From 90e56df74e308c468796fb3a818f0e7f95687efb Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 15 Jul 2020 21:09:40 +0200
Subject: [PATCH] Disable *-cbc ciphers by default

OpenSSH disabled them in 2014 and 2017 for servers and clients so its our
turn to follow the suit.

Fixes T236

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/kex.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/src/kex.c b/src/kex.c
index dc9d5097..c2c59de2 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -57,8 +57,8 @@
 
 #ifdef HAVE_LIBGCRYPT
 # define AES "aes256-gcm@openssh.com,aes128-gcm@openssh.com," \
-             "aes256-ctr,aes192-ctr,aes128-ctr," \
-             "aes256-cbc,aes192-cbc,aes128-cbc,"
+             "aes256-ctr,aes192-ctr,aes128-ctr,"
+# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
 # define DES "3des-cbc"
 # define DES_SUPPORTED "3des-cbc"
 
@@ -68,8 +68,8 @@
 # else
 #  define GCM ""
 # endif /* MBEDTLS_GCM_C */
-# define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr," \
-             "aes256-cbc,aes192-cbc,aes128-cbc,"
+# define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,"
+# define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
 # define DES "3des-cbc"
 # define DES_SUPPORTED "3des-cbc"
 
@@ -81,12 +81,15 @@
 #   define GCM ""
 #  endif /* HAVE_OPENSSL_EVP_AES_GCM */
 #  ifdef BROKEN_AES_CTR
-#   define AES GCM "aes256-cbc,aes192-cbc,aes128-cbc,"
+#   define AES GCM
+#   define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
 #  else /* BROKEN_AES_CTR */
-#   define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,"
+#   define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,"
+#   define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
 #  endif /* BROKEN_AES_CTR */
 # else /* HAVE_OPENSSL_AES_H */
 #  define AES ""
+#  define AES_CBC ""
 # endif /* HAVE_OPENSSL_AES_H */
 
 # define DES "3des-cbc"
@@ -230,8 +233,8 @@ static const char *fips_methods[] = {
 static const char *default_methods[] = {
     KEY_EXCHANGE,
     DEFAULT_PUBLIC_KEY_ALGORITHMS,
-    CHACHA20 AES BLOWFISH DES,
-    CHACHA20 AES BLOWFISH DES,
+    CHACHA20 AES DES,
+    CHACHA20 AES DES,
     "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
     "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
     "none",
@@ -245,8 +248,8 @@ static const char *default_methods[] = {
 static const char *supported_methods[] = {
   KEY_EXCHANGE_SUPPORTED,
   PUBLIC_KEY_ALGORITHMS,
-  CHACHA20 AES BLOWFISH DES_SUPPORTED NONE,
-  CHACHA20 AES BLOWFISH DES_SUPPORTED NONE,
+  CHACHA20 AES AES_CBC BLOWFISH DES_SUPPORTED NONE,
+  CHACHA20 AES AES_CBC BLOWFISH DES_SUPPORTED NONE,
   "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1" NONE,
   "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1" NONE,
   ZLIB,