# Patch offered upstream but rejected:

--- old/Makefile.in	2015-05-12 06:57:55.737824435 -0700

+++ new/Makefile.in	2015-05-12 06:57:55.859410671 -0700

@@ -155,7 +155,7 @@ $(SSHDOBJS): Makefile.in config.h

 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@

--- old/authfd.c	2015-03-16 22:49:20.000000000 -0700

+++ new/authfd.c	2015-05-12 06:57:55.860206664 -0700

@@ -569,8 +569,10 @@ ssh_add_identity_constrained(int sock, s

 #endif

--- old/authfile.c	2015-03-16 22:49:20.000000000 -0700

+++ new/authfile.c	2015-05-12 06:57:55.860669228 -0700

@@ -446,8 +446,10 @@ sshkey_load_private_cert(int type, const

-	case KEY_ED25519:

 #endif /* WITH_OPENSSL */

+	case KEY_ED25519:

 	case KEY_UNSPEC:

diff -pur old/dns.c new/dns.c

--- old/dns.c	2015-03-16 22:49:20.000000000 -0700

+++ new/dns.c	2015-05-12 06:57:55.861065113 -0700

@@ -100,11 +100,13 @@ dns_read_key(u_int8_t *algorithm, u_int8

 		if (!*digest_type)

 			*digest_type = SSHFP_HASH_SHA256;

 		break;

+#ifndef WITHOUT_ED25519

 	case KEY_ED25519:

 		*algorithm = SSHFP_KEY_ED25519;

 		if (!*digest_type)

 			*digest_type = SSHFP_HASH_SHA256;

 		break;

+#endif /* WITHOUT_ED25519 */

 	default:

 		*algorithm = SSHFP_KEY_RESERVED; /* 0 */

 		*digest_type = SSHFP_HASH_RESERVED; /* 0 */

diff -pur old/dns.h new/dns.h

--- old/dns.h	2015-03-16 22:49:20.000000000 -0700

+++ new/dns.h	2015-05-12 06:57:55.861358245 -0700

@@ -33,7 +33,9 @@ enum sshfp_types {

 	SSHFP_KEY_RSA = 1,

 	SSHFP_KEY_DSA = 2,

 	SSHFP_KEY_ECDSA = 3,

+#ifndef WITHOUT_ED25519

 	SSHFP_KEY_ED25519 = 4 

+#endif /* WITHOUT_ED25519 */

 };

 enum sshfp_hashes {

--- old/ed25519.c	2015-03-16 22:49:20.000000000 -0700

+++ new/ed25519.c	2015-05-12 06:57:55.861707517 -0700

@@ -7,6 +7,7 @@

 #include "includes.h"

 #include "ge25519.h"

@@ -142,3 +143,4 @@ int crypto_sign_ed25519_open(

--- old/fe25519.c	2015-03-16 22:49:20.000000000 -0700

+++ new/fe25519.c	2015-05-12 06:57:55.862124169 -0700

@@ -8,6 +8,7 @@

 #include "includes.h"

 #define WINDOWSIZE 1 /* Should be 1,2, or 4 */

 #define WINDOWMASK ((1<<WINDOWSIZE)-1)

@@ -335,3 +336,4 @@ void fe25519_pow2523(fe25519 *r, const f

--- old/fe25519.h	2015-03-16 22:49:20.000000000 -0700

+++ new/fe25519.h	2015-05-12 06:57:55.862460867 -0700

@@ -8,6 +8,7 @@

+#ifndef WITHOUT_ED25519

@@ -67,4 +68,5 @@ void fe25519_invert(fe25519 *r, const fe

--- old/ge25519.c	2015-03-16 22:49:20.000000000 -0700

+++ new/ge25519.c	2015-05-12 06:57:55.862878000 -0700

@@ -7,6 +7,7 @@

 #include "includes.h"

 #include "sc25519.h"

@@ -319,3 +320,4 @@ void ge25519_scalarmult_base(ge25519_p3

--- old/ge25519.h	2015-03-16 22:49:20.000000000 -0700

+++ new/ge25519.h	2015-05-12 06:57:55.863212105 -0700

--- old/kex.c	2015-05-12 06:57:55.741193024 -0700

+++ new/kex.c	2015-05-12 07:00:10.308904895 -0700

@@ -96,9 +96,11 @@ static const struct kexalg kexalgs[] = {

 # endif /* OPENSSL_HAS_NISTP521 */

 #endif /* OPENSSL_HAS_ECC */

 #endif /* WITH_OPENSSL */

+#ifndef WITHOUT_ED25519

 #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)

 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */

+#endif /* WITHOUT_ED25519 */

 	{ KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },

 	{ KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },

--- old/kex.h	2015-05-12 06:57:55.741694192 -0700

+++ new/kex.h	2015-05-12 07:01:49.320801815 -0700

@@ -58,13 +58,17 @@

 #define COMP_DELAYED	2

+#ifndef WITHOUT_ED25519

 #define CURVE25519_SIZE 32

+#endif /* WITHOUT_ED25519 */

 enum kex_init_proposals {

 	PROPOSAL_KEX_ALGS,

@@ -92,7 +96,9 @@ enum kex_exchange {

@@ -160,8 +166,10 @@ struct kex {

 	u_int	min, max, nbits;	/* GEX */

 	EC_KEY	*ec_client_key;		/* ECDH */

 	const EC_GROUP *ec_group;	/* ECDH */

 	u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */

 	u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */

 };

 int	 kex_names_valid(const char *);

@@ -188,8 +196,10 @@ int	 kexgex_client(struct ssh *);

 int	 kexgex_server(struct ssh *);

 int	 kexecdh_client(struct ssh *);

 int	 kexecdh_server(struct ssh *);

+#ifndef WITHOUT_ED25519

 int	 kexc25519_client(struct ssh *);

 int	 kexc25519_server(struct ssh *);

+#endif /* WITHOUT_ED25519 */

 int	 kexgss_client(Kex *);

 void	 kexgss_server(Kex *);

@@ -210,6 +220,7 @@ int kex_ecdh_hash(int, const EC_GROUP *,

     const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,

     const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);

 int	 kex_c25519_hash(int, const char *, const char *, const char *, size_t,

     const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,

     const u_char *, size_t, u_char *, size_t *);

@@ -221,6 +232,7 @@ int	kexc25519_shared_key(const u_char ke

     const u_char pub[CURVE25519_SIZE], struct sshbuf *out)

 int

--- old/kexc25519.c	2015-03-16 22:49:20.000000000 -0700

+++ new/kexc25519.c	2015-05-12 06:57:55.865837542 -0700

@@ -27,6 +27,7 @@

 #include "includes.h"

 #include <sys/types.h>

 #include <signal.h>

@@ -126,3 +127,4 @@ kex_c25519_hash(

 #endif

 	return 0;

--- old/kexc25519c.c	2015-03-16 22:49:20.000000000 -0700

+++ new/kexc25519c.c	2015-05-12 06:57:55.866212606 -0700

@@ -27,6 +27,7 @@

+#ifndef WITHOUT_ED25519

 #include <stdio.h>

@@ -168,3 +169,4 @@ out:

 	sshbuf_free(shared_secret);

 	return r;

--- old/kexc25519s.c	2015-03-16 22:49:20.000000000 -0700

+++ new/kexc25519s.c	2015-05-12 06:57:55.866584623 -0700

@@ -26,6 +26,8 @@

 #include "includes.h"

 #include <string.h>

 #include <signal.h>

@@ -156,3 +158,4 @@ out:

 	sshbuf_free(shared_secret);

 	return r;

diff -pur old/monitor.c new/monitor.c

--- old/monitor.c	2015-05-12 06:57:55.743678816 -0700

+++ new/monitor.c	2015-05-12 07:02:27.111640142 -0700

@@ -1937,7 +1937,9 @@ monitor_apply_keystate(struct monitor *p

 		kex->kex[KEX_ECDH_SHA2] = kexecdh_server;

 # endif

 #endif /* WITH_OPENSSL */

 		kex->kex[KEX_C25519_SHA256] = kexc25519_server;

 #ifdef GSSAPI

 		if (options.gss_keyex) {

 			kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;

diff -pur old/myproposal.h new/myproposal.h

--- old/myproposal.h	2015-03-16 22:49:20.000000000 -0700

+++ new/myproposal.h	2015-06-05 02:29:36.569958448 -0700

@@ -59,6 +59,20 @@

 # define HOSTKEY_ECDSA_METHODS

+# if defined(WITH_OPENSSL) && defined(HAVE_EVP_SHA256)

+#  define KEX_CURVE25519_METHODS "[email protected],"

+# else

+#  define KEX_CURVE25519_METHODS

+# endif

+# define HOSTKEY_CURVE25519_CERT_METHODS "[email protected],"

+# define HOSTKEY_CURVE25519_METHODS "ssh-ed25519,"

+#else

+# define KEX_CURVE25519_METHODS

+# define HOSTKEY_CURVE25519_CERT_METHODS

+# define HOSTKEY_CURVE25519_METHODS

+

 #ifdef OPENSSL_HAVE_EVPGCM

 # define AESGCM_CIPHER_MODES \

 	"[email protected],[email protected],"

@@ -78,11 +92,6 @@

 #ifdef WITH_OPENSSL

-# ifdef HAVE_EVP_SHA256

-#  define KEX_CURVE25519_METHODS "[email protected],"

-# else

-#  define KEX_CURVE25519_METHODS ""

-# endif

 #define KEX_SERVER_KEX \

@@ -95,13 +104,13 @@

 #define	KEX_DEFAULT_PK_ALG	\

 	HOSTKEY_ECDSA_CERT_METHODS \

-	"[email protected]," \

+	HOSTKEY_CURVE25519_CERT_METHODS \

 	"[email protected]," \

 	"[email protected]," \

 	"[email protected]," \

 	"[email protected]," \

 	HOSTKEY_ECDSA_METHODS \

-	"ssh-ed25519," \

+	HOSTKEY_CURVE25519_METHODS \

@@ -143,10 +152,10 @@

 #else

 #define KEX_SERVER_KEX		\

-	"[email protected]"

+	KEX_CURVE25519_METHODS

 #define	KEX_DEFAULT_PK_ALG	\

-	"[email protected]," \

-	"ssh-ed25519"

+	HOSTKEY_CURVE25519_CERT_METHODS \

+	HOSTKEY_CURVE25519_METHODS

 #define	KEX_SERVER_ENCRYPT \

 	"aes128-ctr,aes192-ctr,aes256-ctr," \

 	"[email protected]"

--- old/openbsd-compat/Makefile.in	2015-03-16 22:49:20.000000000 -0700

+++ new/openbsd-compat/Makefile.in	2015-05-12 06:57:55.869383953 -0700

--- old/pathnames.h	2015-03-16 22:49:20.000000000 -0700

+++ new/pathnames.h	2015-05-12 06:57:55.869773325 -0700

--- old/readconf.c	2015-05-12 06:57:55.746561528 -0700

+++ new/readconf.c	2015-05-12 06:57:55.870873194 -0700

@@ -1848,8 +1848,10 @@ fill_default_options(Options * options)

--- old/servconf.c	2015-05-12 06:57:55.748493685 -0700

+++ new/servconf.c	2015-05-12 06:57:55.872093181 -0700

@@ -216,8 +216,10 @@ fill_default_server_options(ServerOption

--- old/smult_curve25519_ref.c	2015-03-16 22:49:20.000000000 -0700

+++ new/smult_curve25519_ref.c	2015-05-12 06:57:55.872682983 -0700

@@ -263,3 +265,4 @@ int crypto_scalarmult_curve25519(unsigne

--- old/ssh-add.0	2015-03-17 21:26:35.000000000 -0700

+++ new/ssh-add.0	2015-05-12 07:37:37.356166396 -0700

+     ~/.ssh/id_rsa, ~/.ssh/id_dsa, and

@@ -96,14 +96,6 @@ FILES

-             Contains the protocol version 2 Ed25519 authentication identity

--- old/ssh-add.1	2015-03-16 22:49:20.000000000 -0700

+++ new/ssh-add.1	2015-05-12 07:47:42.099918141 -0700

@@ -58,8 +58,6 @@ adds private key identities to the authe

@@ -177,10 +175,6 @@ socket used to communicate with the agen

-Contains the protocol version 2 Ed25519 authentication identity of the user.