|
1 # |
|
2 # Per Solaris crypto team recommendation, we need to remove support for |
|
3 # Curve25519 from OpenSSH. |
|
4 # |
|
5 # Patch offered upstream: |
|
6 # https://bugzilla.mindrot.org/show_bug.cgi?id=2376 |
|
7 # |
|
8 diff -pur old/Makefile.in new/Makefile.in |
|
9 --- old/Makefile.in 2015-03-31 21:14:02.427499635 -0700 |
|
10 +++ new/Makefile.in 2015-04-02 02:30:04.830658823 -0700 |
|
11 @@ -141,7 +141,7 @@ $(SSHDOBJS): Makefile.in config.h |
|
12 $(CC) $(CFLAGS) $(CPPFLAGS) -c $< |
|
13 |
|
14 LIBCOMPAT=openbsd-compat/libopenbsd-compat.a |
|
15 -$(LIBCOMPAT): always |
|
16 +$(LIBCOMPAT): always libssh.a |
|
17 (cd openbsd-compat && $(MAKE)) |
|
18 always: |
|
19 |
|
20 diff -pur old/authfd.c new/authfd.c |
|
21 --- old/authfd.c 2013-12-28 22:49:56.000000000 -0800 |
|
22 +++ new/authfd.c 2015-04-01 01:53:06.534109950 -0700 |
|
23 @@ -508,8 +508,10 @@ ssh_add_identity_constrained(Authenticat |
|
24 case KEY_DSA_CERT_V00: |
|
25 case KEY_ECDSA: |
|
26 case KEY_ECDSA_CERT: |
|
27 +#ifndef WITHOUT_ED25519 |
|
28 case KEY_ED25519: |
|
29 case KEY_ED25519_CERT: |
|
30 +#endif /* WITHOUT_ED25519 */ |
|
31 type = constrained ? |
|
32 SSH2_AGENTC_ADD_ID_CONSTRAINED : |
|
33 SSH2_AGENTC_ADD_IDENTITY; |
|
34 diff -pur old/authfile.c new/authfile.c |
|
35 --- old/authfile.c 2013-12-28 22:50:15.000000000 -0800 |
|
36 +++ new/authfile.c 2015-04-01 05:27:03.024708427 -0700 |
|
37 @@ -597,9 +597,11 @@ key_private_to_blob(Key *key, Buffer *bl |
|
38 comment, new_format_cipher, new_format_rounds); |
|
39 } |
|
40 return key_private_pem_to_blob(key, blob, passphrase, comment); |
|
41 +#ifndef WITHOUT_ED25519 |
|
42 case KEY_ED25519: |
|
43 return key_private_to_blob2(key, blob, passphrase, |
|
44 comment, new_format_cipher, new_format_rounds); |
|
45 +#endif /* WITHOUT_ED25519 */ |
|
46 default: |
|
47 error("%s: cannot save key type %d", __func__, key->type); |
|
48 return 0; |
|
49 @@ -1005,8 +1007,10 @@ key_parse_private_type(Buffer *blob, int |
|
50 case KEY_ECDSA: |
|
51 case KEY_RSA: |
|
52 return key_parse_private_pem(blob, type, passphrase, commentp); |
|
53 +#ifndef WITHOUT_ED25519 |
|
54 case KEY_ED25519: |
|
55 return key_parse_private2(blob, type, passphrase, commentp); |
|
56 +#endif /* WITHOUT_ED25519 */ |
|
57 case KEY_UNSPEC: |
|
58 if ((k = key_parse_private2(blob, type, passphrase, commentp))) |
|
59 return k; |
|
60 @@ -1213,7 +1217,9 @@ key_load_private_cert(int type, const ch |
|
61 case KEY_RSA: |
|
62 case KEY_DSA: |
|
63 case KEY_ECDSA: |
|
64 +#ifndef WITHOUT_ED25519 |
|
65 case KEY_ED25519: |
|
66 +#endif /* WITHOUT_ED25519 */ |
|
67 break; |
|
68 default: |
|
69 error("%s: unsupported key type", __func__); |
|
70 diff -pur old/crypto_api.h new/crypto_api.h |
|
71 --- old/crypto_api.h 2014-01-16 17:31:34.000000000 -0800 |
|
72 +++ new/crypto_api.h 2015-04-02 00:35:29.952105991 -0700 |
|
73 @@ -26,7 +26,7 @@ int crypto_hashblocks_sha512(unsigned ch |
|
74 |
|
75 #define crypto_hash_sha512_BYTES 64U |
|
76 |
|
77 -int crypto_hash_sha512(unsigned char *, const unsigned char *, |
|
78 +extern int crypto_hash_sha512(unsigned char *, const unsigned char *, |
|
79 unsigned long long); |
|
80 |
|
81 int crypto_verify_32(const unsigned char *, const unsigned char *); |
|
82 diff -pur old/ed25519.c new/ed25519.c |
|
83 --- old/ed25519.c 2013-12-17 22:48:11.000000000 -0800 |
|
84 +++ new/ed25519.c 2015-04-01 09:03:04.052497535 -0700 |
|
85 @@ -6,6 +6,8 @@ |
|
86 * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c |
|
87 */ |
|
88 |
|
89 +#ifndef WITHOUT_ED25519 |
|
90 + |
|
91 #include "includes.h" |
|
92 #include "crypto_api.h" |
|
93 |
|
94 @@ -142,3 +144,4 @@ int crypto_sign_ed25519_open( |
|
95 } |
|
96 return ret; |
|
97 } |
|
98 +#endif /* WITHOUT_ED25519 */ |
|
99 diff -pur old/fe25519.c new/fe25519.c |
|
100 --- old/fe25519.c 2014-01-16 17:43:44.000000000 -0800 |
|
101 +++ new/fe25519.c 2015-04-01 03:48:12.251955071 -0700 |
|
102 @@ -6,6 +6,8 @@ |
|
103 * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c |
|
104 */ |
|
105 |
|
106 +#ifndef WITHOUT_ED25519 |
|
107 + |
|
108 #include "includes.h" |
|
109 |
|
110 #define WINDOWSIZE 1 /* Should be 1,2, or 4 */ |
|
111 @@ -335,3 +337,5 @@ void fe25519_pow2523(fe25519 *r, const f |
|
112 /* 2^252 - 2^2 */ fe25519_square(&t,&t); |
|
113 /* 2^252 - 3 */ fe25519_mul(r,&t,x); |
|
114 } |
|
115 + |
|
116 +#endif /* WITHOUT_ED25519 */ |
|
117 diff -pur old/fe25519.h new/fe25519.h |
|
118 --- old/fe25519.h 2013-12-17 22:48:11.000000000 -0800 |
|
119 +++ new/fe25519.h 2015-04-01 03:47:56.992321351 -0700 |
|
120 @@ -9,6 +9,8 @@ |
|
121 #ifndef FE25519_H |
|
122 #define FE25519_H |
|
123 |
|
124 +#ifndef WITHOUT_ED25519 |
|
125 + |
|
126 #include "crypto_api.h" |
|
127 |
|
128 #define fe25519 crypto_sign_ed25519_ref_fe25519 |
|
129 @@ -67,4 +69,5 @@ void fe25519_invert(fe25519 *r, const fe |
|
130 |
|
131 void fe25519_pow2523(fe25519 *r, const fe25519 *x); |
|
132 |
|
133 +#endif /* WITHOUT_ED25519 */ |
|
134 #endif |
|
135 diff -pur old/ge25519.c new/ge25519.c |
|
136 --- old/ge25519.c 2014-01-16 17:43:44.000000000 -0800 |
|
137 +++ new/ge25519.c 2015-04-01 03:47:40.144323636 -0700 |
|
138 @@ -6,6 +6,8 @@ |
|
139 * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c |
|
140 */ |
|
141 |
|
142 +#ifndef WITHOUT_ED25519 |
|
143 + |
|
144 #include "includes.h" |
|
145 |
|
146 #include "fe25519.h" |
|
147 @@ -319,3 +321,5 @@ void ge25519_scalarmult_base(ge25519_p3 |
|
148 ge25519_mixadd2(r, &t); |
|
149 } |
|
150 } |
|
151 + |
|
152 +#endif /* WITHOUT_ED25519 */ |
|
153 diff -pur old/ge25519.h new/ge25519.h |
|
154 --- old/ge25519.h 2013-12-17 22:48:11.000000000 -0800 |
|
155 +++ new/ge25519.h 2015-04-01 03:47:22.801071311 -0700 |
|
156 @@ -8,6 +8,7 @@ |
|
157 |
|
158 #ifndef GE25519_H |
|
159 #define GE25519_H |
|
160 +#ifndef WITHOUT_ED25519 |
|
161 |
|
162 #include "fe25519.h" |
|
163 #include "sc25519.h" |
|
164 @@ -40,4 +41,5 @@ void ge25519_double_scalarmult_vartime(g |
|
165 |
|
166 void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s); |
|
167 |
|
168 +#endif /* WITHOUT_ED25519 */ |
|
169 #endif |
|
170 diff -pur old/kex.c new/kex.c |
|
171 --- old/kex.c 2015-03-31 21:14:02.430475216 -0700 |
|
172 +++ new/kex.c 2015-04-01 04:49:49.142934463 -0700 |
|
173 @@ -91,7 +91,7 @@ static const struct kexalg kexalgs[] = { |
|
174 # endif |
|
175 #endif |
|
176 { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 }, |
|
177 -#ifdef HAVE_EVP_SHA256 |
|
178 +#if defined(HAVE_EVP_SHA256) && !defined(WITHOUT_ED25519) |
|
179 { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, |
|
180 #endif |
|
181 #ifdef GSSAPI |
|
182 diff -pur old/kex.h new/kex.h |
|
183 --- old/kex.h 2015-03-31 21:14:02.430845488 -0700 |
|
184 +++ new/kex.h 2015-04-01 04:58:55.837357472 -0700 |
|
185 @@ -43,7 +43,9 @@ |
|
186 #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256" |
|
187 #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384" |
|
188 #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" |
|
189 +#ifndef WITHOUT_ED25519 |
|
190 #define KEX_CURVE25519_SHA256 "[email protected]" |
|
191 +#endif /* WITHOUT_ED25519 */ |
|
192 |
|
193 #define COMP_NONE 0 |
|
194 #define COMP_ZLIB 1 |
|
195 @@ -75,7 +77,9 @@ enum kex_exchange { |
|
196 KEX_DH_GEX_SHA1, |
|
197 KEX_DH_GEX_SHA256, |
|
198 KEX_ECDH_SHA2, |
|
199 +#ifndef WITHOUT_ED25519 |
|
200 KEX_C25519_SHA256, |
|
201 +#endif /* WITHOUT_ED25519 */ |
|
202 KEX_GSS_GRP1_SHA1, |
|
203 KEX_GSS_GRP14_SHA1, |
|
204 KEX_GSS_GEX_SHA1, |
|
205 @@ -172,8 +176,10 @@ void kexgex_client(Kex *); |
|
206 void kexgex_server(Kex *); |
|
207 void kexecdh_client(Kex *); |
|
208 void kexecdh_server(Kex *); |
|
209 +#ifndef WITHOUT_ED25519 |
|
210 void kexc25519_client(Kex *); |
|
211 void kexc25519_server(Kex *); |
|
212 +#endif /* WITHOUT_ED25519 */ |
|
213 |
|
214 #ifdef GSSAPI |
|
215 void kexgss_client(Kex *); |
|
216 @@ -193,6 +199,7 @@ kex_ecdh_hash(int, const EC_GROUP *, cha |
|
217 char *, int, u_char *, int, const EC_POINT *, const EC_POINT *, |
|
218 const BIGNUM *, u_char **, u_int *); |
|
219 #endif |
|
220 +#ifndef WITHOUT_ED25519 |
|
221 void |
|
222 kex_c25519_hash(int, char *, char *, char *, int, |
|
223 char *, int, u_char *, int, const u_char *, const u_char *, |
|
224 @@ -206,6 +213,7 @@ void kexc25519_shared_key(const u_char k |
|
225 const u_char pub[CURVE25519_SIZE], Buffer *out) |
|
226 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
|
227 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
|
228 +#endif /* WITHOUT_ED25519 */ |
|
229 |
|
230 void |
|
231 derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); |
|
232 diff -pur old/kexc25519.c new/kexc25519.c |
|
233 --- old/kexc25519.c 2014-01-12 00:21:23.000000000 -0800 |
|
234 +++ new/kexc25519.c 2015-04-01 04:52:44.039054396 -0700 |
|
235 @@ -25,6 +25,8 @@ |
|
236 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
237 */ |
|
238 |
|
239 +#ifndef WITHOUT_ED25519 |
|
240 + |
|
241 #include "includes.h" |
|
242 |
|
243 #include <sys/types.h> |
|
244 @@ -120,3 +122,5 @@ kex_c25519_hash( |
|
245 *hash = digest; |
|
246 *hashlen = ssh_digest_bytes(hash_alg); |
|
247 } |
|
248 + |
|
249 +#endif /* WITHOUT_ED25519 */ |
|
250 diff -pur old/kexc25519c.c new/kexc25519c.c |
|
251 --- old/kexc25519c.c 2014-01-12 00:21:23.000000000 -0800 |
|
252 +++ new/kexc25519c.c 2015-04-01 04:52:57.326754535 -0700 |
|
253 @@ -25,6 +25,8 @@ |
|
254 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
255 */ |
|
256 |
|
257 +#ifndef WITHOUT_ED25519 |
|
258 + |
|
259 #include "includes.h" |
|
260 |
|
261 #include <sys/types.h> |
|
262 @@ -127,3 +129,5 @@ kexc25519_client(Kex *kex) |
|
263 buffer_free(&shared_secret); |
|
264 kex_finish(kex); |
|
265 } |
|
266 + |
|
267 +#endif /* WITHOUT_ED25519 */ |
|
268 diff -pur old/kexc25519s.c new/kexc25519s.c |
|
269 --- old/kexc25519s.c 2014-01-12 00:21:23.000000000 -0800 |
|
270 +++ new/kexc25519s.c 2015-04-01 04:53:14.320854854 -0700 |
|
271 @@ -24,6 +24,8 @@ |
|
272 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
273 */ |
|
274 |
|
275 +#ifndef WITHOUT_ED25519 |
|
276 + |
|
277 #include "includes.h" |
|
278 |
|
279 #include <sys/types.h> |
|
280 @@ -124,3 +126,5 @@ kexc25519_server(Kex *kex) |
|
281 buffer_free(&shared_secret); |
|
282 kex_finish(kex); |
|
283 } |
|
284 + |
|
285 +#endif /* WITHOUT_ED25519 */ |
|
286 diff -pur old/key.c new/key.c |
|
287 --- old/key.c 2015-03-31 21:14:02.432016878 -0700 |
|
288 +++ new/key.c 2015-04-01 02:05:27.074044366 -0700 |
|
289 @@ -89,8 +89,10 @@ key_new(int type) |
|
290 k->dsa = NULL; |
|
291 k->rsa = NULL; |
|
292 k->cert = NULL; |
|
293 +#ifndef WITHOUT_ED25519 |
|
294 k->ed25519_sk = NULL; |
|
295 k->ed25519_pk = NULL; |
|
296 +#endif /* WITHOUT_ED25519 */ |
|
297 switch (k->type) { |
|
298 case KEY_RSA1: |
|
299 case KEY_RSA: |
|
300 @@ -125,10 +127,12 @@ key_new(int type) |
|
301 /* Cannot do anything until we know the group */ |
|
302 break; |
|
303 #endif |
|
304 +#ifndef WITHOUT_ED25519 |
|
305 case KEY_ED25519: |
|
306 case KEY_ED25519_CERT: |
|
307 /* no need to prealloc */ |
|
308 break; |
|
309 +#endif /* WITHOUT_ED25519 */ |
|
310 case KEY_UNSPEC: |
|
311 break; |
|
312 default: |
|
313 @@ -173,10 +177,12 @@ key_add_private(Key *k) |
|
314 case KEY_ECDSA_CERT: |
|
315 /* Cannot do anything until we know the group */ |
|
316 break; |
|
317 +#ifndef WITHOUT_ED25519 |
|
318 case KEY_ED25519: |
|
319 case KEY_ED25519_CERT: |
|
320 /* no need to prealloc */ |
|
321 break; |
|
322 +#endif /* WITHOUT_ED25519 */ |
|
323 case KEY_UNSPEC: |
|
324 break; |
|
325 default: |
|
326 @@ -239,6 +245,7 @@ key_free(Key *k) |
|
327 k->ecdsa = NULL; |
|
328 break; |
|
329 #endif |
|
330 +#ifndef WITHOUT_ED25519 |
|
331 case KEY_ED25519: |
|
332 case KEY_ED25519_CERT: |
|
333 if (k->ed25519_pk) { |
|
334 @@ -252,6 +259,7 @@ key_free(Key *k) |
|
335 k->ed25519_sk = NULL; |
|
336 } |
|
337 break; |
|
338 +#endif /* WITHOUT_ED25519 */ |
|
339 case KEY_UNSPEC: |
|
340 break; |
|
341 default: |
|
342 @@ -333,10 +341,12 @@ key_equal_public(const Key *a, const Key |
|
343 BN_CTX_free(bnctx); |
|
344 return 1; |
|
345 #endif /* OPENSSL_HAS_ECC */ |
|
346 +#ifndef WITHOUT_ED25519 |
|
347 case KEY_ED25519: |
|
348 case KEY_ED25519_CERT: |
|
349 return a->ed25519_pk != NULL && b->ed25519_pk != NULL && |
|
350 memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0; |
|
351 +#endif /* WITHOUT_ED25519 */ |
|
352 default: |
|
353 fatal("key_equal: bad key type %d", a->type); |
|
354 } |
|
355 @@ -392,7 +402,9 @@ key_fingerprint_raw(const Key *k, enum f |
|
356 case KEY_DSA: |
|
357 case KEY_ECDSA: |
|
358 case KEY_RSA: |
|
359 +#ifndef WITHOUT_ED25519 |
|
360 case KEY_ED25519: |
|
361 +#endif /* WITHOUT_ED25519 */ |
|
362 key_to_blob(k, &blob, &len); |
|
363 break; |
|
364 case KEY_DSA_CERT_V00: |
|
365 @@ -400,7 +412,9 @@ key_fingerprint_raw(const Key *k, enum f |
|
366 case KEY_DSA_CERT: |
|
367 case KEY_ECDSA_CERT: |
|
368 case KEY_RSA_CERT: |
|
369 +#ifndef WITHOUT_ED25519 |
|
370 case KEY_ED25519_CERT: |
|
371 +#endif /* WITHOUT_ED25519 */ |
|
372 /* We want a fingerprint of the _key_ not of the cert */ |
|
373 to_blob(k, &blob, &len, 1); |
|
374 break; |
|
375 @@ -728,13 +742,17 @@ key_read(Key *ret, char **cpp) |
|
376 case KEY_RSA: |
|
377 case KEY_DSA: |
|
378 case KEY_ECDSA: |
|
379 +#ifndef WITHOUT_ED25519 |
|
380 case KEY_ED25519: |
|
381 +#endif /* WITHOUT_ED25519 */ |
|
382 case KEY_DSA_CERT_V00: |
|
383 case KEY_RSA_CERT_V00: |
|
384 case KEY_DSA_CERT: |
|
385 case KEY_ECDSA_CERT: |
|
386 case KEY_RSA_CERT: |
|
387 +#ifndef WITHOUT_ED25519 |
|
388 case KEY_ED25519_CERT: |
|
389 +#endif /* WITHOUT_ED25519 */ |
|
390 space = strchr(cp, ' '); |
|
391 if (space == NULL) { |
|
392 debug3("key_read: missing whitespace"); |
|
393 @@ -836,6 +854,7 @@ key_read(Key *ret, char **cpp) |
|
394 #endif |
|
395 } |
|
396 #endif |
|
397 +#ifndef WITHOUT_ED25519 |
|
398 if (key_type_plain(ret->type) == KEY_ED25519) { |
|
399 free(ret->ed25519_pk); |
|
400 ret->ed25519_pk = k->ed25519_pk; |
|
401 @@ -844,6 +863,7 @@ key_read(Key *ret, char **cpp) |
|
402 /* XXX */ |
|
403 #endif |
|
404 } |
|
405 +#endif /* WITHOUT_ED25519 */ |
|
406 success = 1; |
|
407 /*XXXX*/ |
|
408 key_free(k); |
|
409 @@ -907,11 +927,13 @@ key_write(const Key *key, FILE *f) |
|
410 return 0; |
|
411 break; |
|
412 #endif |
|
413 +#ifndef WITHOUT_ED25519 |
|
414 case KEY_ED25519: |
|
415 case KEY_ED25519_CERT: |
|
416 if (key->ed25519_pk == NULL) |
|
417 return 0; |
|
418 break; |
|
419 +#endif /* WITHOUT_ED25519 */ |
|
420 case KEY_RSA: |
|
421 case KEY_RSA_CERT_V00: |
|
422 case KEY_RSA_CERT: |
|
423 @@ -959,7 +981,9 @@ static const struct keytype keytypes[] = |
|
424 { NULL, "RSA1", KEY_RSA1, 0, 0 }, |
|
425 { "ssh-rsa", "RSA", KEY_RSA, 0, 0 }, |
|
426 { "ssh-dss", "DSA", KEY_DSA, 0, 0 }, |
|
427 +#ifndef WITHOUT_ED25519 |
|
428 { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 }, |
|
429 +#endif /* WITHOUT_ED25519 */ |
|
430 #ifdef OPENSSL_HAS_ECC |
|
431 { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 }, |
|
432 { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 }, |
|
433 @@ -983,8 +1007,10 @@ static const struct keytype keytypes[] = |
|
434 KEY_RSA_CERT_V00, 0, 1 }, |
|
435 { "[email protected]", "DSA-CERT-V00", |
|
436 KEY_DSA_CERT_V00, 0, 1 }, |
|
437 +#ifndef WITHOUT_ED25519 |
|
438 { "[email protected]", "ED25519-CERT", |
|
439 KEY_ED25519_CERT, 0, 1 }, |
|
440 +#endif /* WITHOUT_ED25519 */ |
|
441 { "null", "null", KEY_NULL, 0, 0 }, |
|
442 { NULL, NULL, -1, -1, 0 } |
|
443 }; |
|
444 @@ -1097,7 +1123,9 @@ key_type_is_valid_ca(int type) |
|
445 case KEY_RSA: |
|
446 case KEY_DSA: |
|
447 case KEY_ECDSA: |
|
448 +#ifndef WITHOUT_ED25519 |
|
449 case KEY_ED25519: |
|
450 +#endif /* WITHOUT_ED25519 */ |
|
451 return 1; |
|
452 default: |
|
453 return 0; |
|
454 @@ -1117,8 +1145,10 @@ key_size(const Key *k) |
|
455 case KEY_DSA_CERT_V00: |
|
456 case KEY_DSA_CERT: |
|
457 return BN_num_bits(k->dsa->p); |
|
458 +#ifndef WITHOUT_ED25519 |
|
459 case KEY_ED25519: |
|
460 return 256; /* XXX */ |
|
461 +#endif /* WITHOUT_ED25519 */ |
|
462 #ifdef OPENSSL_HAS_ECC |
|
463 case KEY_ECDSA: |
|
464 case KEY_ECDSA_CERT: |
|
465 @@ -1262,11 +1292,13 @@ key_generate(int type, u_int bits) |
|
466 case KEY_RSA1: |
|
467 k->rsa = rsa_generate_private_key(bits); |
|
468 break; |
|
469 +#ifndef WITHOUT_ED25519 |
|
470 case KEY_ED25519: |
|
471 k->ed25519_pk = xmalloc(ED25519_PK_SZ); |
|
472 k->ed25519_sk = xmalloc(ED25519_SK_SZ); |
|
473 crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk); |
|
474 break; |
|
475 +#endif /* WITHOUT_ED25519 */ |
|
476 case KEY_RSA_CERT_V00: |
|
477 case KEY_DSA_CERT_V00: |
|
478 case KEY_RSA_CERT: |
|
479 @@ -1360,6 +1392,7 @@ key_from_private(const Key *k) |
|
480 (BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
|
481 fatal("key_from_private: BN_copy failed"); |
|
482 break; |
|
483 +#ifndef WITHOUT_ED25519 |
|
484 case KEY_ED25519: |
|
485 case KEY_ED25519_CERT: |
|
486 n = key_new(k->type); |
|
487 @@ -1368,6 +1401,7 @@ key_from_private(const Key *k) |
|
488 memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); |
|
489 } |
|
490 break; |
|
491 +#endif /* WITHOUT_ED25519 */ |
|
492 default: |
|
493 fatal("key_from_private: unknown type %d", k->type); |
|
494 break; |
|
495 @@ -1629,6 +1663,7 @@ key_from_blob2(const u_char *blob, u_int |
|
496 #endif |
|
497 break; |
|
498 #endif /* OPENSSL_HAS_ECC */ |
|
499 +#ifndef WITHOUT_ED25519 |
|
500 case KEY_ED25519_CERT: |
|
501 (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */ |
|
502 /* FALLTHROUGH */ |
|
503 @@ -1646,6 +1681,7 @@ key_from_blob2(const u_char *blob, u_int |
|
504 key->ed25519_pk = pk; |
|
505 pk = NULL; |
|
506 break; |
|
507 +#endif /* WITHOUT_ED25519 */ |
|
508 case KEY_UNSPEC: |
|
509 key = key_new(type); |
|
510 break; |
|
511 @@ -1700,7 +1736,9 @@ to_blob(const Key *key, u_char **blobp, |
|
512 case KEY_DSA_CERT: |
|
513 case KEY_ECDSA_CERT: |
|
514 case KEY_RSA_CERT: |
|
515 +#ifndef WITHOUT_ED25519 |
|
516 case KEY_ED25519_CERT: |
|
517 +#endif /* WITHOUT_ED25519 */ |
|
518 /* Use the existing blob */ |
|
519 buffer_append(&b, buffer_ptr(&key->cert->certblob), |
|
520 buffer_len(&key->cert->certblob)); |
|
521 @@ -1728,11 +1766,13 @@ to_blob(const Key *key, u_char **blobp, |
|
522 buffer_put_bignum2(&b, key->rsa->e); |
|
523 buffer_put_bignum2(&b, key->rsa->n); |
|
524 break; |
|
525 +#ifndef WITHOUT_ED25519 |
|
526 case KEY_ED25519: |
|
527 buffer_put_cstring(&b, |
|
528 key_ssh_name_from_type_nid(type, key->ecdsa_nid)); |
|
529 buffer_put_string(&b, key->ed25519_pk, ED25519_PK_SZ); |
|
530 break; |
|
531 +#endif /* WITHOUT_ED25519 */ |
|
532 default: |
|
533 error("key_to_blob: unsupported key type %d", key->type); |
|
534 buffer_free(&b); |
|
535 @@ -1776,9 +1816,11 @@ key_sign( |
|
536 case KEY_RSA_CERT: |
|
537 case KEY_RSA: |
|
538 return ssh_rsa_sign(key, sigp, lenp, data, datalen); |
|
539 +#ifndef WITHOUT_ED25519 |
|
540 case KEY_ED25519: |
|
541 case KEY_ED25519_CERT: |
|
542 return ssh_ed25519_sign(key, sigp, lenp, data, datalen); |
|
543 +#endif /* WITHOUT_ED25519 */ |
|
544 default: |
|
545 error("key_sign: invalid key type %d", key->type); |
|
546 return -1; |
|
547 @@ -1812,9 +1854,11 @@ key_verify( |
|
548 case KEY_RSA_CERT: |
|
549 case KEY_RSA: |
|
550 return ssh_rsa_verify(key, signature, signaturelen, data, datalen); |
|
551 +#ifndef WITHOUT_ED25519 |
|
552 case KEY_ED25519: |
|
553 case KEY_ED25519_CERT: |
|
554 return ssh_ed25519_verify(key, signature, signaturelen, data, datalen); |
|
555 +#endif /* WITHOUT_ED25519 */ |
|
556 default: |
|
557 error("key_verify: invalid key type %d", key->type); |
|
558 return -1; |
|
559 @@ -1834,8 +1878,10 @@ key_demote(const Key *k) |
|
560 pk->dsa = NULL; |
|
561 pk->ecdsa = NULL; |
|
562 pk->rsa = NULL; |
|
563 +#ifndef WITHOUT_ED25519 |
|
564 pk->ed25519_pk = NULL; |
|
565 pk->ed25519_sk = NULL; |
|
566 +#endif /* WITHOUT_ED25519 */ |
|
567 |
|
568 switch (k->type) { |
|
569 case KEY_RSA_CERT_V00: |
|
570 @@ -1879,6 +1925,7 @@ key_demote(const Key *k) |
|
571 fatal("key_demote: EC_KEY_set_public_key failed"); |
|
572 break; |
|
573 #endif |
|
574 +#ifndef WITHOUT_ED25519 |
|
575 case KEY_ED25519_CERT: |
|
576 key_cert_copy(k, pk); |
|
577 /* FALLTHROUGH */ |
|
578 @@ -1888,6 +1935,7 @@ key_demote(const Key *k) |
|
579 memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ); |
|
580 } |
|
581 break; |
|
582 +#endif /* WITHOUT_ED25519 */ |
|
583 default: |
|
584 fatal("key_demote: bad key type %d", k->type); |
|
585 break; |
|
586 @@ -1917,8 +1965,10 @@ key_type_plain(int type) |
|
587 return KEY_DSA; |
|
588 case KEY_ECDSA_CERT: |
|
589 return KEY_ECDSA; |
|
590 +#ifndef WITHOUT_ED25519 |
|
591 case KEY_ED25519_CERT: |
|
592 return KEY_ED25519; |
|
593 +#endif /* WITHOUT_ED25519 */ |
|
594 default: |
|
595 return type; |
|
596 } |
|
597 @@ -1944,6 +1994,7 @@ key_to_certified(Key *k, int legacy) |
|
598 k->cert = cert_new(); |
|
599 k->type = KEY_ECDSA_CERT; |
|
600 return 0; |
|
601 +#ifndef WITHOUT_ED25519 |
|
602 case KEY_ED25519: |
|
603 if (legacy) |
|
604 fatal("%s: legacy ED25519 certificates are not " |
|
605 @@ -1951,6 +2002,7 @@ key_to_certified(Key *k, int legacy) |
|
606 k->cert = cert_new(); |
|
607 k->type = KEY_ED25519_CERT; |
|
608 return 0; |
|
609 +#endif /* WITHOUT_ED25519 */ |
|
610 default: |
|
611 error("%s: key has incorrect type %s", __func__, key_type(k)); |
|
612 return -1; |
|
613 @@ -2029,10 +2081,12 @@ key_certify(Key *k, Key *ca) |
|
614 buffer_put_bignum2(&k->cert->certblob, k->rsa->e); |
|
615 buffer_put_bignum2(&k->cert->certblob, k->rsa->n); |
|
616 break; |
|
617 +#ifndef WITHOUT_ED25519 |
|
618 case KEY_ED25519_CERT: |
|
619 buffer_put_string(&k->cert->certblob, |
|
620 k->ed25519_pk, ED25519_PK_SZ); |
|
621 break; |
|
622 +#endif /* WITHOUT_ED25519 */ |
|
623 default: |
|
624 error("%s: key has incorrect type %s", __func__, key_type(k)); |
|
625 buffer_clear(&k->cert->certblob); |
|
626 @@ -2450,6 +2504,7 @@ key_private_serialize(const Key *key, Bu |
|
627 buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa)); |
|
628 break; |
|
629 #endif /* OPENSSL_HAS_ECC */ |
|
630 +#ifndef WITHOUT_ED25519 |
|
631 case KEY_ED25519: |
|
632 buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ); |
|
633 buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ); |
|
634 @@ -2462,6 +2517,7 @@ key_private_serialize(const Key *key, Bu |
|
635 buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ); |
|
636 buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ); |
|
637 break; |
|
638 +#endif /* WITHOUT_ED25519 */ |
|
639 } |
|
640 } |
|
641 |
|
642 @@ -2576,6 +2632,7 @@ key_private_deserialize(Buffer *blob) |
|
643 buffer_get_bignum2(blob, k->rsa->p); |
|
644 buffer_get_bignum2(blob, k->rsa->q); |
|
645 break; |
|
646 +#ifndef WITHOUT_ED25519 |
|
647 case KEY_ED25519: |
|
648 k = key_new_private(type); |
|
649 k->ed25519_pk = buffer_get_string(blob, &pklen); |
|
650 @@ -2602,6 +2659,7 @@ key_private_deserialize(Buffer *blob) |
|
651 fatal("%s: ed25519 sklen %d != %d", |
|
652 __func__, sklen, ED25519_SK_SZ); |
|
653 break; |
|
654 +#endif /* WITHOUT_ED25519 */ |
|
655 default: |
|
656 free(type_name); |
|
657 buffer_clear(blob); |
|
658 diff -pur old/key.h new/key.h |
|
659 --- old/key.h 2015-03-31 21:14:02.432362912 -0700 |
|
660 +++ new/key.h 2015-04-01 02:07:01.018270150 -0700 |
|
661 @@ -39,11 +39,15 @@ enum types { |
|
662 KEY_RSA, |
|
663 KEY_DSA, |
|
664 KEY_ECDSA, |
|
665 +#ifndef WITHOUT_ED25519 |
|
666 KEY_ED25519, |
|
667 +#endif /* WITHOUT_ED25519 */ |
|
668 KEY_RSA_CERT, |
|
669 KEY_DSA_CERT, |
|
670 KEY_ECDSA_CERT, |
|
671 +#ifndef WITHOUT_ED25519 |
|
672 KEY_ED25519_CERT, |
|
673 +#endif /* WITHOUT_ED25519 */ |
|
674 KEY_RSA_CERT_V00, |
|
675 KEY_DSA_CERT_V00, |
|
676 KEY_NULL, |
|
677 @@ -89,12 +93,16 @@ struct Key { |
|
678 void *ecdsa; |
|
679 #endif |
|
680 struct KeyCert *cert; |
|
681 +#ifndef WITHOUT_ED25519 |
|
682 u_char *ed25519_sk; |
|
683 u_char *ed25519_pk; |
|
684 +#endif /* WITHOUT_ED25519 */ |
|
685 }; |
|
686 |
|
687 +#ifndef WITHOUT_ED25519 |
|
688 #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES |
|
689 #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES |
|
690 +#endif /* WITHOUT_ED25519 */ |
|
691 |
|
692 Key *key_new(int); |
|
693 void key_add_private(Key *); |
|
694 @@ -153,8 +161,10 @@ int ssh_ecdsa_sign(const Key *, u_char |
|
695 int ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
|
696 int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
|
697 int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
|
698 +#ifndef WITHOUT_ED25519 |
|
699 int ssh_ed25519_sign(const Key *, u_char **, u_int *, const u_char *, u_int); |
|
700 int ssh_ed25519_verify(const Key *, const u_char *, u_int, const u_char *, u_int); |
|
701 +#endif /* WITHOUT_ED25519 */ |
|
702 |
|
703 #if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK)) |
|
704 void key_dump_ec_point(const EC_GROUP *, const EC_POINT *); |
|
705 diff -pur old/monitor.c new/monitor.c |
|
706 --- old/monitor.c 2015-03-31 21:14:02.433735148 -0700 |
|
707 +++ new/monitor.c 2015-04-01 04:54:56.314967559 -0700 |
|
708 @@ -1902,7 +1902,9 @@ mm_get_kex(Buffer *m) |
|
709 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
|
710 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
|
711 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
|
712 +#ifndef WITHOUT_ED25519 |
|
713 kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
|
714 +#endif /* WITHOUT_ED25519 */ |
|
715 #ifdef GSSAPI |
|
716 if (options.gss_keyex) { |
|
717 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; |
|
718 diff -pur old/myproposal.h new/myproposal.h |
|
719 --- old/myproposal.h 2013-12-06 16:24:02.000000000 -0800 |
|
720 +++ new/myproposal.h 2015-04-01 02:12:36.430101847 -0700 |
|
721 @@ -80,6 +80,24 @@ |
|
722 # define SHA2_HMAC_MODES |
|
723 #endif |
|
724 |
|
725 +#ifdef WITHOUT_ED25519 |
|
726 +# define KEX_DEFAULT_KEX \ |
|
727 + KEX_ECDH_METHODS \ |
|
728 + KEX_SHA256_METHODS \ |
|
729 + "diffie-hellman-group-exchange-sha1," \ |
|
730 + "diffie-hellman-group14-sha1," \ |
|
731 + "diffie-hellman-group1-sha1" |
|
732 + |
|
733 +#define KEX_DEFAULT_PK_ALG \ |
|
734 + HOSTKEY_ECDSA_CERT_METHODS \ |
|
735 + "[email protected]," \ |
|
736 + "[email protected]," \ |
|
737 + "[email protected]," \ |
|
738 + "[email protected]," \ |
|
739 + HOSTKEY_ECDSA_METHODS \ |
|
740 + "ssh-rsa," \ |
|
741 + "ssh-dss" |
|
742 +#else /* WITHOUT_ED25519 */ |
|
743 # define KEX_DEFAULT_KEX \ |
|
744 KEX_CURVE25519_METHODS \ |
|
745 KEX_ECDH_METHODS \ |
|
746 @@ -99,6 +117,7 @@ |
|
747 "ssh-ed25519," \ |
|
748 "ssh-rsa," \ |
|
749 "ssh-dss" |
|
750 +#endif /* WITHOUT_ED25519 */ |
|
751 |
|
752 /* the actual algorithms */ |
|
753 |
|
754 diff -pur old/openbsd-compat/Makefile.in new/openbsd-compat/Makefile.in |
|
755 --- old/openbsd-compat/Makefile.in 2013-12-06 17:37:54.000000000 -0800 |
|
756 +++ new/openbsd-compat/Makefile.in 2015-04-02 02:29:35.165103300 -0700 |
|
757 @@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@ |
|
758 |
|
759 OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o |
|
760 |
|
761 -COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o |
|
762 +COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o |
|
763 |
|
764 PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o |
|
765 |
|
766 @@ -32,7 +32,7 @@ $(OPENBSD): ../config.h |
|
767 $(PORTS): ../config.h |
|
768 |
|
769 libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS) |
|
770 - $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) |
|
771 + $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) ../hash.o ../blocks.o |
|
772 $(RANLIB) $@ |
|
773 |
|
774 clean: |
|
775 diff -pur old/pathnames.h new/pathnames.h |
|
776 --- old/pathnames.h 2013-12-06 16:24:02.000000000 -0800 |
|
777 +++ new/pathnames.h 2015-04-01 02:13:45.651827507 -0700 |
|
778 @@ -39,7 +39,9 @@ |
|
779 #define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key" |
|
780 #define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key" |
|
781 #define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key" |
|
782 +#ifndef WITHOUT_ED25519 |
|
783 #define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key" |
|
784 +#endif /* WITHOUT_ED25519 */ |
|
785 #define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key" |
|
786 #define _PATH_DH_MODULI SSHDIR "/moduli" |
|
787 /* Backwards compatibility */ |
|
788 @@ -78,7 +80,9 @@ |
|
789 #define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa" |
|
790 #define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa" |
|
791 #define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa" |
|
792 +#ifndef WITHOUT_ED25519 |
|
793 #define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519" |
|
794 +#endif /* WITHOUT_ED25519 */ |
|
795 |
|
796 /* |
|
797 * Configuration file in user's home directory. This file need not be |
|
798 diff -pur old/readconf.c new/readconf.c |
|
799 --- old/readconf.c 2015-03-31 21:14:02.435957183 -0700 |
|
800 +++ new/readconf.c 2015-04-01 02:14:22.222135058 -0700 |
|
801 @@ -1715,8 +1715,10 @@ fill_default_options(Options * options) |
|
802 add_identity_file(options, "~/", |
|
803 _PATH_SSH_CLIENT_ID_ECDSA, 0); |
|
804 #endif |
|
805 +#ifndef WITHOUT_ED25519 |
|
806 add_identity_file(options, "~/", |
|
807 _PATH_SSH_CLIENT_ID_ED25519, 0); |
|
808 +#endif /* WITHOUT_ED25519 */ |
|
809 } |
|
810 } |
|
811 if (options->escape_char == -1) |
|
812 diff -pur old/sc25519.c new/sc25519.c |
|
813 --- old/sc25519.c 2014-01-16 17:43:44.000000000 -0800 |
|
814 +++ new/sc25519.c 2015-04-01 03:46:19.162528358 -0700 |
|
815 @@ -6,6 +6,8 @@ |
|
816 * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c |
|
817 */ |
|
818 |
|
819 +#ifndef WITHOUT_ED25519 |
|
820 + |
|
821 #include "includes.h" |
|
822 |
|
823 #include "sc25519.h" |
|
824 @@ -306,3 +308,5 @@ void sc25519_2interleave2(unsigned char |
|
825 r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2); |
|
826 r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2); |
|
827 } |
|
828 + |
|
829 +#endif /* WITHOUT_ED25519 */ |
|
830 diff -pur old/sc25519.h new/sc25519.h |
|
831 --- old/sc25519.h 2013-12-17 22:48:11.000000000 -0800 |
|
832 +++ new/sc25519.h 2015-04-01 03:45:37.633735864 -0700 |
|
833 @@ -8,6 +8,7 @@ |
|
834 |
|
835 #ifndef SC25519_H |
|
836 #define SC25519_H |
|
837 +#ifndef WITHOUT_ED25519 |
|
838 |
|
839 #include "crypto_api.h" |
|
840 |
|
841 @@ -77,4 +78,5 @@ void sc25519_window5(signed char r[51], |
|
842 |
|
843 void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); |
|
844 |
|
845 +#endif /* WITHOUT_ED25519 */ |
|
846 #endif |
|
847 diff -pur old/servconf.c new/servconf.c |
|
848 --- old/servconf.c 2015-03-31 21:14:02.437668507 -0700 |
|
849 +++ new/servconf.c 2015-04-01 02:15:09.724697791 -0700 |
|
850 @@ -190,8 +190,10 @@ fill_default_server_options(ServerOption |
|
851 options->host_key_files[options->num_host_key_files++] = |
|
852 _PATH_HOST_ECDSA_KEY_FILE; |
|
853 #endif |
|
854 +#ifndef WITHOUT_ED25519 |
|
855 options->host_key_files[options->num_host_key_files++] = |
|
856 _PATH_HOST_ED25519_KEY_FILE; |
|
857 +#endif /* WITHOUT_ED25519 */ |
|
858 } |
|
859 } |
|
860 /* No certificates by default */ |
|
861 diff -pur old/smult_curve25519_ref.c new/smult_curve25519_ref.c |
|
862 --- old/smult_curve25519_ref.c 2013-11-03 13:26:53.000000000 -0800 |
|
863 +++ new/smult_curve25519_ref.c 2015-04-01 04:55:30.360761627 -0700 |
|
864 @@ -6,6 +6,8 @@ Public domain. |
|
865 Derived from public domain code by D. J. Bernstein. |
|
866 */ |
|
867 |
|
868 +#ifndef WITHOUT_ED25519 |
|
869 + |
|
870 int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *); |
|
871 |
|
872 static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) |
|
873 @@ -263,3 +265,5 @@ int crypto_scalarmult_curve25519(unsigne |
|
874 for (i = 0;i < 32;++i) q[i] = work[64 + i]; |
|
875 return 0; |
|
876 } |
|
877 + |
|
878 +#endif /* WITHOUT_ED25519 */ |
|
879 diff -pur old/ssh-add.0 new/ssh-add.0 |
|
880 --- old/ssh-add.0 2014-01-29 17:52:47.000000000 -0800 |
|
881 +++ new/ssh-add.0 2015-04-02 08:18:24.840811117 -0700 |
|
882 @@ -11,7 +11,7 @@ SYNOPSIS |
|
883 DESCRIPTION |
|
884 ssh-add adds private key identities to the authentication agent, |
|
885 ssh-agent(1). When run without arguments, it adds the files |
|
886 - ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and |
|
887 + ~/.ssh/id_rsa, ~/.ssh/id_dsa and |
|
888 ~/.ssh/identity. After loading a private key, ssh-add will try to load |
|
889 corresponding certificate information from the filename obtained by |
|
890 appending -cert.pub to the name of the private key file. Alternative |
|
891 @@ -91,14 +91,6 @@ FILES |
|
892 Contains the protocol version 2 DSA authentication identity of |
|
893 the user. |
|
894 |
|
895 - ~/.ssh/id_ecdsa |
|
896 - Contains the protocol version 2 ECDSA authentication identity of |
|
897 - the user. |
|
898 - |
|
899 - ~/.ssh/id_ed25519 |
|
900 - Contains the protocol version 2 ED25519 authentication identity |
|
901 - of the user. |
|
902 - |
|
903 ~/.ssh/id_rsa |
|
904 Contains the protocol version 2 RSA authentication identity of |
|
905 the user. |
|
906 diff -pur old/ssh-add.1 new/ssh-add.1 |
|
907 --- old/ssh-add.1 2013-12-17 22:46:28.000000000 -0800 |
|
908 +++ new/ssh-add.1 2015-04-02 08:11:00.150982710 -0700 |
|
909 @@ -57,8 +57,6 @@ adds private key identities to the authe |
|
910 When run without arguments, it adds the files |
|
911 .Pa ~/.ssh/id_rsa , |
|
912 .Pa ~/.ssh/id_dsa , |
|
913 -.Pa ~/.ssh/id_ecdsa , |
|
914 -.Pa ~/.ssh/id_ed25519 |
|
915 and |
|
916 .Pa ~/.ssh/identity . |
|
917 After loading a private key, |
|
918 @@ -168,10 +166,6 @@ socket used to communicate with the agen |
|
919 Contains the protocol version 1 RSA authentication identity of the user. |
|
920 .It Pa ~/.ssh/id_dsa |
|
921 Contains the protocol version 2 DSA authentication identity of the user. |
|
922 -.It Pa ~/.ssh/id_ecdsa |
|
923 -Contains the protocol version 2 ECDSA authentication identity of the user. |
|
924 -.It Pa ~/.ssh/id_ed25519 |
|
925 -Contains the protocol version 2 ED25519 authentication identity of the user. |
|
926 .It Pa ~/.ssh/id_rsa |
|
927 Contains the protocol version 2 RSA authentication identity of the user. |
|
928 .El |
|
929 diff -pur old/ssh-add.c new/ssh-add.c |
|
930 --- old/ssh-add.c 2013-12-28 22:44:07.000000000 -0800 |
|
931 +++ new/ssh-add.c 2015-04-01 04:55:52.619415360 -0700 |
|
932 @@ -73,7 +73,9 @@ static char *default_files[] = { |
|
933 #ifdef OPENSSL_HAS_ECC |
|
934 _PATH_SSH_CLIENT_ID_ECDSA, |
|
935 #endif |
|
936 +#ifndef WITHOUT_ED25519 |
|
937 _PATH_SSH_CLIENT_ID_ED25519, |
|
938 +#endif /* WITHOUT_ED25519 */ |
|
939 _PATH_SSH_CLIENT_IDENTITY, |
|
940 NULL |
|
941 }; |
|
942 diff -pur old/ssh-agent.0 new/ssh-agent.0 |
|
943 --- old/ssh-agent.0 2014-01-29 17:52:47.000000000 -0800 |
|
944 +++ new/ssh-agent.0 2015-04-02 08:18:54.504859476 -0700 |
|
945 @@ -9,7 +9,7 @@ SYNOPSIS |
|
946 |
|
947 DESCRIPTION |
|
948 ssh-agent is a program to hold private keys used for public key |
|
949 - authentication (RSA, DSA, ECDSA, ED25519). The idea is that ssh-agent is |
|
950 + authentication (RSA, DSA). The idea is that ssh-agent is |
|
951 started in the beginning of an X-session or a login session, and all |
|
952 other windows or programs are started as clients to the ssh-agent |
|
953 program. Through use of environment variables the agent can be located |
|
954 @@ -46,8 +46,8 @@ DESCRIPTION |
|
955 |
|
956 The agent initially does not have any private keys. Keys are added using |
|
957 ssh-add(1). When executed without arguments, ssh-add(1) adds the files |
|
958 - ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and |
|
959 - ~/.ssh/identity. If the identity has a passphrase, ssh-add(1) asks for |
|
960 + ~/.ssh/id_rsa, ~/.ssh/id_dsa ~/.ssh/identity. |
|
961 + If the identity has a passphrase, ssh-add(1) asks for |
|
962 the passphrase on the terminal if it has one or from a small X11 program |
|
963 if running under X11. If neither of these is the case then the |
|
964 authentication will fail. It then sends the identity to the agent. |
|
965 @@ -97,14 +97,6 @@ FILES |
|
966 Contains the protocol version 2 DSA authentication identity of |
|
967 the user. |
|
968 |
|
969 - ~/.ssh/id_ecdsa |
|
970 - Contains the protocol version 2 ECDSA authentication identity of |
|
971 - the user. |
|
972 - |
|
973 - ~/.ssh/id_ed25519 |
|
974 - Contains the protocol version 2 ED25519 authentication identity |
|
975 - of the user. |
|
976 - |
|
977 ~/.ssh/id_rsa |
|
978 Contains the protocol version 2 RSA authentication identity of |
|
979 the user. |
|
980 diff -pur old/ssh-agent.1 new/ssh-agent.1 |
|
981 --- old/ssh-agent.1 2013-12-17 22:46:28.000000000 -0800 |
|
982 +++ new/ssh-agent.1 2015-04-02 08:11:35.139725778 -0700 |
|
983 @@ -53,7 +53,7 @@ |
|
984 .Sh DESCRIPTION |
|
985 .Nm |
|
986 is a program to hold private keys used for public key authentication |
|
987 -(RSA, DSA, ECDSA, ED25519). |
|
988 +(RSA, DSA). |
|
989 The idea is that |
|
990 .Nm |
|
991 is started in the beginning of an X-session or a login session, and |
|
992 @@ -114,9 +114,7 @@ When executed without arguments, |
|
993 .Xr ssh-add 1 |
|
994 adds the files |
|
995 .Pa ~/.ssh/id_rsa , |
|
996 -.Pa ~/.ssh/id_dsa , |
|
997 -.Pa ~/.ssh/id_ecdsa , |
|
998 -.Pa ~/.ssh/id_ed25519 |
|
999 +.Pa ~/.ssh/id_dsa |
|
1000 and |
|
1001 .Pa ~/.ssh/identity . |
|
1002 If the identity has a passphrase, |
|
1003 @@ -189,10 +187,6 @@ line terminates. |
|
1004 Contains the protocol version 1 RSA authentication identity of the user. |
|
1005 .It Pa ~/.ssh/id_dsa |
|
1006 Contains the protocol version 2 DSA authentication identity of the user. |
|
1007 -.It Pa ~/.ssh/id_ecdsa |
|
1008 -Contains the protocol version 2 ECDSA authentication identity of the user. |
|
1009 -.It Pa ~/.ssh/id_ed25519 |
|
1010 -Contains the protocol version 2 ED25519 authentication identity of the user. |
|
1011 .It Pa ~/.ssh/id_rsa |
|
1012 Contains the protocol version 2 RSA authentication identity of the user. |
|
1013 .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt |
|
1014 diff -pur old/ssh-ed25519.c new/ssh-ed25519.c |
|
1015 --- old/ssh-ed25519.c 2013-12-06 17:37:54.000000000 -0800 |
|
1016 +++ new/ssh-ed25519.c 2015-04-01 03:45:52.747724716 -0700 |
|
1017 @@ -15,6 +15,8 @@ |
|
1018 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
1019 */ |
|
1020 |
|
1021 +#ifndef WITHOUT_ED25519 |
|
1022 + |
|
1023 #include "includes.h" |
|
1024 |
|
1025 #include <sys/types.h> |
|
1026 @@ -141,3 +143,5 @@ ssh_ed25519_verify(const Key *key, const |
|
1027 /* translate return code carefully */ |
|
1028 return (ret == 0) ? 1 : -1; |
|
1029 } |
|
1030 + |
|
1031 +#endif /* WITHOUT_ED25519 */ |
|
1032 diff -pur old/ssh-keygen.0 new/ssh-keygen.0 |
|
1033 --- old/ssh-keygen.0 2014-01-29 17:52:47.000000000 -0800 |
|
1034 +++ new/ssh-keygen.0 2015-04-02 08:01:54.866988427 -0700 |
|
1035 @@ -32,7 +32,7 @@ SYNOPSIS |
|
1036 DESCRIPTION |
|
1037 ssh-keygen generates, manages and converts authentication keys for |
|
1038 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 |
|
1039 - and DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2. |
|
1040 + and DSA or RSA keys for use by SSH protocol version 2. |
|
1041 The type of key to be generated is specified with the -t option. If |
|
1042 invoked without any arguments, ssh-keygen will generate an RSA key for |
|
1043 use in SSH protocol 2 connections. |
|
1044 @@ -46,7 +46,7 @@ DESCRIPTION |
|
1045 |
|
1046 Normally each user wishing to use SSH with public key authentication runs |
|
1047 this once to create the authentication key in ~/.ssh/identity, |
|
1048 - ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa. |
|
1049 + ~/.ssh/id_dsa or ~/.ssh/id_rsa. |
|
1050 Additionally, the system administrator may use this to generate host |
|
1051 keys, as seen in /etc/rc. |
|
1052 |
|
1053 @@ -79,14 +79,14 @@ DESCRIPTION |
|
1054 |
|
1055 The options are as follows: |
|
1056 |
|
1057 - -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for |
|
1058 + -A For each of the key types (rsa1, rsa, and dsa) for |
|
1059 which host keys do not exist, generate the host keys with the |
|
1060 default key file path, an empty passphrase, default bits for the |
|
1061 key type, and default comment. This is used by /etc/rc to |
|
1062 generate new host keys. |
|
1063 |
|
1064 -a rounds |
|
1065 - When saving a new-format private key (i.e. an ed25519 key or any |
|
1066 + When saving a new-format private key (i.e. any |
|
1067 SSH protocol 2 key when the -o flag is set), this option |
|
1068 specifies the number of KDF (key derivation function) rounds |
|
1069 used. Higher numbers result in slower passphrase verification |
|
1070 @@ -103,12 +103,7 @@ DESCRIPTION |
|
1071 Specifies the number of bits in the key to create. For RSA keys, |
|
1072 the minimum size is 768 bits and the default is 2048 bits. |
|
1073 Generally, 2048 bits is considered sufficient. DSA keys must be |
|
1074 - exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, |
|
1075 - the -b flag determines the key length by selecting from one of |
|
1076 - three elliptic curve sizes: 256, 384 or 521 bits. Attempting to |
|
1077 - use bit lengths other than these three values for ECDSA keys will |
|
1078 - fail. ED25519 keys have a fixed length and the -b flag will be |
|
1079 - ignored. |
|
1080 + exactly 1024 bits as specified by FIPS 186-2. |
|
1081 |
|
1082 -C comment |
|
1083 Provides a new comment. |
|
1084 @@ -274,7 +269,7 @@ DESCRIPTION |
|
1085 new OpenSSH format rather than the more compatible PEM format. |
|
1086 The new format has increased resistance to brute-force password |
|
1087 cracking but is not supported by versions of OpenSSH prior to |
|
1088 - 6.5. Ed25519 keys always use the new private key format. |
|
1089 + 6.5. |
|
1090 |
|
1091 -P passphrase |
|
1092 Provides the (old) passphrase. |
|
1093 @@ -315,8 +310,8 @@ DESCRIPTION |
|
1094 |
|
1095 -t type |
|
1096 Specifies the type of key to create. The possible values are |
|
1097 - ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'', |
|
1098 - ``ed25519'', or ``rsa'' for protocol version 2. |
|
1099 + ``rsa1'' for protocol version 1 and ``dsa'' or ``rsa'' for |
|
1100 + protocol version 2. |
|
1101 |
|
1102 -u Update a KRL. When specified with -k, keys listed via the |
|
1103 command line are added to the existing KRL rather than a new KRL |
|
1104 @@ -521,10 +516,8 @@ FILES |
|
1105 contents of this file secret. |
|
1106 |
|
1107 ~/.ssh/id_dsa |
|
1108 - ~/.ssh/id_ecdsa |
|
1109 - ~/.ssh/id_ed25519 |
|
1110 ~/.ssh/id_rsa |
|
1111 - Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA |
|
1112 + Contains the protocol version 2 DSA or RSA |
|
1113 authentication identity of the user. This file should not be |
|
1114 readable by anyone but the user. It is possible to specify a |
|
1115 passphrase when generating the key; that passphrase will be used |
|
1116 @@ -534,10 +527,8 @@ FILES |
|
1117 read this file when a login attempt is made. |
|
1118 |
|
1119 ~/.ssh/id_dsa.pub |
|
1120 - ~/.ssh/id_ecdsa.pub |
|
1121 - ~/.ssh/id_ed25519.pub |
|
1122 ~/.ssh/id_rsa.pub |
|
1123 - Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA public |
|
1124 + Contains the protocol version 2 DSA or RSA public |
|
1125 key for authentication. The contents of this file should be |
|
1126 added to ~/.ssh/authorized_keys on all machines where the user |
|
1127 wishes to log in using public key authentication. There is no |
|
1128 diff -pur old/ssh-keygen.1 new/ssh-keygen.1 |
|
1129 --- old/ssh-keygen.1 2013-12-28 22:47:14.000000000 -0800 |
|
1130 +++ new/ssh-keygen.1 2015-04-02 08:13:41.714356008 -0700 |
|
1131 @@ -140,7 +140,7 @@ generates, manages and converts authenti |
|
1132 .Xr ssh 1 . |
|
1133 .Nm |
|
1134 can create RSA keys for use by SSH protocol version 1 and |
|
1135 -DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2. |
|
1136 +DSA or RSA keys for use by SSH protocol version 2. |
|
1137 The type of key to be generated is specified with the |
|
1138 .Fl t |
|
1139 option. |
|
1140 @@ -168,8 +168,6 @@ with public key authentication runs this |
|
1141 key in |
|
1142 .Pa ~/.ssh/identity , |
|
1143 .Pa ~/.ssh/id_dsa , |
|
1144 -.Pa ~/.ssh/id_ecdsa , |
|
1145 -.Pa ~/.ssh/id_ed25519 |
|
1146 or |
|
1147 .Pa ~/.ssh/id_rsa . |
|
1148 Additionally, the system administrator may use this to generate host keys, |
|
1149 @@ -217,7 +215,7 @@ should be placed to be activated. |
|
1150 The options are as follows: |
|
1151 .Bl -tag -width Ds |
|
1152 .It Fl A |
|
1153 -For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) |
|
1154 +For each of the key types (rsa1, rsa, dsa) |
|
1155 for which host keys |
|
1156 do not exist, generate the host keys with the default key file path, |
|
1157 an empty passphrase, default bits for the key type, and default comment. |
|
1158 @@ -225,8 +223,7 @@ This is used by |
|
1159 .Pa /etc/rc |
|
1160 to generate new host keys. |
|
1161 .It Fl a Ar rounds |
|
1162 -When saving a new-format private key (i.e. an ed25519 key or any SSH protocol |
|
1163 -2 key when the |
|
1164 +When saving a new-format private key (i.e. any SSH protocol 2 key when the |
|
1165 .Fl o |
|
1166 flag is set), this option specifies the number of KDF (key derivation function) |
|
1167 rounds used. |
|
1168 @@ -245,15 +242,6 @@ Specifies the number of bits in the key |
|
1169 For RSA keys, the minimum size is 768 bits and the default is 2048 bits. |
|
1170 Generally, 2048 bits is considered sufficient. |
|
1171 DSA keys must be exactly 1024 bits as specified by FIPS 186-2. |
|
1172 -For ECDSA keys, the |
|
1173 -.Fl b |
|
1174 -flag determines the key length by selecting from one of three elliptic |
|
1175 -curve sizes: 256, 384 or 521 bits. |
|
1176 -Attempting to use bit lengths other than these three values for ECDSA keys |
|
1177 -will fail. |
|
1178 -ED25519 keys have a fixed length and the |
|
1179 -.Fl b |
|
1180 -flag will be ignored. |
|
1181 .It Fl C Ar comment |
|
1182 Provides a new comment. |
|
1183 .It Fl c |
|
1184 @@ -468,7 +456,6 @@ to save SSH protocol 2 private keys usin |
|
1185 the more compatible PEM format. |
|
1186 The new format has increased resistance to brute-force password cracking |
|
1187 but is not supported by versions of OpenSSH prior to 6.5. |
|
1188 -Ed25519 keys always use the new private key format. |
|
1189 .It Fl P Ar passphrase |
|
1190 Provides the (old) passphrase. |
|
1191 .It Fl p |
|
1192 @@ -520,8 +507,6 @@ The possible values are |
|
1193 .Dq rsa1 |
|
1194 for protocol version 1 and |
|
1195 .Dq dsa , |
|
1196 -.Dq ecdsa , |
|
1197 -.Dq ed25519 , |
|
1198 or |
|
1199 .Dq rsa |
|
1200 for protocol version 2. |
|
1201 @@ -800,10 +785,8 @@ where the user wishes to log in using RS |
|
1202 There is no need to keep the contents of this file secret. |
|
1203 .Pp |
|
1204 .It Pa ~/.ssh/id_dsa |
|
1205 -.It Pa ~/.ssh/id_ecdsa |
|
1206 -.It Pa ~/.ssh/id_ed25519 |
|
1207 .It Pa ~/.ssh/id_rsa |
|
1208 -Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA |
|
1209 +Contains the protocol version 2 DSA or RSA |
|
1210 authentication identity of the user. |
|
1211 This file should not be readable by anyone but the user. |
|
1212 It is possible to |
|
1213 @@ -816,10 +799,8 @@ but it is offered as the default file fo |
|
1214 will read this file when a login attempt is made. |
|
1215 .Pp |
|
1216 .It Pa ~/.ssh/id_dsa.pub |
|
1217 -.It Pa ~/.ssh/id_ecdsa.pub |
|
1218 -.It Pa ~/.ssh/id_ed25519.pub |
|
1219 .It Pa ~/.ssh/id_rsa.pub |
|
1220 -Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA |
|
1221 +Contains the protocol version 2 DSA or RSA |
|
1222 public key for authentication. |
|
1223 The contents of this file should be added to |
|
1224 .Pa ~/.ssh/authorized_keys |
|
1225 diff -pur old/ssh-keygen.c new/ssh-keygen.c |
|
1226 --- old/ssh-keygen.c 2013-12-06 16:24:02.000000000 -0800 |
|
1227 +++ new/ssh-keygen.c 2015-04-01 02:26:11.265143754 -0700 |
|
1228 @@ -197,7 +197,11 @@ type_bits_valid(int type, u_int32_t *bit |
|
1229 } |
|
1230 if (type == KEY_DSA && *bitsp != 1024) |
|
1231 fatal("DSA keys must be 1024 bits"); |
|
1232 +#ifdef WITHOUT_ED25519 |
|
1233 + else if (type != KEY_ECDSA && *bitsp < 768) |
|
1234 +#else /* WITHOUT_ED25519 */ |
|
1235 else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768) |
|
1236 +#endif /* WITHOUT_ED25519 */ |
|
1237 fatal("Key must at least be 768 bits"); |
|
1238 else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1) |
|
1239 fatal("Invalid ECDSA key length - valid lengths are " |
|
1240 @@ -233,10 +237,12 @@ ask_filename(struct passwd *pw, const ch |
|
1241 case KEY_RSA: |
|
1242 name = _PATH_SSH_CLIENT_ID_RSA; |
|
1243 break; |
|
1244 +#ifndef WITHOUT_ED25519 |
|
1245 case KEY_ED25519: |
|
1246 case KEY_ED25519_CERT: |
|
1247 name = _PATH_SSH_CLIENT_ID_ED25519; |
|
1248 break; |
|
1249 +#endif /* WITHOUT_ED25519 */ |
|
1250 default: |
|
1251 fprintf(stderr, "bad key type\n"); |
|
1252 exit(1); |
|
1253 @@ -900,7 +906,9 @@ do_gen_all_hostkeys(struct passwd *pw) |
|
1254 #ifdef OPENSSL_HAS_ECC |
|
1255 { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE }, |
|
1256 #endif |
|
1257 +#ifndef WITHOUT_ED25519 |
|
1258 { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE }, |
|
1259 +#endif /* WITHOUT_ED25519 */ |
|
1260 { NULL, NULL, NULL } |
|
1261 }; |
|
1262 |
|
1263 @@ -1616,7 +1624,10 @@ do_ca_sign(struct passwd *pw, int argc, |
|
1264 if ((public = key_load_public(tmp, &comment)) == NULL) |
|
1265 fatal("%s: unable to open \"%s\"", __func__, tmp); |
|
1266 if (public->type != KEY_RSA && public->type != KEY_DSA && |
|
1267 - public->type != KEY_ECDSA && public->type != KEY_ED25519) |
|
1268 +#ifndef WITHOUT_ED25519 |
|
1269 + public->type != KEY_ED25519 && |
|
1270 +#endif /* WITHOUT_ED25519 */ |
|
1271 + public->type != KEY_ECDSA) |
|
1272 fatal("%s: key \"%s\" type %s cannot be certified", |
|
1273 __func__, tmp, key_type(public)); |
|
1274 |
|
1275 diff -pur old/ssh-keyscan.0 new/ssh-keyscan.0 |
|
1276 --- old/ssh-keyscan.0 2014-01-29 17:52:47.000000000 -0800 |
|
1277 +++ new/ssh-keyscan.0 2015-04-02 08:03:08.223476077 -0700 |
|
1278 @@ -48,9 +48,9 @@ DESCRIPTION |
|
1279 -t type |
|
1280 Specifies the type of the key to fetch from the scanned hosts. |
|
1281 The possible values are ``rsa1'' for protocol version 1 and |
|
1282 - ``dsa'', ``ecdsa'', ``ed25519'', or ``rsa'' for protocol version |
|
1283 + ``dsa'' or ``rsa'' for protocol version |
|
1284 2. Multiple values may be specified by separating them with |
|
1285 - commas. The default is to fetch ``rsa'' and ``ecdsa'' keys. |
|
1286 + commas. The default is to fetch ``rsa'' keys. |
|
1287 |
|
1288 -v Verbose mode. Causes ssh-keyscan to print debugging messages |
|
1289 about its progress. |
|
1290 @@ -72,12 +72,11 @@ FILES |
|
1291 |
|
1292 host-or-namelist bits exponent modulus |
|
1293 |
|
1294 - Output format for rsa, dsa and ecdsa keys: |
|
1295 + Output format for rsa and dsa keys: |
|
1296 |
|
1297 host-or-namelist keytype base64-encoded-key |
|
1298 |
|
1299 - Where keytype is either ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'', |
|
1300 - ``ecdsa-sha2-nistp521'', ``ssh-ed25519'', ``ssh-dss'' or ``ssh-rsa''. |
|
1301 + Where keytype is either ``ssh-dss'' or ``ssh-rsa''. |
|
1302 |
|
1303 /etc/ssh/ssh_known_hosts |
|
1304 |
|
1305 @@ -89,7 +88,7 @@ EXAMPLES |
|
1306 Find all hosts from the file ssh_hosts which have new or different keys |
|
1307 from those in the sorted file ssh_known_hosts: |
|
1308 |
|
1309 - $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \ |
|
1310 + $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \ |
|
1311 sort -u - ssh_known_hosts | diff ssh_known_hosts - |
|
1312 |
|
1313 SEE ALSO |
|
1314 diff -pur old/ssh-keyscan.1 new/ssh-keyscan.1 |
|
1315 --- old/ssh-keyscan.1 2013-12-17 22:46:28.000000000 -0800 |
|
1316 +++ new/ssh-keyscan.1 2015-04-02 08:14:50.877137257 -0700 |
|
1317 @@ -89,16 +89,12 @@ The possible values are |
|
1318 .Dq rsa1 |
|
1319 for protocol version 1 and |
|
1320 .Dq dsa , |
|
1321 -.Dq ecdsa , |
|
1322 -.Dq ed25519 , |
|
1323 or |
|
1324 .Dq rsa |
|
1325 for protocol version 2. |
|
1326 Multiple values may be specified by separating them with commas. |
|
1327 The default is to fetch |
|
1328 .Dq rsa |
|
1329 -and |
|
1330 -.Dq ecdsa |
|
1331 keys. |
|
1332 .It Fl v |
|
1333 Verbose mode. |
|
1334 @@ -127,7 +123,7 @@ attacks which have begun after the ssh_k |
|
1335 host-or-namelist bits exponent modulus |
|
1336 .Ed |
|
1337 .Pp |
|
1338 -.Pa Output format for rsa, dsa and ecdsa keys: |
|
1339 +.Pa Output format for rsa and dsa keys: |
|
1340 .Bd -literal |
|
1341 host-or-namelist keytype base64-encoded-key |
|
1342 .Ed |
|
1343 @@ -135,10 +131,6 @@ host-or-namelist keytype base64-encoded- |
|
1344 Where |
|
1345 .Pa keytype |
|
1346 is either |
|
1347 -.Dq ecdsa-sha2-nistp256 , |
|
1348 -.Dq ecdsa-sha2-nistp384 , |
|
1349 -.Dq ecdsa-sha2-nistp521 , |
|
1350 -.Dq ssh-ed25519 , |
|
1351 .Dq ssh-dss |
|
1352 or |
|
1353 .Dq ssh-rsa . |
|
1354 @@ -158,7 +150,7 @@ Find all hosts from the file |
|
1355 which have new or different keys from those in the sorted file |
|
1356 .Pa ssh_known_hosts : |
|
1357 .Bd -literal |
|
1358 -$ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \e |
|
1359 +$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e |
|
1360 sort -u - ssh_known_hosts | diff ssh_known_hosts - |
|
1361 .Ed |
|
1362 .Sh SEE ALSO |
|
1363 diff -pur old/ssh-keyscan.c new/ssh-keyscan.c |
|
1364 --- old/ssh-keyscan.c 2013-12-06 16:24:02.000000000 -0800 |
|
1365 +++ new/ssh-keyscan.c 2015-04-01 02:51:28.981556385 -0700 |
|
1366 @@ -56,7 +56,9 @@ int ssh_port = SSH_DEFAULT_PORT; |
|
1367 #define KT_DSA 2 |
|
1368 #define KT_RSA 4 |
|
1369 #define KT_ECDSA 8 |
|
1370 +#ifndef WITHOUT_ED25519 |
|
1371 #define KT_ED25519 16 |
|
1372 +#endif /* WITHOUT_ED25519 */ |
|
1373 |
|
1374 int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */ |
|
1375 |
|
1376 @@ -247,9 +249,11 @@ keygrab_ssh2(con *c) |
|
1377 packet_set_connection(c->c_fd, c->c_fd); |
|
1378 enable_compat20(); |
|
1379 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = |
|
1380 - c->c_keytype == KT_DSA ? "ssh-dss" : |
|
1381 +#ifndef WITHOUT_ED25519 |
|
1382 + c->c_keytype == KT_ED25519 ? "ssh-ed25519" : |
|
1383 +#endif /* WITHOUT_ED25519 */ |
|
1384 (c->c_keytype == KT_RSA ? "ssh-rsa" : |
|
1385 - (c->c_keytype == KT_ED25519 ? "ssh-ed25519" : |
|
1386 + (c->c_keytype == KT_DSA ? "ssh-dss" : |
|
1387 "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521")); |
|
1388 c->c_kex = kex_setup(myproposal); |
|
1389 c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; |
|
1390 @@ -257,7 +261,9 @@ keygrab_ssh2(con *c) |
|
1391 c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
|
1392 c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
|
1393 c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client; |
|
1394 +#ifndef WITHOUT_ED25519 |
|
1395 c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client; |
|
1396 +#endif /* WITHOUT_ED25519 */ |
|
1397 c->c_kex->verify_host_key = hostjump; |
|
1398 |
|
1399 if (!(j = setjmp(kexjmp))) { |
|
1400 @@ -575,10 +581,15 @@ do_host(char *host) |
|
1401 { |
|
1402 char *name = strnnsep(&host, " \t\n"); |
|
1403 int j; |
|
1404 +#ifdef WITHOUT_ED25519 |
|
1405 + int max_kt = KT_ECDSA; |
|
1406 +#else |
|
1407 + int max_kt = KT_ED25519; |
|
1408 +#endif |
|
1409 |
|
1410 if (name == NULL) |
|
1411 return; |
|
1412 - for (j = KT_RSA1; j <= KT_ED25519; j *= 2) { |
|
1413 + for (j = KT_RSA1; j <= max_kt; j *= 2) { |
|
1414 if (get_keytypes & j) { |
|
1415 while (ncon >= MAXCON) |
|
1416 conloop(); |
|
1417 @@ -685,9 +696,11 @@ main(int argc, char **argv) |
|
1418 case KEY_RSA: |
|
1419 get_keytypes |= KT_RSA; |
|
1420 break; |
|
1421 +#ifndef WITHOUT_ED25519 |
|
1422 case KEY_ED25519: |
|
1423 get_keytypes |= KT_ED25519; |
|
1424 break; |
|
1425 +#endif /* WITHOUT_ED25519 */ |
|
1426 case KEY_UNSPEC: |
|
1427 fatal("unknown key type %s", tname); |
|
1428 } |
|
1429 diff -pur old/ssh-keysign.0 new/ssh-keysign.0 |
|
1430 --- old/ssh-keysign.0 2014-01-29 17:52:48.000000000 -0800 |
|
1431 +++ new/ssh-keysign.0 2015-04-02 08:03:28.313581826 -0700 |
|
1432 @@ -24,8 +24,6 @@ FILES |
|
1433 Controls whether ssh-keysign is enabled. |
|
1434 |
|
1435 /etc/ssh/ssh_host_dsa_key |
|
1436 - /etc/ssh/ssh_host_ecdsa_key |
|
1437 - /etc/ssh/ssh_host_ed25519_key |
|
1438 /etc/ssh/ssh_host_rsa_key |
|
1439 These files contain the private parts of the host keys used to |
|
1440 generate the digital signature. They should be owned by root, |
|
1441 @@ -34,8 +32,6 @@ FILES |
|
1442 host-based authentication is used. |
|
1443 |
|
1444 /etc/ssh/ssh_host_dsa_key-cert.pub |
|
1445 - /etc/ssh/ssh_host_ecdsa_key-cert.pub |
|
1446 - /etc/ssh/ssh_host_ed25519_key-cert.pub |
|
1447 /etc/ssh/ssh_host_rsa_key-cert.pub |
|
1448 If these files exist they are assumed to contain public |
|
1449 certificate information corresponding with the private keys |
|
1450 diff -pur old/ssh-keysign.8 new/ssh-keysign.8 |
|
1451 --- old/ssh-keysign.8 2015-03-31 21:14:02.337922491 -0700 |
|
1452 +++ new/ssh-keysign.8 2015-04-02 08:16:42.230595366 -0700 |
|
1453 @@ -62,8 +62,6 @@ Controls whether |
|
1454 is enabled. |
|
1455 .Pp |
|
1456 .It Pa /etc/ssh/ssh_host_dsa_key |
|
1457 -.It Pa /etc/ssh/ssh_host_ecdsa_key |
|
1458 -.It Pa /etc/ssh/ssh_host_ed25519_key |
|
1459 .It Pa /etc/ssh/ssh_host_rsa_key |
|
1460 These files contain the private parts of the host keys used to |
|
1461 generate the digital signature. |
|
1462 @@ -74,8 +72,6 @@ Since they are readable only by root, |
|
1463 must be set-uid root if host-based authentication is used. |
|
1464 .Pp |
|
1465 .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub |
|
1466 -.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub |
|
1467 -.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub |
|
1468 .It Pa /etc/ssh/ssh_host_rsa_key-cert.pub |
|
1469 If these files exist they are assumed to contain public certificate |
|
1470 information corresponding with the private keys above. |
|
1471 diff -pur old/ssh-keysign.c new/ssh-keysign.c |
|
1472 --- old/ssh-keysign.c 2013-12-06 16:24:02.000000000 -0800 |
|
1473 +++ new/ssh-keysign.c 2015-04-01 02:53:53.600004403 -0700 |
|
1474 @@ -150,7 +150,11 @@ main(int argc, char **argv) |
|
1475 { |
|
1476 Buffer b; |
|
1477 Options options; |
|
1478 +#ifdef WITHOUT_ED25519 |
|
1479 +#define NUM_KEYTYPES 3 |
|
1480 +#else |
|
1481 #define NUM_KEYTYPES 4 |
|
1482 +#endif |
|
1483 Key *keys[NUM_KEYTYPES], *key = NULL; |
|
1484 struct passwd *pw; |
|
1485 int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; |
|
1486 @@ -169,7 +173,9 @@ main(int argc, char **argv) |
|
1487 i = 0; |
|
1488 key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); |
|
1489 key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); |
|
1490 +#ifndef WITHOUT_ED25519 |
|
1491 key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY); |
|
1492 +#endif /* WITHOUT_ED25519 */ |
|
1493 key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); |
|
1494 |
|
1495 original_real_uid = getuid(); /* XXX readconf.c needs this */ |
|
1496 diff -pur old/ssh.0 new/ssh.0 |
|
1497 --- old/ssh.0 2014-01-29 17:52:47.000000000 -0800 |
|
1498 +++ new/ssh.0 2015-04-02 08:05:51.667197938 -0700 |
|
1499 @@ -142,8 +142,8 @@ DESCRIPTION |
|
1500 -i identity_file |
|
1501 Selects a file from which the identity (private key) for public |
|
1502 key authentication is read. The default is ~/.ssh/identity for |
|
1503 - protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, |
|
1504 - ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. |
|
1505 + protocol version 1, and ~/.ssh/id_dsa, and ~/.ssh/id_rsa for |
|
1506 + protocol version 2. |
|
1507 Identity files may also be specified on a per-host basis in the |
|
1508 configuration file. It is possible to have multiple -i options |
|
1509 (and multiple identities specified in configuration files). ssh |
|
1510 @@ -446,7 +446,7 @@ AUTHENTICATION |
|
1511 creates a public/private key pair for authentication purposes. The |
|
1512 server knows the public key, and only the user knows the private key. |
|
1513 ssh implements public key authentication protocol automatically, using |
|
1514 - one of the DSA, ECDSA, ED25519 or RSA algorithms. Protocol 1 is |
|
1515 + one of the DSA or RSA algorithms. Protocol 1 is |
|
1516 restricted to using only RSA keys, but protocol 2 may use any. The |
|
1517 HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA |
|
1518 algorithms. |
|
1519 @@ -459,11 +459,9 @@ AUTHENTICATION |
|
1520 |
|
1521 The user creates his/her key pair by running ssh-keygen(1). This stores |
|
1522 the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol |
|
1523 - 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2 |
|
1524 - ED25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in |
|
1525 - ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), |
|
1526 - ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2 |
|
1527 - ED25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home |
|
1528 + 2 DSA) or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in |
|
1529 + ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA) |
|
1530 + or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home |
|
1531 directory. The user should then copy the public key to |
|
1532 ~/.ssh/authorized_keys in his/her home directory on the remote machine. |
|
1533 The authorized_keys file corresponds to the conventional ~/.rhosts file, |
|
1534 @@ -799,7 +797,7 @@ FILES |
|
1535 for the user, and not accessible by others. |
|
1536 |
|
1537 ~/.ssh/authorized_keys |
|
1538 - Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used |
|
1539 + Lists the public keys (DSA, RSA) that can be used |
|
1540 for logging in as this user. The format of this file is |
|
1541 described in the sshd(8) manual page. This file is not highly |
|
1542 sensitive, but the recommended permissions are read/write for the |
|
1543 @@ -817,8 +815,6 @@ FILES |
|
1544 |
|
1545 ~/.ssh/identity |
|
1546 ~/.ssh/id_dsa |
|
1547 - ~/.ssh/id_ecdsa |
|
1548 - ~/.ssh/id_ed25519 |
|
1549 ~/.ssh/id_rsa |
|
1550 Contains the private key for authentication. These files contain |
|
1551 sensitive data and should be readable by the user but not |
|
1552 @@ -830,8 +826,6 @@ FILES |
|
1553 |
|
1554 ~/.ssh/identity.pub |
|
1555 ~/.ssh/id_dsa.pub |
|
1556 - ~/.ssh/id_ecdsa.pub |
|
1557 - ~/.ssh/id_ed25519.pub |
|
1558 ~/.ssh/id_rsa.pub |
|
1559 Contains the public key for authentication. These files are not |
|
1560 sensitive and can (but need not) be readable by anyone. |
|
1561 @@ -862,8 +856,6 @@ FILES |
|
1562 |
|
1563 /etc/ssh/ssh_host_key |
|
1564 /etc/ssh/ssh_host_dsa_key |
|
1565 - /etc/ssh/ssh_host_ecdsa_key |
|
1566 - /etc/ssh/ssh_host_ed25519_key |
|
1567 /etc/ssh/ssh_host_rsa_key |
|
1568 These files contain the private parts of the host keys and are |
|
1569 used for host-based authentication. If protocol version 1 is |
|
1570 diff -pur old/ssh.1 new/ssh.1 |
|
1571 --- old/ssh.1 2013-12-17 22:46:28.000000000 -0800 |
|
1572 +++ new/ssh.1 2015-04-02 08:15:39.041359535 -0700 |
|
1573 @@ -279,8 +279,6 @@ The default is |
|
1574 .Pa ~/.ssh/identity |
|
1575 for protocol version 1, and |
|
1576 .Pa ~/.ssh/id_dsa , |
|
1577 -.Pa ~/.ssh/id_ecdsa , |
|
1578 -.Pa ~/.ssh/id_ed25519 |
|
1579 and |
|
1580 .Pa ~/.ssh/id_rsa |
|
1581 for protocol version 2. |
|
1582 @@ -758,7 +756,7 @@ key pair for authentication purposes. |
|
1583 The server knows the public key, and only the user knows the private key. |
|
1584 .Nm |
|
1585 implements public key authentication protocol automatically, |
|
1586 -using one of the DSA, ECDSA, ED25519 or RSA algorithms. |
|
1587 +using one of the DSA or RSA algorithms. |
|
1588 Protocol 1 is restricted to using only RSA keys, |
|
1589 but protocol 2 may use any. |
|
1590 The HISTORY section of |
|
1591 @@ -783,10 +781,6 @@ This stores the private key in |
|
1592 (protocol 1), |
|
1593 .Pa ~/.ssh/id_dsa |
|
1594 (protocol 2 DSA), |
|
1595 -.Pa ~/.ssh/id_ecdsa |
|
1596 -(protocol 2 ECDSA), |
|
1597 -.Pa ~/.ssh/id_ed25519 |
|
1598 -(protocol 2 ED25519), |
|
1599 or |
|
1600 .Pa ~/.ssh/id_rsa |
|
1601 (protocol 2 RSA) |
|
1602 @@ -795,10 +789,6 @@ and stores the public key in |
|
1603 (protocol 1), |
|
1604 .Pa ~/.ssh/id_dsa.pub |
|
1605 (protocol 2 DSA), |
|
1606 -.Pa ~/.ssh/id_ecdsa.pub |
|
1607 -(protocol 2 ECDSA), |
|
1608 -.Pa ~/.ssh/id_ed25519.pub |
|
1609 -(protocol 2 ED25519), |
|
1610 or |
|
1611 .Pa ~/.ssh/id_rsa.pub |
|
1612 (protocol 2 RSA) |
|
1613 @@ -1338,7 +1328,7 @@ secret, but the recommended permissions |
|
1614 and not accessible by others. |
|
1615 .Pp |
|
1616 .It Pa ~/.ssh/authorized_keys |
|
1617 -Lists the public keys (DSA, ECDSA, ED25519, RSA) |
|
1618 +Lists the public keys (DSA, RSA) |
|
1619 that can be used for logging in as this user. |
|
1620 The format of this file is described in the |
|
1621 .Xr sshd 8 |
|
1622 @@ -1360,8 +1350,6 @@ above. |
|
1623 .Pp |
|
1624 .It Pa ~/.ssh/identity |
|
1625 .It Pa ~/.ssh/id_dsa |
|
1626 -.It Pa ~/.ssh/id_ecdsa |
|
1627 -.It Pa ~/.ssh/id_ed25519 |
|
1628 .It Pa ~/.ssh/id_rsa |
|
1629 Contains the private key for authentication. |
|
1630 These files |
|
1631 @@ -1375,8 +1363,6 @@ sensitive part of this file using 3DES. |
|
1632 .Pp |
|
1633 .It Pa ~/.ssh/identity.pub |
|
1634 .It Pa ~/.ssh/id_dsa.pub |
|
1635 -.It Pa ~/.ssh/id_ecdsa.pub |
|
1636 -.It Pa ~/.ssh/id_ed25519.pub |
|
1637 .It Pa ~/.ssh/id_rsa.pub |
|
1638 Contains the public key for authentication. |
|
1639 These files are not |
|
1640 @@ -1415,8 +1401,6 @@ The file format and configuration option |
|
1641 .Pp |
|
1642 .It Pa /etc/ssh/ssh_host_key |
|
1643 .It Pa /etc/ssh/ssh_host_dsa_key |
|
1644 -.It Pa /etc/ssh/ssh_host_ecdsa_key |
|
1645 -.It Pa /etc/ssh/ssh_host_ed25519_key |
|
1646 .It Pa /etc/ssh/ssh_host_rsa_key |
|
1647 These files contain the private parts of the host keys |
|
1648 and are used for host-based authentication. |
|
1649 diff -pur old/ssh.c new/ssh.c |
|
1650 --- old/ssh.c 2013-12-28 22:53:40.000000000 -0800 |
|
1651 +++ new/ssh.c 2015-04-01 03:33:55.003074053 -0700 |
|
1652 @@ -1010,8 +1010,10 @@ main(int ac, char **av) |
|
1653 #endif |
|
1654 sensitive_data.keys[3] = key_load_private_cert(KEY_RSA, |
|
1655 _PATH_HOST_RSA_KEY_FILE, "", NULL); |
|
1656 +#ifndef WITHOUT_ED25519 |
|
1657 sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519, |
|
1658 _PATH_HOST_ED25519_KEY_FILE, "", NULL); |
|
1659 +#endif /* WITHOUT_ED25519 */ |
|
1660 sensitive_data.keys[5] = key_load_private_type(KEY_DSA, |
|
1661 _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL); |
|
1662 #ifdef OPENSSL_HAS_ECC |
|
1663 @@ -1020,8 +1022,10 @@ main(int ac, char **av) |
|
1664 #endif |
|
1665 sensitive_data.keys[7] = key_load_private_type(KEY_RSA, |
|
1666 _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL); |
|
1667 +#ifndef WITHOUT_ED25519 |
|
1668 sensitive_data.keys[8] = key_load_private_type(KEY_ED25519, |
|
1669 _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL); |
|
1670 +#endif /* WITHOUT_ED25519 */ |
|
1671 PRIV_END; |
|
1672 |
|
1673 if (options.hostbased_authentication == 1 && |
|
1674 @@ -1038,8 +1042,10 @@ main(int ac, char **av) |
|
1675 #endif |
|
1676 sensitive_data.keys[3] = key_load_cert( |
|
1677 _PATH_HOST_RSA_KEY_FILE); |
|
1678 +#ifndef WITHOUT_ED25519 |
|
1679 sensitive_data.keys[4] = key_load_cert( |
|
1680 _PATH_HOST_ED25519_KEY_FILE); |
|
1681 +#endif /* WITHOUT_ED25519 */ |
|
1682 sensitive_data.keys[5] = key_load_public( |
|
1683 _PATH_HOST_DSA_KEY_FILE, NULL); |
|
1684 #ifdef OPENSSL_HAS_ECC |
|
1685 @@ -1048,8 +1054,10 @@ main(int ac, char **av) |
|
1686 #endif |
|
1687 sensitive_data.keys[7] = key_load_public( |
|
1688 _PATH_HOST_RSA_KEY_FILE, NULL); |
|
1689 +#ifndef WITHOUT_ED25519 |
|
1690 sensitive_data.keys[8] = key_load_public( |
|
1691 _PATH_HOST_ED25519_KEY_FILE, NULL); |
|
1692 +#endif /* WITHOUT_ED25519 */ |
|
1693 sensitive_data.external_keysign = 1; |
|
1694 } |
|
1695 } |
|
1696 diff -pur old/ssh_config.0 new/ssh_config.0 |
|
1697 --- old/ssh_config.0 2014-01-29 17:52:48.000000000 -0800 |
|
1698 +++ new/ssh_config.0 2015-04-02 08:07:55.171885768 -0700 |
|
1699 @@ -409,14 +409,9 @@ DESCRIPTION |
|
1700 client wants to use in order of preference. The default for this |
|
1701 option is: |
|
1702 |
|
1703 - [email protected], |
|
1704 - [email protected], |
|
1705 - [email protected], |
|
1706 - [email protected], |
|
1707 [email protected],[email protected], |
|
1708 [email protected],[email protected], |
|
1709 - ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
|
1710 - ssh-ed25519,ssh-rsa,ssh-dss |
|
1711 + ssh-rsa,ssh-dss |
|
1712 |
|
1713 If hostkeys are known for the destination host then this default |
|
1714 is modified to prefer their algorithms. |
|
1715 @@ -446,10 +441,10 @@ DESCRIPTION |
|
1716 default is ``no''. |
|
1717 |
|
1718 IdentityFile |
|
1719 - Specifies a file from which the user's DSA, ECDSA, ED25519 or RSA |
|
1720 + Specifies a file from which the user's DSA or RSA |
|
1721 authentication identity is read. The default is ~/.ssh/identity |
|
1722 - for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, |
|
1723 - ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. |
|
1724 + for protocol version 1, and ~/.ssh/id_dsa and ~/.ssh/id_rsa for |
|
1725 + protocol version 2. |
|
1726 Additionally, any identities represented by the authentication |
|
1727 agent will be used for authentication unless IdentitiesOnly is |
|
1728 set. ssh(1) will try to load certificate information from the |
|
1729 @@ -509,8 +504,6 @@ DESCRIPTION |
|
1730 Specifies the available KEX (Key Exchange) algorithms. Multiple |
|
1731 algorithms must be comma-separated. The default is: |
|
1732 |
|
1733 - [email protected], |
|
1734 - ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
|
1735 diffie-hellman-group-exchange-sha256, |
|
1736 diffie-hellman-group-exchange-sha1, |
|
1737 diffie-hellman-group14-sha1, |
|
1738 diff -pur old/ssh_config.5 new/ssh_config.5 |
|
1739 --- old/ssh_config.5 2015-03-31 21:14:02.439364932 -0700 |
|
1740 +++ new/ssh_config.5 2015-04-02 08:16:12.714886637 -0700 |
|
1741 @@ -729,14 +729,9 @@ Specifies the protocol version 2 host ke |
|
1742 that the client wants to use in order of preference. |
|
1743 The default for this option is: |
|
1744 .Bd -literal -offset 3n |
|
1745 [email protected], |
|
1746 [email protected], |
|
1747 [email protected], |
|
1748 [email protected], |
|
1749 [email protected],[email protected], |
|
1750 [email protected],[email protected], |
|
1751 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
|
1752 -ssh-ed25519,ssh-rsa,ssh-dss |
|
1753 +ssh-rsa,ssh-dss |
|
1754 .Ed |
|
1755 .Pp |
|
1756 If hostkeys are known for the destination host then this default is modified |
|
1757 @@ -778,14 +773,12 @@ offers many different identities. |
|
1758 The default is |
|
1759 .Dq no . |
|
1760 .It Cm IdentityFile |
|
1761 -Specifies a file from which the user's DSA, ECDSA, ED25519 or RSA authentication |
|
1762 +Specifies a file from which the user's DSA or RSA authentication |
|
1763 identity is read. |
|
1764 The default is |
|
1765 .Pa ~/.ssh/identity |
|
1766 for protocol version 1, and |
|
1767 .Pa ~/.ssh/id_dsa , |
|
1768 -.Pa ~/.ssh/id_ecdsa , |
|
1769 -.Pa ~/.ssh/id_ed25519 |
|
1770 and |
|
1771 .Pa ~/.ssh/id_rsa |
|
1772 for protocol version 2. |
|
1773 @@ -898,8 +891,6 @@ Specifies the available KEX (Key Exchang |
|
1774 Multiple algorithms must be comma-separated. |
|
1775 The default is: |
|
1776 .Bd -literal -offset indent |
|
1777 [email protected], |
|
1778 -ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
|
1779 diffie-hellman-group-exchange-sha256, |
|
1780 diffie-hellman-group-exchange-sha1, |
|
1781 diffie-hellman-group14-sha1, |
|
1782 diff -pur old/sshconnect.c new/sshconnect.c |
|
1783 --- old/sshconnect.c 2015-03-31 21:14:02.413909705 -0700 |
|
1784 +++ new/sshconnect.c 2015-04-01 04:56:41.997313652 -0700 |
|
1785 @@ -1325,7 +1325,9 @@ show_other_keys(struct hostkeys *hostkey |
|
1786 KEY_RSA, |
|
1787 KEY_DSA, |
|
1788 KEY_ECDSA, |
|
1789 +#ifndef WITHOUT_ED25519 |
|
1790 KEY_ED25519, |
|
1791 +#endif /* WITHOUT_ED25519 */ |
|
1792 -1 |
|
1793 }; |
|
1794 int i, ret = 0; |
|
1795 diff -pur old/sshconnect2.c new/sshconnect2.c |
|
1796 --- old/sshconnect2.c 2015-03-31 21:14:02.440456459 -0700 |
|
1797 +++ new/sshconnect2.c 2015-04-01 04:56:58.805755301 -0700 |
|
1798 @@ -246,7 +246,9 @@ ssh_kex2(char *host, struct sockaddr *ho |
|
1799 kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; |
|
1800 kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
|
1801 kex->kex[KEX_ECDH_SHA2] = kexecdh_client; |
|
1802 +#ifndef WITHOUT_ED25519 |
|
1803 kex->kex[KEX_C25519_SHA256] = kexc25519_client; |
|
1804 +#endif /* WITHOUT_ED25519 */ |
|
1805 #ifdef GSSAPI |
|
1806 if (options.gss_keyex) { |
|
1807 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client; |
|
1808 diff -pur old/sshd.0 new/sshd.0 |
|
1809 --- old/sshd.0 2014-01-29 17:52:47.000000000 -0800 |
|
1810 +++ new/sshd.0 2015-04-02 08:09:18.391442884 -0700 |
|
1811 @@ -82,8 +82,7 @@ DESCRIPTION |
|
1812 be given if sshd is not run as root (as the normal host key files |
|
1813 are normally not readable by anyone but root). The default is |
|
1814 /etc/ssh/ssh_host_key for protocol version 1, and |
|
1815 - /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key. |
|
1816 - /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for |
|
1817 + /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key for |
|
1818 protocol version 2. It is possible to have multiple host key |
|
1819 files for the different protocol versions and host key |
|
1820 algorithms. |
|
1821 @@ -148,7 +147,7 @@ DESCRIPTION |
|
1822 AUTHENTICATION |
|
1823 The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to |
|
1824 use protocol 2 only, though this can be changed via the Protocol option |
|
1825 - in sshd_config(5). Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys; |
|
1826 + in sshd_config(5). Protocol 2 supports DSA and RSA keys; |
|
1827 protocol 1 only supports RSA keys. For both protocols, each host has a |
|
1828 host-specific key, normally 2048 bits, used to identify the host. |
|
1829 |
|
1830 @@ -278,15 +277,13 @@ AUTHORIZED_KEYS FILE FORMAT |
|
1831 starts with a number). The bits, exponent, modulus, and comment fields |
|
1832 give the RSA key for protocol version 1; the comment field is not used |
|
1833 for anything (but may be convenient for the user to identify the key). |
|
1834 - For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'', |
|
1835 - ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'', |
|
1836 - ``ssh-dss'' or ``ssh-rsa''. |
|
1837 + For protocol version 2 the keytype is ``ssh-dss'' or ``ssh-rsa''. |
|
1838 |
|
1839 Note that lines in this file are usually several hundred bytes long |
|
1840 (because of the size of the public key encoding) up to a limit of 8 |
|
1841 kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 |
|
1842 kilobits. You don't want to type them in; instead, copy the |
|
1843 - identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub |
|
1844 + identity.pub, id_dsa.pub or the id_rsa.pub |
|
1845 file and edit it. |
|
1846 |
|
1847 sshd enforces a minimum RSA key modulus size for protocol 1 and protocol |
|
1848 @@ -513,7 +510,7 @@ FILES |
|
1849 for the user, and not accessible by others. |
|
1850 |
|
1851 ~/.ssh/authorized_keys |
|
1852 - Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used |
|
1853 + Lists the public keys (DSA, RSA) that can be used |
|
1854 for logging in as this user. The format of this file is |
|
1855 described above. The content of the file is not highly |
|
1856 sensitive, but the recommended permissions are read/write for the |
|
1857 @@ -574,8 +571,6 @@ FILES |
|
1858 |
|
1859 /etc/ssh/ssh_host_key |
|
1860 /etc/ssh/ssh_host_dsa_key |
|
1861 - /etc/ssh/ssh_host_ecdsa_key |
|
1862 - /etc/ssh/ssh_host_ed25519_key |
|
1863 /etc/ssh/ssh_host_rsa_key |
|
1864 These files contain the private parts of the host keys. These |
|
1865 files should only be owned by root, readable only by root, and |
|
1866 @@ -584,8 +579,6 @@ FILES |
|
1867 |
|
1868 /etc/ssh/ssh_host_key.pub |
|
1869 /etc/ssh/ssh_host_dsa_key.pub |
|
1870 - /etc/ssh/ssh_host_ecdsa_key.pub |
|
1871 - /etc/ssh/ssh_host_ed25519_key.pub |
|
1872 /etc/ssh/ssh_host_rsa_key.pub |
|
1873 These files contain the public parts of the host keys. These |
|
1874 files should be world-readable but writable only by root. Their |
|
1875 diff -pur old/sshd.8 new/sshd.8 |
|
1876 --- old/sshd.8 2015-03-31 21:14:02.389944452 -0700 |
|
1877 +++ new/sshd.8 2015-04-02 08:17:21.818430805 -0700 |
|
1878 @@ -175,8 +175,6 @@ The default is |
|
1879 .Pa /etc/ssh/ssh_host_key |
|
1880 for protocol version 1, and |
|
1881 .Pa /etc/ssh/ssh_host_dsa_key , |
|
1882 -.Pa /etc/ssh/ssh_host_ecdsa_key . |
|
1883 -.Pa /etc/ssh/ssh_host_ed25519_key |
|
1884 and |
|
1885 .Pa /etc/ssh/ssh_host_rsa_key |
|
1886 for protocol version 2. |
|
1887 @@ -281,7 +279,7 @@ though this can be changed via the |
|
1888 .Cm Protocol |
|
1889 option in |
|
1890 .Xr sshd_config 4 . |
|
1891 -Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys; |
|
1892 +Protocol 2 supports DSA and RSA keys; |
|
1893 protocol 1 only supports RSA keys. |
|
1894 For both protocols, |
|
1895 each host has a host-specific key, |
|
1896 @@ -492,10 +490,6 @@ protocol version 1; the |
|
1897 comment field is not used for anything (but may be convenient for the |
|
1898 user to identify the key). |
|
1899 For protocol version 2 the keytype is |
|
1900 -.Dq ecdsa-sha2-nistp256 , |
|
1901 -.Dq ecdsa-sha2-nistp384 , |
|
1902 -.Dq ecdsa-sha2-nistp521 , |
|
1903 -.Dq ssh-ed25519 , |
|
1904 .Dq ssh-dss |
|
1905 or |
|
1906 .Dq ssh-rsa . |
|
1907 @@ -507,8 +501,6 @@ keys up to 16 kilobits. |
|
1908 You don't want to type them in; instead, copy the |
|
1909 .Pa identity.pub , |
|
1910 .Pa id_dsa.pub , |
|
1911 -.Pa id_ecdsa.pub , |
|
1912 -.Pa id_ed25519.pub , |
|
1913 or the |
|
1914 .Pa id_rsa.pub |
|
1915 file and edit it. |
|
1916 @@ -808,7 +800,7 @@ secret, but the recommended permissions |
|
1917 and not accessible by others. |
|
1918 .Pp |
|
1919 .It Pa ~/.ssh/authorized_keys |
|
1920 -Lists the public keys (DSA, ECDSA, ED25519, RSA) |
|
1921 +Lists the public keys (DSA, RSA) |
|
1922 that can be used for logging in as this user. |
|
1923 The format of this file is described above. |
|
1924 The content of the file is not highly sensitive, but the recommended |
|
1925 @@ -888,8 +880,6 @@ rlogin/rsh. |
|
1926 .Pp |
|
1927 .It Pa /etc/ssh/ssh_host_key |
|
1928 .It Pa /etc/ssh/ssh_host_dsa_key |
|
1929 -.It Pa /etc/ssh/ssh_host_ecdsa_key |
|
1930 -.It Pa /etc/ssh/ssh_host_ed25519_key |
|
1931 .It Pa /etc/ssh/ssh_host_rsa_key |
|
1932 These files contain the private parts of the host keys. |
|
1933 These files should only be owned by root, readable only by root, and not |
|
1934 @@ -900,8 +890,6 @@ does not start if these files are group/ |
|
1935 .Pp |
|
1936 .It Pa /etc/ssh/ssh_host_key.pub |
|
1937 .It Pa /etc/ssh/ssh_host_dsa_key.pub |
|
1938 -.It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
|
1939 -.It Pa /etc/ssh/ssh_host_ed25519_key.pub |
|
1940 .It Pa /etc/ssh/ssh_host_rsa_key.pub |
|
1941 These files contain the public parts of the host keys. |
|
1942 These files should be world-readable but writable only by |
|
1943 diff -pur old/sshd.c new/sshd.c |
|
1944 --- old/sshd.c 2015-03-31 21:14:02.441576765 -0700 |
|
1945 +++ new/sshd.c 2015-04-01 03:42:59.569147555 -0700 |
|
1946 @@ -797,7 +797,9 @@ list_hostkey_types(void) |
|
1947 case KEY_RSA: |
|
1948 case KEY_DSA: |
|
1949 case KEY_ECDSA: |
|
1950 +#ifndef WITHOUT_ED25519 |
|
1951 case KEY_ED25519: |
|
1952 +#endif /* WITHOUT_ED25519 */ |
|
1953 if (buffer_len(&b) > 0) |
|
1954 buffer_append(&b, ",", 1); |
|
1955 p = key_ssh_name(key); |
|
1956 @@ -814,7 +816,9 @@ list_hostkey_types(void) |
|
1957 case KEY_RSA_CERT: |
|
1958 case KEY_DSA_CERT: |
|
1959 case KEY_ECDSA_CERT: |
|
1960 +#ifndef WITHOUT_ED25519 |
|
1961 case KEY_ED25519_CERT: |
|
1962 +#endif /* WITHOUT_ED25519 */ |
|
1963 if (buffer_len(&b) > 0) |
|
1964 buffer_append(&b, ",", 1); |
|
1965 p = key_ssh_name(key); |
|
1966 @@ -842,7 +846,9 @@ get_hostkey_by_type(int type, int need_p |
|
1967 case KEY_RSA_CERT: |
|
1968 case KEY_DSA_CERT: |
|
1969 case KEY_ECDSA_CERT: |
|
1970 +#ifndef WITHOUT_ED25519 |
|
1971 case KEY_ED25519_CERT: |
|
1972 +#endif /* WITHOUT_ED25519 */ |
|
1973 key = sensitive_data.host_certificates[i]; |
|
1974 break; |
|
1975 default: |
|
1976 @@ -1719,7 +1725,9 @@ main(int ac, char **av) |
|
1977 case KEY_RSA: |
|
1978 case KEY_DSA: |
|
1979 case KEY_ECDSA: |
|
1980 +#ifndef WITHOUT_ED25519 |
|
1981 case KEY_ED25519: |
|
1982 +#endif /* WITHOUT_ED25519 */ |
|
1983 sensitive_data.have_ssh2_key = 1; |
|
1984 break; |
|
1985 } |
|
1986 @@ -2546,7 +2554,9 @@ do_ssh2_kex(void) |
|
1987 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
|
1988 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
|
1989 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
|
1990 +#ifndef WITHOUT_ED25519 |
|
1991 kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
|
1992 +#endif /* WITHOUT_ED25519 */ |
|
1993 #ifdef GSSAPI |
|
1994 if (options.gss_keyex) { |
|
1995 kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server; |
|
1996 diff -pur old/sshd_config.0 new/sshd_config.0 |
|
1997 --- old/sshd_config.0 2014-01-29 17:52:48.000000000 -0800 |
|
1998 +++ new/sshd_config.0 2015-04-02 08:09:53.957389224 -0700 |
|
1999 @@ -332,12 +332,11 @@ DESCRIPTION |
|
2000 HostKey |
|
2001 Specifies a file containing a private host key used by SSH. The |
|
2002 default is /etc/ssh/ssh_host_key for protocol version 1, and |
|
2003 - /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, |
|
2004 - /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for |
|
2005 + /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key for |
|
2006 protocol version 2. Note that sshd(8) will refuse to use a file |
|
2007 if it is group/world-accessible. It is possible to have multiple |
|
2008 host key files. ``rsa1'' keys are used for version 1 and |
|
2009 - ``dsa'', ``ecdsa'', ``ed25519'' or ``rsa'' are used for version 2 |
|
2010 + ``dsa'' or ``rsa'' are used for version 2 |
|
2011 of the SSH protocol. It is also possible to specify public host |
|
2012 key files instead. In this case operations on the private key |
|
2013 will be delegated to an ssh-agent(1). |
|
2014 @@ -399,8 +398,6 @@ DESCRIPTION |
|
2015 Specifies the available KEX (Key Exchange) algorithms. Multiple |
|
2016 algorithms must be comma-separated. The default is |
|
2017 |
|
2018 - [email protected], |
|
2019 - ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
|
2020 diffie-hellman-group-exchange-sha256, |
|
2021 diffie-hellman-group-exchange-sha1, |
|
2022 diffie-hellman-group14-sha1, |
|
2023 diff -pur old/sshd_config.5 new/sshd_config.5 |
|
2024 --- old/sshd_config.5 2015-03-31 21:14:02.442624133 -0700 |
|
2025 +++ new/sshd_config.5 2015-04-02 08:16:29.655757790 -0700 |
|
2026 @@ -546,8 +546,6 @@ The default is |
|
2027 .Pa /etc/ssh/ssh_host_key |
|
2028 for protocol version 1, and |
|
2029 .Pa /etc/ssh/ssh_host_dsa_key , |
|
2030 -.Pa /etc/ssh/ssh_host_ecdsa_key , |
|
2031 -.Pa /etc/ssh/ssh_host_ed25519_key |
|
2032 and |
|
2033 .Pa /etc/ssh/ssh_host_rsa_key |
|
2034 for protocol version 2. |
|
2035 @@ -558,8 +556,6 @@ It is possible to have multiple host key |
|
2036 .Dq rsa1 |
|
2037 keys are used for version 1 and |
|
2038 .Dq dsa , |
|
2039 -.Dq ecdsa , |
|
2040 -.Dq ed25519 |
|
2041 or |
|
2042 .Dq rsa |
|
2043 are used for version 2 of the SSH protocol. |
|
2044 @@ -669,8 +665,6 @@ Specifies the available KEX (Key Exchang |
|
2045 Multiple algorithms must be comma-separated. |
|
2046 The default is |
|
2047 .Bd -literal -offset indent |
|
2048 [email protected], |
|
2049 -ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, |
|
2050 diffie-hellman-group-exchange-sha256, |
|
2051 diffie-hellman-group-exchange-sha1, |
|
2052 diffie-hellman-group14-sha1, |
|
2053 diff -pur old/verify.c new/verify.c |
|
2054 --- old/verify.c 2014-01-16 17:43:44.000000000 -0800 |
|
2055 +++ new/verify.c 2015-04-01 03:43:49.962792178 -0700 |
|
2056 @@ -9,6 +9,8 @@ |
|
2057 |
|
2058 #include "crypto_api.h" |
|
2059 |
|
2060 +#ifndef WITHOUT_ED25519 |
|
2061 + |
|
2062 int crypto_verify_32(const unsigned char *x,const unsigned char *y) |
|
2063 { |
|
2064 unsigned int differentbits = 0; |
|
2065 @@ -47,3 +49,4 @@ int crypto_verify_32(const unsigned char |
|
2066 F(31) |
|
2067 return (1 & ((differentbits - 1) >> 8)) - 1; |
|
2068 } |
|
2069 +#endif /* WITHOUT_ED25519 */ |