mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-29 05:32:07 +00:00
da95318dbe
remove 3des-cbc from the client's default proposal; 64-bit block ciphers are not safe in 2016 and we don't want to wait until attacks like sweet32 are extended to SSH. As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may cause problems connecting to older devices using the defaults, but it's highly likely that such devices already need explicit configuration for KEX and hostkeys anyway. ok deraadt, markus, dtucker Upstream-ID: a505dfe65c6733af0f751b64cbc4bb7e0761bc2f
194 lines
5.2 KiB
C
194 lines
5.2 KiB
C
/* $OpenBSD: myproposal.h,v 1.52 2016/09/05 14:02:42 djm Exp $ */
|
|
|
|
/*
|
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <openssl/opensslv.h>
|
|
|
|
/* conditional algorithm support */
|
|
|
|
#ifdef OPENSSL_HAS_ECC
|
|
#ifdef OPENSSL_HAS_NISTP521
|
|
# define KEX_ECDH_METHODS \
|
|
"ecdh-sha2-nistp256," \
|
|
"ecdh-sha2-nistp384," \
|
|
"ecdh-sha2-nistp521,"
|
|
# define HOSTKEY_ECDSA_CERT_METHODS \
|
|
"ecdsa-sha2-nistp256-cert-v01@openssh.com," \
|
|
"ecdsa-sha2-nistp384-cert-v01@openssh.com," \
|
|
"ecdsa-sha2-nistp521-cert-v01@openssh.com,"
|
|
# define HOSTKEY_ECDSA_METHODS \
|
|
"ecdsa-sha2-nistp256," \
|
|
"ecdsa-sha2-nistp384," \
|
|
"ecdsa-sha2-nistp521,"
|
|
#else
|
|
# define KEX_ECDH_METHODS \
|
|
"ecdh-sha2-nistp256," \
|
|
"ecdh-sha2-nistp384,"
|
|
# define HOSTKEY_ECDSA_CERT_METHODS \
|
|
"ecdsa-sha2-nistp256-cert-v01@openssh.com," \
|
|
"ecdsa-sha2-nistp384-cert-v01@openssh.com,"
|
|
# define HOSTKEY_ECDSA_METHODS \
|
|
"ecdsa-sha2-nistp256," \
|
|
"ecdsa-sha2-nistp384,"
|
|
#endif
|
|
#else
|
|
# define KEX_ECDH_METHODS
|
|
# define HOSTKEY_ECDSA_CERT_METHODS
|
|
# define HOSTKEY_ECDSA_METHODS
|
|
#endif
|
|
|
|
#ifdef OPENSSL_HAVE_EVPGCM
|
|
# define AESGCM_CIPHER_MODES \
|
|
",aes128-gcm@openssh.com,aes256-gcm@openssh.com"
|
|
#else
|
|
# define AESGCM_CIPHER_MODES
|
|
#endif
|
|
|
|
#ifdef HAVE_EVP_SHA256
|
|
# define KEX_SHA2_METHODS \
|
|
"diffie-hellman-group-exchange-sha256," \
|
|
"diffie-hellman-group16-sha512," \
|
|
"diffie-hellman-group18-sha512,"
|
|
# define KEX_SHA2_GROUP14 \
|
|
"diffie-hellman-group14-sha256,"
|
|
#define SHA2_HMAC_MODES \
|
|
"hmac-sha2-256," \
|
|
"hmac-sha2-512,"
|
|
#else
|
|
# define KEX_SHA2_METHODS
|
|
# define KEX_SHA2_GROUP14
|
|
# define SHA2_HMAC_MODES
|
|
#endif
|
|
|
|
#ifdef WITH_OPENSSL
|
|
# ifdef HAVE_EVP_SHA256
|
|
# define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org,"
|
|
# else
|
|
# define KEX_CURVE25519_METHODS ""
|
|
# endif
|
|
#define KEX_COMMON_KEX \
|
|
KEX_CURVE25519_METHODS \
|
|
KEX_ECDH_METHODS \
|
|
KEX_SHA2_METHODS
|
|
|
|
#define KEX_SERVER_KEX KEX_COMMON_KEX \
|
|
KEX_SHA2_GROUP14 \
|
|
"diffie-hellman-group14-sha1" \
|
|
|
|
#define KEX_CLIENT_KEX KEX_COMMON_KEX \
|
|
"diffie-hellman-group-exchange-sha1," \
|
|
KEX_SHA2_GROUP14 \
|
|
"diffie-hellman-group14-sha1"
|
|
|
|
#define KEX_DEFAULT_PK_ALG \
|
|
HOSTKEY_ECDSA_CERT_METHODS \
|
|
"ssh-ed25519-cert-v01@openssh.com," \
|
|
"ssh-rsa-cert-v01@openssh.com," \
|
|
HOSTKEY_ECDSA_METHODS \
|
|
"ssh-ed25519," \
|
|
"rsa-sha2-512," \
|
|
"rsa-sha2-256," \
|
|
"ssh-rsa"
|
|
|
|
/* the actual algorithms */
|
|
|
|
#define KEX_SERVER_ENCRYPT \
|
|
"chacha20-poly1305@openssh.com," \
|
|
"aes128-ctr,aes192-ctr,aes256-ctr" \
|
|
AESGCM_CIPHER_MODES
|
|
|
|
#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
|
|
"aes128-cbc,aes192-cbc,aes256-cbc"
|
|
|
|
#define KEX_SERVER_MAC \
|
|
"umac-64-etm@openssh.com," \
|
|
"umac-128-etm@openssh.com," \
|
|
"hmac-sha2-256-etm@openssh.com," \
|
|
"hmac-sha2-512-etm@openssh.com," \
|
|
"hmac-sha1-etm@openssh.com," \
|
|
"umac-64@openssh.com," \
|
|
"umac-128@openssh.com," \
|
|
"hmac-sha2-256," \
|
|
"hmac-sha2-512," \
|
|
"hmac-sha1"
|
|
|
|
#define KEX_CLIENT_MAC KEX_SERVER_MAC
|
|
|
|
#else /* WITH_OPENSSL */
|
|
|
|
#define KEX_SERVER_KEX \
|
|
"curve25519-sha256@libssh.org"
|
|
#define KEX_DEFAULT_PK_ALG \
|
|
"ssh-ed25519-cert-v01@openssh.com," \
|
|
"ssh-ed25519"
|
|
#define KEX_SERVER_ENCRYPT \
|
|
"chacha20-poly1305@openssh.com," \
|
|
"aes128-ctr,aes192-ctr,aes256-ctr"
|
|
#define KEX_SERVER_MAC \
|
|
"umac-64-etm@openssh.com," \
|
|
"umac-128-etm@openssh.com," \
|
|
"hmac-sha2-256-etm@openssh.com," \
|
|
"hmac-sha2-512-etm@openssh.com," \
|
|
"hmac-sha1-etm@openssh.com," \
|
|
"umac-64@openssh.com," \
|
|
"umac-128@openssh.com," \
|
|
"hmac-sha2-256," \
|
|
"hmac-sha2-512," \
|
|
"hmac-sha1"
|
|
|
|
#define KEX_CLIENT_KEX KEX_SERVER_KEX
|
|
#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT
|
|
#define KEX_CLIENT_MAC KEX_SERVER_MAC
|
|
|
|
#endif /* WITH_OPENSSL */
|
|
|
|
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
|
|
#define KEX_DEFAULT_LANG ""
|
|
|
|
#define KEX_CLIENT \
|
|
KEX_CLIENT_KEX, \
|
|
KEX_DEFAULT_PK_ALG, \
|
|
KEX_CLIENT_ENCRYPT, \
|
|
KEX_CLIENT_ENCRYPT, \
|
|
KEX_CLIENT_MAC, \
|
|
KEX_CLIENT_MAC, \
|
|
KEX_DEFAULT_COMP, \
|
|
KEX_DEFAULT_COMP, \
|
|
KEX_DEFAULT_LANG, \
|
|
KEX_DEFAULT_LANG
|
|
|
|
#define KEX_SERVER \
|
|
KEX_SERVER_KEX, \
|
|
KEX_DEFAULT_PK_ALG, \
|
|
KEX_SERVER_ENCRYPT, \
|
|
KEX_SERVER_ENCRYPT, \
|
|
KEX_SERVER_MAC, \
|
|
KEX_SERVER_MAC, \
|
|
KEX_DEFAULT_COMP, \
|
|
KEX_DEFAULT_COMP, \
|
|
KEX_DEFAULT_LANG, \
|
|
KEX_DEFAULT_LANG
|
|
|