, { "ciphers", oCiphers }, { "macs", oMacs }, { "remoteforward", oRemoteForward }, @@ -1160,19 +1160,6 @@ parse_int: intptr = &options->connection_attempts; goto parse_int; - case oCipher: - intptr = &options->cipher; - arg = strdelim(&s); - if (!arg || *arg == '\0') - fatal("%.200s line %d: Missing argument.", filename, linenum); - value = cipher_number(arg); - if (value == -1) - fatal("%.200s line %d: Bad cipher '%s'.", - filename, linenum, arg ? arg : ""); - if (*activep && *intptr == -1) - *intptr = value; - break; - case oCiphers: arg = strdelim(&s); if (!arg || *arg == '\0') @@ -1796,7 +1783,6 @@ initialize_options(Options * options) options->connection_attempts = -1; options->connection_timeout = -1; options->number_of_password_prompts = -1; - options->cipher = -1; options->ciphers = NULL; options->macs = NULL; options->kex_algorithms = NULL; @@ -1953,9 +1939,6 @@ fill_default_options(Options * options) options->connection_attempts = 1; if (options->number_of_password_prompts == -1) options->number_of_password_prompts = 3; - /* Selected in ssh_login(). */ - if (options->cipher == -1) - options->cipher = SSH_CIPHER_NOT_SET; /* options->hostkeyalgorithms, default set in myproposals.h */ if (options->add_keys_to_agent == -1) options->add_keys_to_agent = 0; @@ -2586,10 +2569,6 @@ dump_client_config(Options *o, const char *host) printf("\n"); } - /* oCipher */ - if (o->cipher != SSH_CIPHER_NOT_SET) - printf("Cipher %s\n", cipher_name(o->cipher)); - /* oControlPersist */ if (o->control_persist == 0 || o->control_persist_timeout == 0) dump_cfg_fmtint(oControlPersist, o->control_persist); diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index f53864854b6..c2ffd9ed420 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.119 2017/04/30 23:11:45 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.120 2017/04/30 23:15:04 djm Exp $ */ /* * Author: Tatu Ylonen @@ -70,7 +70,6 @@ typedef struct { * aborting connection attempt */ int number_of_password_prompts; /* Max number of password * prompts. */ - int cipher; /* Cipher to use. */ char *ciphers; /* SSH2 ciphers in order of preference. */ char *macs; /* SSH2 macs in order of preference. */ char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 94492e9bb03..059ec406fc1 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.455 2017/04/30 23:13:25 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.456 2017/04/30 23:15:04 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -782,27 +782,14 @@ main(int ac, char **av) } break; case 'c': - if (ciphers_valid(*optarg == '+' ? + if (!ciphers_valid(*optarg == '+' ? optarg + 1 : optarg)) { - /* SSH2 only */ - free(options.ciphers); - options.ciphers = xstrdup(optarg); - options.cipher = SSH_CIPHER_INVALID; - break; - } - /* SSH1 only */ - options.cipher = cipher_number(optarg); - if (options.cipher == -1) { fprintf(stderr, "Unknown cipher type '%s'\n", optarg); exit(255); } - if (options.cipher == SSH_CIPHER_3DES) - options.ciphers = xstrdup("3des-cbc"); - else if (options.cipher == SSH_CIPHER_BLOWFISH) - options.ciphers = xstrdup("blowfish-cbc"); - else - options.ciphers = xstrdup(KEX_CLIENT_ENCRYPT); + free(options.ciphers); + options.ciphers = xstrdup(optarg); break; case 'm': if (mac_valid(optarg)) { diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index f30178f4b23..ac35bdd4ad7 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.46 2017/04/30 23:10:43 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.47 2017/04/30 23:15:04 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2921,12 +2921,8 @@ sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob, kdfname = "none"; } else if (ciphername == NULL) ciphername = DEFAULT_CIPHERNAME; - else if (cipher_number(ciphername) != SSH_CIPHER_SSH2) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } if ((cipher = cipher_by_name(ciphername)) == NULL) { - r = SSH_ERR_INTERNAL_ERROR; + r = SSH_ERR_INVALID_ARGUMENT; goto out; } -- 2.20.1