author | John Beck <John.Beck@Oracle.COM> |
Mon, 16 May 2016 17:31:01 -0700 | |
changeset 6007 | 4c61ee2c9e6d |
parent 5819 | c5f05bd2a9bc |
child 6930 | 31ef2580c45d |
permissions | -rw-r--r-- |
5026
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
1 |
# |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
2 |
# Removes cast128-cbc support. |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
3 |
# |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
4 |
# At this moment this algorithm is not listed in Approved Security |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
5 |
# Technologies: Standards Details at all. Eventually it will be added as |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
6 |
# deprecated. |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
7 |
# |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
8 |
# SunSSH did not support cast128-cbc. In this respect removing cast128-cbc from |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
9 |
# OpenSSH doesn't constitute a regression in functionality from SunSSH. |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
10 |
# |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
11 |
# Interoperability gain provided by cast128-cbc is negligible, because all |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
12 |
# relevant ssh implementations also provide several more common encryption |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
13 |
# algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc. |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
14 |
# |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
15 |
# This is a Solaris specific patch and it is not likely to be accepted upstream. |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
16 |
# |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
17 |
diff -pur old/cipher.c new/cipher.c |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
18 |
--- old/cipher.c |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
19 |
+++ new/cipher.c |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
20 |
@@ -88,8 +88,10 @@ static const struct sshcipher ciphers[] |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
21 |
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
22 |
{ "blowfish-cbc", |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
23 |
SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
24 |
+#ifndef WITHOUT_CAST128 |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
25 |
{ "cast128-cbc", |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
26 |
SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc }, |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
27 |
+#endif |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
28 |
{ "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 }, |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
29 |
{ "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 }, |
12114fad0da4
22018764 remove cast128-cbc from OpenSSH
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
diff
changeset
|
30 |
{ "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 }, |
5223
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
31 |
diff -pur old/ssh_config.5 new/ssh_config.5 |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
32 |
--- old/ssh_config.5 |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
33 |
+++ new/ssh_config.5 |
5819
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5223
diff
changeset
|
34 |
@@ -478,8 +478,6 @@ arcfour256 |
5223
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
35 |
.It |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
36 |
blowfish-cbc |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
37 |
.It |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
38 |
-cast128-cbc |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
39 |
-.It |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
40 |
[email protected] |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
41 |
.El |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
42 |
.Pp |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
43 |
diff -pur old/sshd.8 new/sshd.8 |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
44 |
--- old/sshd.8 |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
45 |
+++ new/sshd.8 |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
46 |
@@ -307,7 +307,7 @@ For protocol 2, |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
47 |
forward security is provided through a Diffie-Hellman key agreement. |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
48 |
This key agreement results in a shared session key. |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
49 |
The rest of the session is encrypted using a symmetric cipher, currently |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
50 |
-128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
51 |
+128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES. |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
52 |
The client selects the encryption algorithm |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
53 |
to use from those offered by the server. |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
54 |
Additionally, session integrity is provided |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
55 |
diff -pur old/sshd_config.5 new/sshd_config.5 |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
56 |
--- old/sshd_config.5 |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
57 |
+++ new/sshd_config.5 |
5819
c5f05bd2a9bc
PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5223
diff
changeset
|
58 |
@@ -472,8 +472,6 @@ arcfour256 |
5223
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
59 |
.It |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
60 |
blowfish-cbc |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
61 |
.It |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
62 |
-cast128-cbc |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
63 |
-.It |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
64 |
[email protected] |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
65 |
.El |
66bb65945d8f
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
Tomas Kuthan <tomas.kuthan@oracle.com>
parents:
5026
diff
changeset
|
66 |
.Pp |