From db4f8e86184ef0e8d14a370a5569a52d8ed28551 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 30 Jun 2012 08:34:59 +1000 Subject: [PATCH] - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 [mac.c myproposal.h ssh_config.5 sshd_config.5] Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed from draft6 of the spec and will not be in the RFC when published. Patch from mdb at juniper net via bz#2023, ok markus. --- ChangeLog | 5 +++++ mac.c | 4 +--- myproposal.h | 4 +--- ssh_config.5 | 7 +++---- sshd_config.5 | 7 +++---- 5 files changed, 13 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index f4627f041..5f574f4de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,11 @@ [sandbox-systrace.c] Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation sandbox" since malloc now uses it. From johnw.mail at gmail com. + - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 + [mac.c myproposal.h ssh_config.5 sshd_config.5] + Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed + from draft6 of the spec and will not be in the RFC when published. Patch + from mdb at juniper net via bz#2023, ok markus. 20120628 - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null diff --git a/mac.c b/mac.c index 332d3c621..9b450e4e2 100644 --- a/mac.c +++ b/mac.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mac.c,v 1.17 2011/12/02 00:43:57 djm Exp $ */ +/* $OpenBSD: mac.c,v 1.18 2012/06/28 05:07:45 dtucker Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -61,9 +61,7 @@ struct { { "hmac-sha1-96", SSH_EVP, EVP_sha1, 96, -1, -1 }, #ifdef HAVE_EVP_SHA256 { "hmac-sha2-256", SSH_EVP, EVP_sha256, 0, -1, -1 }, - { "hmac-sha2-256-96", SSH_EVP, EVP_sha256, 96, -1, -1 }, { "hmac-sha2-512", SSH_EVP, EVP_sha512, 0, -1, -1 }, - { "hmac-sha2-512-96", SSH_EVP, EVP_sha512, 96, -1, -1 }, #endif { "hmac-md5", SSH_EVP, EVP_md5, 0, -1, -1 }, { "hmac-md5-96", SSH_EVP, EVP_md5, 96, -1, -1 }, diff --git a/myproposal.h b/myproposal.h index 0bc1c778c..2e6a0dcac 100644 --- a/myproposal.h +++ b/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.28 2011/08/02 01:22:11 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.29 2012/06/28 05:07:45 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -78,9 +78,7 @@ #ifdef HAVE_EVP_SHA256 #define SHA2_HMAC_MODES \ "hmac-sha2-256," \ - "hmac-sha2-256-96," \ "hmac-sha2-512," \ - "hmac-sha2-512-96," #else # define SHA2_HMAC_MODES #endif diff --git a/ssh_config.5 b/ssh_config.5 index c9917d25b..db7ea5cdd 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.155 2012/06/18 11:49:58 dtucker Exp $ -.Dd $Mdocdate: June 18 2012 $ +.\" $OpenBSD: ssh_config.5,v 1.156 2012/06/28 05:07:45 dtucker Exp $ +.Dd $Mdocdate: June 28 2012 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -794,8 +794,7 @@ The default is: .Bd -literal -offset indent hmac-md5,hmac-sha1,umac-64@openssh.com, hmac-ripemd160,hmac-sha1-96,hmac-md5-96, -hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512, -hmac-sha2-512-96 +hmac-sha2-256,hmac-sha2-512 .Ed .It Cm NoHostAuthenticationForLocalhost This option can be used if the home directory is shared across machines. diff --git a/sshd_config.5 b/sshd_config.5 index 1b9ffad4c..897b8a419 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.142 2012/06/19 21:35:54 jmc Exp $ -.Dd $Mdocdate: June 19 2012 $ +.\" $OpenBSD: sshd_config.5,v 1.143 2012/06/28 05:07:45 dtucker Exp $ +.Dd $Mdocdate: June 28 2012 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -658,8 +658,7 @@ The default is: .Bd -literal -offset indent hmac-md5,hmac-sha1,umac-64@openssh.com, hmac-ripemd160,hmac-sha1-96,hmac-md5-96, -hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, -hmac-sha2-512-96 +hmac-sha2-256,hmac-sha2-512 .Ed .It Cm Match Introduces a conditional block.