From 9b61130fbd95d196bce81ebeca94a4cb7c0d5ba0 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sat, 23 Feb 2019 08:20:43 +0000
Subject: upstream: openssh-7.9 accidentally reused the server's algorithm
 lists

in the client for KEX, ciphers and MACs. The ciphers and MACs were identical
between the client and server, but the error accidentially disabled the
diffie-hellman-group-exchange-sha1 KEX method.

This fixes the client code to use the correct method list, but
because nobody complained, it also disables the
diffie-hellman-group-exchange-sha1 KEX method.

Reported by nuxi AT vault24.org via bz#2697; ok dtucker

OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57
---
 myproposal.h | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

(limited to 'myproposal.h')

diff --git a/myproposal.h b/myproposal.h
index 27b4a15a..f1672987 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.57 2018/09/12 01:34:02 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.58 2019/02/23 08:20:43 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -90,20 +90,15 @@
 # else
 #  define KEX_CURVE25519_METHODS ""
 # endif
-#define KEX_COMMON_KEX \
+#define KEX_SERVER_KEX \
 	KEX_CURVE25519_METHODS \
 	KEX_ECDH_METHODS \
-	KEX_SHA2_METHODS
-
-#define KEX_SERVER_KEX KEX_COMMON_KEX \
-	KEX_SHA2_GROUP14 \
-	"diffie-hellman-group14-sha1" \
-
-#define KEX_CLIENT_KEX KEX_COMMON_KEX \
-	"diffie-hellman-group-exchange-sha1," \
+	KEX_SHA2_METHODS \
 	KEX_SHA2_GROUP14 \
 	"diffie-hellman-group14-sha1"
 
+#define KEX_CLIENT_KEX KEX_SERVER_KEX
+
 #define	KEX_DEFAULT_PK_ALG	\
 	HOSTKEY_ECDSA_CERT_METHODS \
 	"ssh-ed25519-cert-v01@openssh.com," \
-- 
cgit v1.2.1