- dtucker@cvs.openbsd.org 2012/06/28 05:07:45

[mac.c myproposal.h ssh_config.5 sshd_config.5]
     Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
     from draft6 of the spec and will not be in the RFC when published.  Patch
     from mdb at juniper net via bz#2023, ok markus.

ChangeLog

@@ -15,6 +15,11 @@
      [sandbox-systrace.c]
      Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation
      sandbox" since malloc now uses it.  From johnw.mail at gmail com.
+   - dtucker@cvs.openbsd.org 2012/06/28 05:07:45
+     [mac.c myproposal.h ssh_config.5 sshd_config.5]
+     Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed
+     from draft6 of the spec and will not be in the RFC when published.  Patch
+     from mdb at juniper net via bz#2023, ok markus.
 
 20120628
  - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null

mac.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.17 2011/12/02 00:43:57 djm Exp $ */
+/* $OpenBSD: mac.c,v 1.18 2012/06/28 05:07:45 dtucker Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -61,9 +61,7 @@ struct {
 	{ "hmac-sha1-96",		SSH_EVP, EVP_sha1, 96, -1, -1 },
 #ifdef HAVE_EVP_SHA256
 	{ "hmac-sha2-256",		SSH_EVP, EVP_sha256, 0, -1, -1 },
-	{ "hmac-sha2-256-96",		SSH_EVP, EVP_sha256, 96, -1, -1 },
 	{ "hmac-sha2-512",		SSH_EVP, EVP_sha512, 0, -1, -1 },
-	{ "hmac-sha2-512-96",		SSH_EVP, EVP_sha512, 96, -1, -1 },
 #endif
 	{ "hmac-md5",			SSH_EVP, EVP_md5, 0, -1, -1 },
 	{ "hmac-md5-96",		SSH_EVP, EVP_md5, 96, -1, -1 },

myproposal.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.28 2011/08/02 01:22:11 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.29 2012/06/28 05:07:45 dtucker Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -78,9 +78,7 @@
 #ifdef HAVE_EVP_SHA256
 #define	SHA2_HMAC_MODES \
 	"hmac-sha2-256," \
-	"hmac-sha2-256-96," \
 	"hmac-sha2-512," \
-	"hmac-sha2-512-96,"
 #else
 # define SHA2_HMAC_MODES
 #endif

ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.155 2012/06/18 11:49:58 dtucker Exp $
-.Dd $Mdocdate: June 18 2012 $
+.\" $OpenBSD: ssh_config.5,v 1.156 2012/06/28 05:07:45 dtucker Exp $
+.Dd $Mdocdate: June 28 2012 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -794,8 +794,7 @@ The default is:
 .Bd -literal -offset indent
 hmac-md5,hmac-sha1,umac-64@openssh.com,
 hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
-hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,
-hmac-sha2-512-96
+hmac-sha2-256,hmac-sha2-512
 .Ed
 .It Cm NoHostAuthenticationForLocalhost
 This option can be used if the home directory is shared across machines.

sshd_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.142 2012/06/19 21:35:54 jmc Exp $
-.Dd $Mdocdate: June 19 2012 $
+.\" $OpenBSD: sshd_config.5,v 1.143 2012/06/28 05:07:45 dtucker Exp $
+.Dd $Mdocdate: June 28 2012 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -658,8 +658,7 @@ The default is:
 .Bd -literal -offset indent
 hmac-md5,hmac-sha1,umac-64@openssh.com,
 hmac-ripemd160,hmac-sha1-96,hmac-md5-96,
-hmac-sha2-256,hmac-sha256-96,hmac-sha2-512,
-hmac-sha2-512-96
+hmac-sha2-256,hmac-sha2-512
 .Ed
 .It Cm Match
 Introduces a conditional block.