From naddy@mips.inka.de  Sun Jun 16 14:59:45 2013
Return-Path: <naddy@mips.inka.de>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	by hub.freebsd.org (Postfix) with ESMTP id E7CF7643;
	Sun, 16 Jun 2013 14:59:44 +0000 (UTC)
	(envelope-from naddy@mips.inka.de)
Received: from mail-in-06.arcor-online.net (mail-in-06.arcor-online.net [151.189.21.46])
	by mx1.freebsd.org (Postfix) with ESMTP id 6E4881B91;
	Sun, 16 Jun 2013 14:59:44 +0000 (UTC)
Received: from mail-in-15-z2.arcor-online.net (mail-in-15-z2.arcor-online.net [151.189.8.32])
	by mx.arcor.de (Postfix) with ESMTP id 17AE710C3A8;
	Sun, 16 Jun 2013 16:59:37 +0200 (CEST)
Received: from mail-in-11.arcor-online.net (mail-in-11.arcor-online.net [151.189.21.51])
	by mail-in-15-z2.arcor-online.net (Postfix) with ESMTP id 0BDC9112006;
	Sun, 16 Jun 2013 16:59:37 +0200 (CEST)
Received: from lorvorc.mips.inka.de (dslb-188-105-082-232.pools.arcor-ip.net [188.105.82.232])
	by mail-in-11.arcor-online.net (Postfix) with ESMTPS id C894435A2FF;
	Sun, 16 Jun 2013 16:59:36 +0200 (CEST)
Received: from lorvorc.mips.inka.de (localhost [127.0.0.1])
	by lorvorc.mips.inka.de (8.14.7/8.14.7) with ESMTP id r5GExa0d066883;
	Sun, 16 Jun 2013 16:59:36 +0200 (CEST)
	(envelope-from naddy@lorvorc.mips.inka.de)
Received: (from naddy@localhost)
	by lorvorc.mips.inka.de (8.14.7/8.14.7/Submit) id r5GExaaa066882;
	Sun, 16 Jun 2013 16:59:36 +0200 (CEST)
	(envelope-from naddy)
Message-Id: <201306161459.r5GExaaa066882@lorvorc.mips.inka.de>
Date: Sun, 16 Jun 2013 16:59:36 +0200 (CEST)
From: Christian Weisgerber <naddy@FreeBSD.org>
Reply-To: Christian Weisgerber <naddy@FreeBSD.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc: des@FreeBSD.org
Subject: 9-STABLE sshd negotiates unsupported cipher
X-Send-Pr-Version: 3.114
X-GNATS-Notify:

>Number:         179619
>Category:       bin
>Synopsis:       [libopenssh] [patch] 9-STABLE sshd negotiates unsupported cipher
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    des
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jun 16 15:00:00 UTC 2013
>Closed-Date:    
>Last-Modified:  Sat Jun 29 06:31:11 CDT 2013
>Originator:     Christian Weisgerber
>Release:        FreeBSD 9.1-STABLE amd64
>Organization:
>Environment:
System: FreeBSD lorvorc.mips.inka.de 9.1-STABLE FreeBSD 9.1-STABLE #0 r251468: Thu Jun 6 17:02:46 CEST 2013 naddy@lorvorc.mips.inka.de:/usr/obj/usr/src/sys/GENERIC amd64

OpenSSH_6.2p2, OpenSSL 0.9.8y 5 Feb 2013, on FreeBSD 9-STABLE.

This version of OpenSSL does not support AES-GCM, so OpenSSH is built
with #undef OPENSSL_HAVE_EVPGCM there.

>Description:

Let's try to connect to a 9-STABLE box from a host that does support
AES-GCM:

$ ssh -c aes128-gcm@openssh.com,aes128-ctr lorvorc    
Connection closed by 2001:6f8:124a::5

Odd.

$ ssh -v -c aes128-gcm@openssh.com,aes128-ctr lorvorc
OpenSSH_6.2, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /home/naddy/.ssh/config
debug1: /home/naddy/.ssh/config line 34: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to lorvorc [2001:6f8:124a::5] port 22.
debug1: Connection established.
debug1: identity file /home/naddy/.ssh/id_rsa type -1
debug1: identity file /home/naddy/.ssh/id_rsa-cert type -1
debug1: identity file /home/naddy/.ssh/id_dsa type -1
debug1: identity file /home/naddy/.ssh/id_dsa-cert type -1
debug1: identity file /home/naddy/.ssh/id_ecdsa type -1
debug1: identity file /home/naddy/.ssh/id_ecdsa-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.2
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.2_hpn13v11 FreeBSD-20130515
debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH*
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-gcm@openssh.com <implicit> none
debug1: kex: client->server aes128-gcm@openssh.com <implicit> none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by 2001:6f8:124a::5

On the 9-STABLE box, auth.log says:

Jun  9 02:39:49 lorvorc sshd[98792]: fatal: matching cipher is not supported: aes128-gcm@openssh.com [preauth]

sshd should not match a cipher it doesn't actually support!

>How-To-Repeat:

See above.

>Fix:

Index: crypto/openssh/myproposal.h
===================================================================
--- crypto/openssh/myproposal.h	(revision 251468)
+++ crypto/openssh/myproposal.h	(working copy)
@@ -71,10 +71,16 @@
 	"ssh-rsa," \
 	"ssh-dss"
 
+#ifdef OPENSSL_HAVE_EVPGCM
+# define AESGCM_CIPHER_MODES \
+	"aes128-gcm@openssh.com,aes256-gcm@openssh.com,"
+#else
+# define AESGCM_CIPHER_MODES
+#endif
 #define	KEX_DEFAULT_ENCRYPT \
 	"aes128-ctr,aes192-ctr,aes256-ctr," \
 	"arcfour256,arcfour128," \
-	"aes128-gcm@openssh.com,aes256-gcm@openssh.com," \
+	AESGCM_CIPHER_MODES \
 	"aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
 	"aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se"
 #ifdef	NONE_CIPHER_ENABLED


For FreeBSD 9-STABLE, changing the "Ciphers" description in
ssh_config.5 and sshd_config.5 to match might be an additional
consideration.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: bdrewery 
Responsible-Changed-When: Sat Jun 29 06:31:10 CDT 2013 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=179619 
>Unformatted:
