- markus@cvs.openbsd.org 2001/02/11 12:59:25

[Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
     1) clean up the MAC support for SSH-2
     2) allow you to specify the MAC with 'ssh -m'
     3) or the 'MACs' keyword in ssh(d)_config
     4) add hmac-{md5,sha1}-96
             ok stevesk@, provos@

ChangeLog

@@ -7,6 +7,14 @@
    - markus@cvs.openbsd.org 2001/02/12 12:45:06
      [sshconnect1.c]
      fix xmalloc(0), ok dugsong@
+   - markus@cvs.openbsd.org 2001/02/11 12:59:25
+     [Makefile.in sshd.8 sshconnect2.c readconf.h readconf.c packet.c
+      sshd.c ssh.c ssh.1 servconf.h servconf.c myproposal.h kex.h kex.c]
+     1) clean up the MAC support for SSH-2
+     2) allow you to specify the MAC with 'ssh -m'
+     3) or the 'MACs' keyword in ssh(d)_config
+     4) add hmac-{md5,sha1}-96
+             ok stevesk@, provos@
 
 20010214
  - (djm) Don't try to close PAM session or delete credentials if the
@@ -3935,4 +3943,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.762 2001/02/15 02:36:46 mouring Exp $
+$Id: ChangeLog,v 1.763 2001/02/15 03:01:59 mouring Exp $

Makefile.in

@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.151 2001/02/13 14:25:23 djm Exp $
+# $Id: Makefile.in,v 1.152 2001/02/15 03:01:59 mouring Exp $
 
 prefix=@prefix@
 exec_prefix=@exec_prefix@
@@ -44,7 +44,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
 
 TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP_PROGS)
 
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o deattack.o dispatch.o mac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
 
 SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
 

hmac.c

@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-RCSID("$OpenBSD: hmac.c,v 1.7 2001/02/08 19:30:51 itojun Exp $");
-
-#include "xmalloc.h"
-#include "getput.h"
-#include "log.h"
-
-#include <openssl/hmac.h>
-
-#include "hmac.h"
-
-u_char *
-hmac(
-    EVP_MD *evp_md,
-    u_int seqno,
-    u_char *data, int datalen,
-    u_char *key, int keylen)
-{
-	HMAC_CTX c;
-	static u_char m[EVP_MAX_MD_SIZE];
-	u_char b[4];
-
-	if (key == NULL)
-		fatal("hmac: no key");
-	HMAC_Init(&c, key, keylen, evp_md);
-	PUT_32BIT(b, seqno);
-	HMAC_Update(&c, b, sizeof b);
-	HMAC_Update(&c, data, datalen);
-	HMAC_Final(&c, m, NULL);
-	HMAC_cleanup(&c);
-	return(m);
-}

kex.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: kex.c,v 1.20 2001/02/08 19:30:51 itojun Exp $");
+RCSID("$OpenBSD: kex.c,v 1.21 2001/02/11 12:59:24 markus Exp $");
 
 #include <openssl/crypto.h>
 #include <openssl/bio.h>
@@ -41,6 +41,7 @@ RCSID("$OpenBSD: kex.c,v 1.20 2001/02/08 19:30:51 itojun Exp $");
 #include "kex.h"
 #include "key.h"
 #include "log.h"
+#include "mac.h"
 
 #define KEX_COOKIE_LEN	16
 
@@ -412,18 +413,12 @@ choose_mac(Mac *mac, char *client, char *server)
 	char *name = get_match(client, server);
 	if (name == NULL)
 		fatal("no matching mac found: client %s server %s", client, server);
-	if (strcmp(name, "hmac-md5") == 0) {
-		mac->md = EVP_md5();
-	} else if (strcmp(name, "hmac-sha1") == 0) {
-		mac->md = EVP_sha1();
-	} else if (strcmp(name, "hmac-ripemd160@openssh.com") == 0) {
-		mac->md = EVP_ripemd160();
-	} else {
+	if (mac_init(mac, name) < 0)
 		fatal("unsupported mac %s", name);
-	}
+	/* truncate the key */
+	if (datafellows & SSH_BUG_HMAC)
+		mac->key_len = 16;
 	mac->name = name;
-	mac->mac_len = mac->md->md_size;
-	mac->key_len = (datafellows & SSH_BUG_HMAC) ? 16 : mac->mac_len;
 	mac->key = NULL;
 	mac->enabled = 0;
 }

kex.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kex.h,v 1.13 2001/02/04 15:32:24 stevesk Exp $	*/
+/*	$OpenBSD: kex.h,v 1.14 2001/02/11 12:59:24 markus Exp $	*/
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -26,9 +26,11 @@
 #ifndef KEX_H
 #define KEX_H
 
+#include <openssl/evp.h>
+#include "buffer.h"
+
 #define	KEX_DH1		"diffie-hellman-group1-sha1"
 #define	KEX_DHGEX	"diffie-hellman-group-exchange-sha1"
-#define	KEX_DSS		"ssh-dss"
 
 enum kex_init_proposals {
 	PROPOSAL_KEX_ALGS,

mac.c

@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+RCSID("$OpenBSD: mac.c,v 1.1 2001/02/11 12:59:24 markus Exp $");
+
+#include <openssl/hmac.h>
+
+#include "xmalloc.h"
+#include "getput.h"
+#include "log.h"
+#include "cipher.h"
+#include "kex.h"
+#include "mac.h"
+
+struct {
+	char		*name;
+	EVP_MD *	(*mdfunc)(void);
+	int		truncatebits;	/* truncate digest if != 0 */
+} macs[] = {
+	{ "hmac-sha1",			EVP_sha1, 0, },
+	{ "hmac-sha1-96",		EVP_sha1, 96 },
+	{ "hmac-md5",			EVP_md5, 0 },
+	{ "hmac-md5-96",		EVP_md5, 96 },
+	{ "hmac-ripemd160",		EVP_ripemd160, 0 },
+	{ "hmac-ripemd160@openssh.com",	EVP_ripemd160, 0 },
+        { NULL,				NULL, 0 }
+};
+
+int
+mac_init(Mac *mac, char *name)
+{
+	int i;
+	for (i = 0; macs[i].name; i++) {
+		if (strcmp(name, macs[i].name) == 0) {
+			if (mac != NULL) {
+				mac->md = (*macs[i].mdfunc)();
+				mac->key_len = mac->mac_len = mac->md->md_size;
+				if (macs[i].truncatebits != 0)
+					mac->mac_len = macs[i].truncatebits/8;
+			}
+			debug2("mac_init: found %s", name);
+			return (0);
+		}
+	}
+	debug2("mac_init: unknown %s", name);
+	return (-1);
+}
+
+u_char *
+mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen)
+{
+	HMAC_CTX c;
+	static u_char m[EVP_MAX_MD_SIZE];
+	u_char b[4];
+
+	if (mac->key == NULL)
+		fatal("mac_compute: no key");
+	if (mac->mac_len > sizeof(m))
+		fatal("mac_compute: mac too long");
+	HMAC_Init(&c, mac->key, mac->key_len, mac->md);
+	PUT_32BIT(b, seqno);
+	HMAC_Update(&c, b, sizeof(b));
+	HMAC_Update(&c, data, datalen);
+	HMAC_Final(&c, m, NULL);
+	HMAC_cleanup(&c);
+	return (m);
+}
+
+/* XXX copied from ciphers_valid */
+#define	MAC_SEP	","
+int
+mac_valid(const char *names)
+{
+	char *maclist, *cp, *p;
+
+	if (names == NULL || strcmp(names, "") == 0)
+		return (0);
+	maclist = cp = xstrdup(names);
+	for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0';
+	     (p = strsep(&cp, MAC_SEP))) {
+		if (mac_init(NULL, p) < 0) {
+			debug("bad mac %s [%s]", p, names);
+			xfree(maclist);
+			return (0);
+		} else {
+			debug3("mac ok: %s [%s]", p, names);
+		}
+	}
+	debug3("macs ok: [%s]", names);
+	xfree(maclist);
+	return (1);
+}

mac.h

@@ -1,7 +1,6 @@
-/*	$OpenBSD: hmac.h,v 1.4 2001/01/29 01:58:15 niklas Exp $	*/
-
+/*      $OpenBSD: mac.h,v 1.1 2001/02/11 12:59:24 markus Exp $   */
 /*
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -23,14 +22,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-#ifndef HMAC_H
-#define HMAC_H
 
-u_char *
-hmac(
-    EVP_MD *evp_md,
-    u_int seqno,
-    u_char *data, int datalen,
-    u_char *key, int len);
-
-#endif
+int	mac_valid(const char *names);
+int	mac_init(Mac *mac, char *name);
+u_char	*mac_compute(Mac *mac, u_int32_t seqno, u_char *data, int datalen);

myproposal.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: myproposal.h,v 1.10 2001/01/29 01:58:17 niklas Exp $	*/
+/*	$OpenBSD: myproposal.h,v 1.11 2001/02/11 12:59:24 markus Exp $	*/
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -30,7 +30,10 @@
 	"aes128-cbc,aes192-cbc,aes256-cbc," \
 	"rijndael128-cbc,rijndael192-cbc,rijndael256-cbc," \
 	"rijndael-cbc@lysator.liu.se"
-#define	KEX_DEFAULT_MAC		"hmac-sha1,hmac-md5,hmac-ripemd160@openssh.com"
+#define	KEX_DEFAULT_MAC \
+	"hmac-sha1,hmac-md5,hmac-ripemd160," \
+	"hmac-ripemd160@openssh.com," \
+	"hmac-sha1-96,hmac-md5-96"
 #define	KEX_DEFAULT_COMP	"none,zlib"
 #define	KEX_DEFAULT_LANG	""
 

packet.c

@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.49 2001/02/08 19:30:52 itojun Exp $");
+RCSID("$OpenBSD: packet.c,v 1.50 2001/02/11 12:59:25 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -54,12 +54,9 @@ RCSID("$OpenBSD: packet.c,v 1.49 2001/02/08 19:30:52 itojun Exp $");
 #include "ssh1.h"
 #include "ssh2.h"
 
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/hmac.h>
 #include "cipher.h"
 #include "kex.h"
-#include "hmac.h"
+#include "mac.h"
 #include "log.h"
 #include "canohost.h"
 
@@ -531,12 +528,12 @@ packet_send1(void)
 void
 packet_send2(void)
 {
+	static u_int32_t seqnr = 0;
 	u_char *macbuf = NULL;
 	char *cp;
 	u_int packet_length = 0;
 	u_int i, padlen, len;
 	u_int32_t rand = 0;
-	static u_int seqnr = 0;
 	int type;
 	Enc *enc   = NULL;
 	Mac *mac   = NULL;
@@ -604,11 +601,9 @@ packet_send2(void)
 
 	/* compute MAC over seqnr and packet(length fields, payload, padding) */
 	if (mac && mac->enabled) {
-		macbuf = hmac( mac->md, seqnr,
+		macbuf = mac_compute(mac, seqnr,
 		    (u_char *) buffer_ptr(&outgoing_packet),
-		    buffer_len(&outgoing_packet),
-		    mac->key, mac->key_len
-		);
+		    buffer_len(&outgoing_packet));
 		DBG(debug("done calc MAC out #%d", seqnr));
 	}
 	/* encrypt packet and append to output buffer. */
@@ -818,12 +813,12 @@ packet_read_poll1(int *payload_len_ptr)
 int
 packet_read_poll2(int *payload_len_ptr)
 {
+	static u_int32_t seqnr = 0;
+	static u_int packet_length = 0;
 	u_int padlen, need;
 	u_char buf[8], *macbuf;
 	u_char *ucp;
 	char *cp;
-	static u_int packet_length = 0;
-	static u_int seqnr = 0;
 	int type;
 	int maclen, block_size;
 	Enc *enc   = NULL;
@@ -883,11 +878,9 @@ packet_read_poll2(int *payload_len_ptr)
 	 * increment sequence number for incoming packet
 	 */
 	if (mac && mac->enabled) {
-		macbuf = hmac( mac->md, seqnr,
+		macbuf = mac_compute(mac, seqnr,
 		    (u_char *) buffer_ptr(&incoming_packet),
-		    buffer_len(&incoming_packet),
-		    mac->key, mac->key_len
-		);
+		    buffer_len(&incoming_packet));
 		if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
 			packet_disconnect("Corrupted MAC on input.");
 		DBG(debug("MAC #%d ok", seqnr));

readconf.c

@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.61 2001/02/08 14:39:36 deraadt Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.62 2001/02/11 12:59:25 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -23,6 +23,8 @@ RCSID("$OpenBSD: readconf.c,v 1.61 2001/02/08 14:39:36 deraadt Exp $");
 #include "readconf.h"
 #include "match.h"
 #include "misc.h"
+#include "kex.h"
+#include "mac.h"
 
 /* Format of the configuration file:
 
@@ -105,7 +107,7 @@ typedef enum {
 	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
 	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
 	oCompressionLevel, oKeepAlives, oNumberOfPasswordPrompts,
-	oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol,
+	oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
 	oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication,
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias
 } OpCodes;
@@ -148,6 +150,7 @@ static struct {
 	{ "port", oPort },
 	{ "cipher", oCipher },
 	{ "ciphers", oCiphers },
+	{ "macs", oMacs },
 	{ "protocol", oProtocol },
 	{ "remoteforward", oRemoteForward },
 	{ "localforward", oLocalForward },
@@ -502,6 +505,17 @@ parse_int:
 			options->ciphers = xstrdup(arg);
 		break;
 
+	case oMacs:
+		arg = strdelim(&s);
+		if (!arg || *arg == '\0')
+			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		if (!mac_valid(arg))
+			fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
+			      filename, linenum, arg ? arg : "<NONE>");
+		if (*activep && options->macs == NULL)
+			options->macs = xstrdup(arg);
+		break;
+
 	case oProtocol:
 		intptr = &options->protocol;
 		arg = strdelim(&s);
@@ -693,6 +707,7 @@ initialize_options(Options * options)
 	options->number_of_password_prompts = -1;
 	options->cipher = -1;
 	options->ciphers = NULL;
+	options->macs = NULL;
 	options->protocol = SSH_PROTO_UNKNOWN;
 	options->num_identity_files = 0;
 	options->hostname = NULL;
@@ -781,6 +796,7 @@ fill_default_options(Options * options)
 	if (options->cipher == -1)
 		options->cipher = SSH_CIPHER_NOT_SET;
 	/* options->ciphers, default set in myproposals.h */
+	/* options->macs, default set in myproposals.h */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
 		options->protocol = SSH_PROTO_1|SSH_PROTO_2|SSH_PROTO_1_PREFERRED;
 	if (options->num_identity_files == 0) {

readconf.h

@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: readconf.h,v 1.25 2001/01/22 23:06:39 markus Exp $"); */
+/* RCSID("$OpenBSD: readconf.h,v 1.26 2001/02/11 12:59:25 markus Exp $"); */
 
 #ifndef READCONF_H
 #define READCONF_H
@@ -68,6 +68,7 @@ typedef struct {
 						 * prompts. */
 	int     cipher;		/* Cipher to use. */
 	char   *ciphers;	/* SSH2 ciphers in order of preference. */
+	char   *macs;		/* SSH2 macs in order of preference. */
 	int	protocol;	/* Protocol in order of preference. */
 	char   *hostname;	/* Real host to connect. */
 	char   *host_key_alias;	/* hostname alias for .ssh/known_hosts */

servconf.c

@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.65 2001/02/04 15:32:24 stevesk Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.66 2001/02/11 12:59:25 markus Exp $");
 
 #ifdef KRB4
 #include <krb.h>
@@ -28,6 +28,8 @@ RCSID("$OpenBSD: servconf.c,v 1.65 2001/02/04 15:32:24 stevesk Exp $");
 #include "tildexpand.h"
 #include "misc.h"
 #include "cipher.h"
+#include "kex.h"
+#include "mac.h"
 
 /* add listen address */
 void add_listen_addr(ServerOptions *options, char *addr);
@@ -85,6 +87,7 @@ initialize_server_options(ServerOptions *options)
 	options->num_allow_groups = 0;
 	options->num_deny_groups = 0;
 	options->ciphers = NULL;
+	options->macs = NULL;
 	options->protocol = SSH_PROTO_UNKNOWN;
 	options->gateway_ports = -1;
 	options->num_subsystems = 0;
@@ -209,7 +212,7 @@ typedef enum {
 	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
 	sUseLogin, sAllowTcpForwarding,
 	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-	sIgnoreUserKnownHosts, sCiphers, sProtocol, sPidFile,
+	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
 	sBanner, sReverseMappingCheck
 } ServerOpCodes;
@@ -266,6 +269,7 @@ static struct {
 	{ "allowgroups", sAllowGroups },
 	{ "denygroups", sDenyGroups },
 	{ "ciphers", sCiphers },
+	{ "macs", sMacs },
 	{ "protocol", sProtocol },
 	{ "gatewayports", sGatewayPorts },
 	{ "subsystem", sSubsystem },
@@ -658,6 +662,17 @@ parse_flag:
 				options->ciphers = xstrdup(arg);
 			break;
 
+		case sMacs:
+			arg = strdelim(&cp);
+			if (!arg || *arg == '\0')
+				fatal("%s line %d: Missing argument.", filename, linenum);
+			if (!mac_valid(arg))
+				fatal("%s line %d: Bad SSH2 mac spec '%s'.",
+				    filename, linenum, arg ? arg : "<NONE>");
+			if (options->macs == NULL)
+				options->macs = xstrdup(arg);
+			break;
+
 		case sProtocol:
 			intptr = &options->protocol;
 			arg = strdelim(&cp);

servconf.h

@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: servconf.h,v 1.36 2001/02/03 10:08:37 markus Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.37 2001/02/11 12:59:25 markus Exp $"); */
 
 #ifndef SERVCONF_H
 #define SERVCONF_H
@@ -50,8 +50,9 @@ typedef struct {
 	char   *xauth_location;	/* Location of xauth program */
 	int     strict_modes;	/* If true, require string home dir modes. */
 	int     keepalives;	/* If true, set SO_KEEPALIVE. */
-	char   *ciphers;	/* Ciphers in order of preference. */
-	int	protocol;	/* Protocol in order of preference. */
+	char   *ciphers;	/* Supported SSH2 ciphers. */
+	char   *macs;		/* Supported SSH2 macs. */
+	int	protocol;	/* Supported protocol versions. */
 	int     gateway_ports;	/* If true, allow remote connects to forwarded ports. */
 	SyslogFacility log_facility;	/* Facility for system logging. */
 	LogLevel log_level;	/* Level for system logging. */

ssh.1

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.90 2001/02/10 16:03:29 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.91 2001/02/11 12:59:25 markus Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -53,6 +53,7 @@
 .Op Fl e Ar escape_char
 .Op Fl i Ar identity_file
 .Op Fl l Ar login_name
+.Op Fl m Ar mac_spec
 .Op Fl o Ar option
 .Op Fl p Ar port
 .Oo Fl L Xo
@@ -425,6 +426,13 @@ This may also be specified on a per-host basis in the configuration file.
 .It Fl l Ar login_name
 Specifies the user to log in as on the remote machine.
 This also may be specified on a per-host basis in the configuration file.
+.It Fl m Ar mac_spec
+Additionally, for protocol version 2 a comma-separated list of MAC
+(message authentication code) algorithms can
+be specified in order of preference.
+See the
+.Cm MACs
+keyword for more information.
 .It Fl n
 Redirects stdin from
 .Pa /dev/null
@@ -814,6 +822,18 @@ Gives the verbosity level that is used when logging messages from
 The possible values are:
 QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
 The default is INFO.
+.It Cm MACs
+Specifies the MAC (message authentication code) algorithms 
+in order of preference.
+The MAC algorithm is used in protocol version 2
+for data integrity protection.
+Multiple algorithms must be comma-separated.
+The default is
+.Pp
+.Bd -literal
+  ``hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,
+    hmac-sha1-96,hmac-md5-96''
+.Ed
 .It Cm NumberOfPasswordPrompts
 Specifies the number of password prompts before giving up.
 The argument to this keyword must be an integer.

ssh.c

@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.94 2001/02/10 01:46:28 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.95 2001/02/11 12:59:25 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -65,6 +65,8 @@ RCSID("$OpenBSD: ssh.c,v 1.94 2001/02/10 01:46:28 markus Exp $");
 #include "tildexpand.h"
 #include "dispatch.h"
 #include "misc.h"
+#include "kex.h"
+#include "mac.h"
 
 #ifdef HAVE___PROGNAME
 extern char *__progname;
@@ -305,7 +307,7 @@ main(int ac, char **av)
 		opt = av[optind][1];
 		if (!opt)
 			usage();
-		if (strchr("eilcpLRo", opt)) {	/* options with arguments */
+		if (strchr("eilcmpLRo", opt)) {	/* options with arguments */
 			optarg = av[optind] + 2;
 			if (strcmp(optarg, "") == 0) {
 				if (optind >= ac - 1)
@@ -434,6 +436,14 @@ main(int ac, char **av)
 				}
 			}
 			break;
+		case 'm':
+			if (mac_valid(optarg))
+				options.macs = xstrdup(optarg);
+			else {
+				fprintf(stderr, "Unknown mac type '%s'\n", optarg);
+				exit(1);
+			}
+			break;
 		case 'p':
 			options.port = atoi(optarg);
 			break;

sshconnect2.c

@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.46 2001/02/10 12:09:21 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.47 2001/02/11 12:59:25 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -84,12 +84,16 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
 	}
 	if (options.compression) {
-		myproposal[PROPOSAL_COMP_ALGS_CTOS] = "zlib";
+		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "zlib";
 	} else {
-		myproposal[PROPOSAL_COMP_ALGS_CTOS] = "none";
+		myproposal[PROPOSAL_COMP_ALGS_CTOS] =
 		myproposal[PROPOSAL_COMP_ALGS_STOC] = "none";
 	}
+	if (options.macs != NULL) {
+		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
+		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
+	}
 
 	/* buffers with raw kexinit messages */
 	server_kexinit = xmalloc(sizeof(*server_kexinit));

sshd.8

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.92 2001/02/09 23:38:11 deraadt Exp $
+.\" $OpenBSD: sshd.8,v 1.93 2001/02/11 12:59:25 markus Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -501,6 +501,17 @@ QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
 The default is INFO.
 Logging with level DEBUG violates the privacy of users
 and is not recommended.
+.It Cm MACs
+Specifies the available MAC (message authentication code) algorithms.
+The MAC algorithm is used in protocol version 2
+for data integrity protection.
+Multiple algorithms must be comma-separated.
+The default is
+.Pp
+.Bd -literal
+  ``hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,
+    hmac-sha1-96,hmac-md5-96''
+.Ed
 .It Cm MaxStartups
 Specifies the maximum number of concurrent unauthenticated connections to the
 .Nm

sshd.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.165 2001/02/08 19:30:53 itojun Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.166 2001/02/11 12:59:25 markus Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1412,6 +1412,10 @@ do_ssh2_kex(void)
 		myproposal[PROPOSAL_ENC_ALGS_CTOS] =
 		myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
 	}
+	if (options.macs != NULL) {
+		myproposal[PROPOSAL_MAC_ALGS_CTOS] =
+		myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
+	}
 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
 
 	server_kexinit = kex_init(myproposal);