--- a/components/openssh/patches/024-disable_ed25519.patch Wed Apr 20 13:13:57 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2140 +0,0 @@
-#
-# Per Solaris crypto team recommendation, we need to remove support for
-# Curve25519 from OpenSSH.
-#
-# Patch offered upstream but rejected:
-# https://bugzilla.mindrot.org/show_bug.cgi?id=2376
-#
-diff -pur old/Makefile.in new/Makefile.in
---- old/Makefile.in
-+++ new/Makefile.in
-@@ -155,7 +155,7 @@ $(SSHDOBJS): Makefile.in config.h
- $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
-
- LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
--$(LIBCOMPAT): always
-+$(LIBCOMPAT): always libssh.a
- (cd openbsd-compat && $(MAKE))
- always:
-
-diff -pur old/authfd.c new/authfd.c
---- old/authfd.c
-+++ new/authfd.c
-@@ -565,8 +565,10 @@ ssh_add_identity_constrained(int sock, s
- case KEY_ECDSA:
- case KEY_ECDSA_CERT:
- #endif
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- type = constrained ?
- SSH2_AGENTC_ADD_ID_CONSTRAINED :
- SSH2_AGENTC_ADD_IDENTITY;
-diff -pur old/authfile.c new/authfile.c
---- old/authfile.c
-+++ new/authfile.c
-@@ -449,7 +449,9 @@ sshkey_load_private_cert(int type, const
- case KEY_DSA:
- case KEY_ECDSA:
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-diff -pur old/dns.c new/dns.c
---- old/dns.c
-+++ new/dns.c
-@@ -100,11 +100,13 @@ dns_read_key(u_int8_t *algorithm, u_int8
- if (!*digest_type)
- *digest_type = SSHFP_HASH_SHA256;
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- *algorithm = SSHFP_KEY_ED25519;
- if (!*digest_type)
- *digest_type = SSHFP_HASH_SHA256;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- *algorithm = SSHFP_KEY_RESERVED; /* 0 */
- *digest_type = SSHFP_HASH_RESERVED; /* 0 */
-diff -pur old/dns.h new/dns.h
---- old/dns.h
-+++ new/dns.h
-@@ -33,7 +33,9 @@ enum sshfp_types {
- SSHFP_KEY_RSA = 1,
- SSHFP_KEY_DSA = 2,
- SSHFP_KEY_ECDSA = 3,
-- SSHFP_KEY_ED25519 = 4
-+#ifndef WITHOUT_ED25519
-+ SSHFP_KEY_ED25519 = 4
-+#endif /* WITHOUT_ED25519 */
- };
-
- enum sshfp_hashes {
-diff -pur old/ed25519.c new/ed25519.c
---- old/ed25519.c
-+++ new/ed25519.c
-@@ -7,6 +7,7 @@
- */
-
- #include "includes.h"
-+#ifndef WITHOUT_ED25519
- #include "crypto_api.h"
-
- #include "ge25519.h"
-@@ -142,3 +143,4 @@ int crypto_sign_ed25519_open(
- }
- return ret;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/fe25519.c new/fe25519.c
---- old/fe25519.c
-+++ new/fe25519.c
-@@ -8,6 +8,7 @@
-
- #include "includes.h"
-
-+#ifndef WITHOUT_ED25519
- #define WINDOWSIZE 1 /* Should be 1,2, or 4 */
- #define WINDOWMASK ((1<<WINDOWSIZE)-1)
-
-@@ -335,3 +336,4 @@ void fe25519_pow2523(fe25519 *r, const f
- /* 2^252 - 2^2 */ fe25519_square(&t,&t);
- /* 2^252 - 3 */ fe25519_mul(r,&t,x);
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/fe25519.h new/fe25519.h
---- old/fe25519.h
-+++ new/fe25519.h
-@@ -8,6 +8,7 @@
-
- #ifndef FE25519_H
- #define FE25519_H
-+#ifndef WITHOUT_ED25519
-
- #include "crypto_api.h"
-
-@@ -67,4 +68,5 @@ void fe25519_invert(fe25519 *r, const fe
-
- void fe25519_pow2523(fe25519 *r, const fe25519 *x);
-
-+#endif /* WITHOUT_ED25519 */
- #endif
-diff -pur old/ge25519.c new/ge25519.c
---- old/ge25519.c
-+++ new/ge25519.c
-@@ -7,6 +7,7 @@
- */
-
- #include "includes.h"
-+#ifndef WITHOUT_ED25519
-
- #include "fe25519.h"
- #include "sc25519.h"
-@@ -319,3 +320,4 @@ void ge25519_scalarmult_base(ge25519_p3
- ge25519_mixadd2(r, &t);
- }
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/ge25519.h new/ge25519.h
---- old/ge25519.h
-+++ new/ge25519.h
-@@ -8,6 +8,7 @@
-
- #ifndef GE25519_H
- #define GE25519_H
-+#ifndef WITHOUT_ED25519
-
- #include "fe25519.h"
- #include "sc25519.h"
-@@ -40,4 +41,5 @@ void ge25519_double_scalarmult_vartime(g
-
- void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
-
-+#endif /* WITHOUT_ED25519 */
- #endif
-diff -pur old/kex.c new/kex.c
---- old/kex.c
-+++ new/kex.c
-@@ -96,9 +96,11 @@ static const struct kexalg kexalgs[] = {
- # endif /* OPENSSL_HAS_NISTP521 */
- #endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
- { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
- #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
- { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
-diff -pur old/kex.h new/kex.h
---- old/kex.h
-+++ new/kex.h
-@@ -58,13 +58,17 @@
- #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
- #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
- #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
-+#ifndef WITHOUT_ED25519
- #define KEX_CURVE25519_SHA256 "[email protected]"
-+#endif /* WITHOUT_ED25519 */
-
- #define COMP_NONE 0
- #define COMP_ZLIB 1
- #define COMP_DELAYED 2
-
-+#ifndef WITHOUT_ED25519
- #define CURVE25519_SIZE 32
-+#endif /* WITHOUT_ED25519 */
-
- enum kex_init_proposals {
- PROPOSAL_KEX_ALGS,
-@@ -92,7 +96,9 @@ enum kex_exchange {
- KEX_DH_GEX_SHA1,
- KEX_DH_GEX_SHA256,
- KEX_ECDH_SHA2,
-+#ifndef WITHOUT_ED25519
- KEX_C25519_SHA256,
-+#endif /* WITHOUT_ED25519 */
- KEX_GSS_GRP1_SHA1,
- KEX_GSS_GRP14_SHA1,
- KEX_GSS_GEX_SHA1,
-@@ -161,8 +167,10 @@ struct kex {
- u_int min, max, nbits; /* GEX */
- EC_KEY *ec_client_key; /* ECDH */
- const EC_GROUP *ec_group; /* ECDH */
-+#ifndef WITHOUT_ED25519
- u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
- u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
-+#endif /* WITHOUT_ED25519 */
- };
-
- int kex_names_valid(const char *);
-@@ -191,8 +199,10 @@ int kexgex_client(struct ssh *);
- int kexgex_server(struct ssh *);
- int kexecdh_client(struct ssh *);
- int kexecdh_server(struct ssh *);
-+#ifndef WITHOUT_ED25519
- int kexc25519_client(struct ssh *);
- int kexc25519_server(struct ssh *);
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- int kexgss_client(struct ssh *);
- int kexgss_server(struct ssh *);
-@@ -213,6 +223,7 @@ int kex_ecdh_hash(int, const EC_GROUP *,
- const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
- const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
-
-+#ifndef WITHOUT_ED25519
- int kex_c25519_hash(int, const char *, const char *, const char *, size_t,
- const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,
- const u_char *, size_t, u_char *, size_t *);
-@@ -224,6 +235,7 @@ int kexc25519_shared_key(const u_char ke
- const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
- __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
- __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-+#endif /* WITHOUT_ED25519 */
-
- int
- derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
-diff -pur old/kexc25519.c new/kexc25519.c
---- old/kexc25519.c
-+++ new/kexc25519.c
-@@ -27,6 +27,7 @@
-
- #include "includes.h"
-
-+#ifndef WITHOUT_ED25519
- #include <sys/types.h>
-
- #include <signal.h>
-@@ -131,3 +132,4 @@ kex_c25519_hash(
- #endif
- return 0;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/kexc25519c.c new/kexc25519c.c
---- old/kexc25519c.c
-+++ new/kexc25519c.c
-@@ -27,6 +27,7 @@
-
- #include "includes.h"
-
-+#ifndef WITHOUT_ED25519
- #include <sys/types.h>
-
- #include <stdio.h>
-@@ -168,3 +169,4 @@ out:
- sshbuf_free(shared_secret);
- return r;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/kexc25519s.c new/kexc25519s.c
---- old/kexc25519s.c
-+++ new/kexc25519s.c
-@@ -26,6 +26,8 @@
-
- #include "includes.h"
-
-+#ifndef WITHOUT_ED25519
-+
- #include <sys/types.h>
- #include <stdio.h>
- #include <string.h>
-@@ -157,3 +159,4 @@ out:
- sshbuf_free(shared_secret);
- return r;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/monitor.c new/monitor.c
---- old/monitor.c
-+++ new/monitor.c
-@@ -1941,7 +1941,9 @@ monitor_apply_keystate(struct monitor *p
- kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
- # endif
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- kex->kex[KEX_C25519_SHA256] = kexc25519_server;
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- if (options.gss_keyex) {
- kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
-diff -pur old/myproposal.h new/myproposal.h
---- old/myproposal.h
-+++ new/myproposal.h
-@@ -59,6 +59,20 @@
- # define HOSTKEY_ECDSA_METHODS
- #endif
-
-+#ifndef WITHOUT_ED25519
-+# if defined(WITH_OPENSSL) && defined(HAVE_EVP_SHA256)
-+# define KEX_CURVE25519_METHODS "[email protected],"
-+# else
-+# define KEX_CURVE25519_METHODS
-+# endif
-+# define HOSTKEY_CURVE25519_CERT_METHODS "[email protected],"
-+# define HOSTKEY_CURVE25519_METHODS "ssh-ed25519,"
-+#else
-+# define KEX_CURVE25519_METHODS
-+# define HOSTKEY_CURVE25519_CERT_METHODS
-+# define HOSTKEY_CURVE25519_METHODS
-+#endif /* WITHOUT_ED25519 */
-+
- #ifdef OPENSSL_HAVE_EVPGCM
- # define AESGCM_CIPHER_MODES \
- ",[email protected],[email protected]"
-@@ -78,11 +92,6 @@
- #endif
-
- #ifdef WITH_OPENSSL
--# ifdef HAVE_EVP_SHA256
--# define KEX_CURVE25519_METHODS "[email protected],"
--# else
--# define KEX_CURVE25519_METHODS ""
--# endif
- #define KEX_COMMON_KEX \
- KEX_CURVE25519_METHODS \
- KEX_ECDH_METHODS \
-@@ -97,10 +106,10 @@
-
- #define KEX_DEFAULT_PK_ALG \
- HOSTKEY_ECDSA_CERT_METHODS \
-- "[email protected]," \
-+ HOSTKEY_CURVE25519_CERT_METHODS \
- "[email protected]," \
- HOSTKEY_ECDSA_METHODS \
-- "ssh-ed25519," \
-+ HOSTKEY_CURVE25519_METHODS \
- "ssh-rsa" \
-
- /* the actual algorithms */
-@@ -141,10 +150,10 @@
- #else
-
- #define KEX_SERVER_KEX \
-- "[email protected]"
-+ KEX_CURVE25519_METHODS
- #define KEX_DEFAULT_PK_ALG \
-- "[email protected]," \
-- "ssh-ed25519"
-+ HOSTKEY_CURVE25519_CERT_METHODS \
-+ HOSTKEY_CURVE25519_METHODS
- #define KEX_SERVER_ENCRYPT \
- "[email protected]," \
- "aes128-ctr,aes192-ctr,aes256-ctr"
-diff -pur old/openbsd-compat/Makefile.in new/openbsd-compat/Makefile.in
---- old/openbsd-compat/Makefile.in
-+++ new/openbsd-compat/Makefile.in
-@@ -32,7 +32,7 @@ $(OPENBSD): ../config.h
- $(PORTS): ../config.h
-
- libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS)
-- $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS)
-+ $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) ../hash.o ../blocks.o
- $(RANLIB) $@
-
- clean:
-diff -pur old/pathnames.h new/pathnames.h
---- old/pathnames.h
-+++ new/pathnames.h
-@@ -39,7 +39,9 @@
- #define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key"
- #define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key"
- #define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key"
-+#ifndef WITHOUT_ED25519
- #define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key"
-+#endif /* WITHOUT_ED25519 */
- #define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
- #define _PATH_DH_MODULI SSHDIR "/moduli"
- /* Backwards compatibility */
-@@ -78,7 +80,9 @@
- #define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa"
- #define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa"
- #define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa"
-+#ifndef WITHOUT_ED25519
- #define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519"
-+#endif /* WITHOUT_ED25519 */
-
- /*
- * Configuration file in user's home directory. This file need not be
-diff -pur old/readconf.c new/readconf.c
---- old/readconf.c
-+++ new/readconf.c
-@@ -1846,8 +1846,10 @@ fill_default_options(Options * options)
- add_identity_file(options, "~/",
- _PATH_SSH_CLIENT_ID_ECDSA, 0);
- #endif
-+#ifndef WITHOUT_ED25519
- add_identity_file(options, "~/",
- _PATH_SSH_CLIENT_ID_ED25519, 0);
-+#endif /* WITHOUT_ED25519 */
- }
- }
- if (options->escape_char == -1)
-diff -pur old/servconf.c new/servconf.c
---- old/servconf.c
-+++ new/servconf.c
-@@ -222,8 +222,10 @@ fill_default_server_options(ServerOption
- options->host_key_files[options->num_host_key_files++] =
- _PATH_HOST_ECDSA_KEY_FILE;
- #endif
-+#ifndef WITHOUT_ED25519
- options->host_key_files[options->num_host_key_files++] =
- _PATH_HOST_ED25519_KEY_FILE;
-+#endif /* WITHOUT_ED25519 */
- }
- }
- /* No certificates by default */
-diff -pur old/smult_curve25519_ref.c new/smult_curve25519_ref.c
---- old/smult_curve25519_ref.c
-+++ new/smult_curve25519_ref.c
-@@ -6,6 +6,8 @@ Public domain.
- Derived from public domain code by D. J. Bernstein.
- */
-
-+#ifndef WITHOUT_ED25519
-+
- int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *);
-
- static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
-@@ -263,3 +265,4 @@ int crypto_scalarmult_curve25519(unsigne
- for (i = 0;i < 32;++i) q[i] = work[64 + i];
- return 0;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/ssh-add.0 new/ssh-add.0
---- old/ssh-add.0
-+++ new/ssh-add.0
-@@ -11,7 +11,7 @@ SYNOPSIS
- DESCRIPTION
- ssh-add adds private key identities to the authentication agent,
- ssh-agent(1). When run without arguments, it adds the files
-- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
-+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, and
- ~/.ssh/identity. After loading a private key, ssh-add will try to load
- corresponding certificate information from the filename obtained by
- appending -cert.pub to the name of the private key file. Alternative
-@@ -97,14 +97,6 @@ FILES
- Contains the protocol version 2 DSA authentication identity of
- the user.
-
-- ~/.ssh/id_ecdsa
-- Contains the protocol version 2 ECDSA authentication identity of
-- the user.
--
-- ~/.ssh/id_ed25519
-- Contains the protocol version 2 Ed25519 authentication identity
-- of the user.
--
- ~/.ssh/id_rsa
- Contains the protocol version 2 RSA authentication identity of
- the user.
-diff -pur old/ssh-add.1 new/ssh-add.1
---- old/ssh-add.1
-+++ new/ssh-add.1
-@@ -58,8 +58,6 @@ adds private key identities to the authe
- When run without arguments, it adds the files
- .Pa ~/.ssh/id_rsa ,
- .Pa ~/.ssh/id_dsa ,
--.Pa ~/.ssh/id_ecdsa ,
--.Pa ~/.ssh/id_ed25519
- and
- .Pa ~/.ssh/identity .
- After loading a private key,
-@@ -178,10 +176,6 @@ socket used to communicate with the agen
- Contains the protocol version 1 RSA authentication identity of the user.
- .It Pa ~/.ssh/id_dsa
- Contains the protocol version 2 DSA authentication identity of the user.
--.It Pa ~/.ssh/id_ecdsa
--Contains the protocol version 2 ECDSA authentication identity of the user.
--.It Pa ~/.ssh/id_ed25519
--Contains the protocol version 2 Ed25519 authentication identity of the user.
- .It Pa ~/.ssh/id_rsa
- Contains the protocol version 2 RSA authentication identity of the user.
- .El
-diff -pur old/ssh-add.c new/ssh-add.c
---- old/ssh-add.c
-+++ new/ssh-add.c
-@@ -78,7 +78,9 @@ static char *default_files[] = {
- _PATH_SSH_CLIENT_ID_ECDSA,
- #endif
- #endif /* WITH_OPENSSL */
-- _PATH_SSH_CLIENT_ID_ED25519,
-+#ifndef WITHOUT_ED25519
-+ _PATH_SSH_CLIENT_ID_ED25519,
-+#endif /* WITHOUT_ED25519 */
- #ifdef WITH_SSH1
- _PATH_SSH_CLIENT_IDENTITY,
- #endif
-diff -pur old/ssh-agent.0 new/ssh-agent.0
---- old/ssh-agent.0
-+++ new/ssh-agent.0
-@@ -10,7 +10,7 @@ SYNOPSIS
-
- DESCRIPTION
- ssh-agent is a program to hold private keys used for public key
-- authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started
-+ authentication (RSA, DSA). ssh-agent is usually started
- in the beginning of an X-session or a login session, and all other
- windows or programs are started as clients to the ssh-agent program.
- Through use of environment variables the agent can be located and
-diff -pur old/ssh-agent.1 new/ssh-agent.1
---- old/ssh-agent.1
-+++ new/ssh-agent.1
-@@ -54,7 +54,7 @@
- .Sh DESCRIPTION
- .Nm
- is a program to hold private keys used for public key authentication
--(RSA, DSA, ECDSA, Ed25519).
-+(RSA, DSA).
- .Nm
- is usually started in the beginning of an X-session or a login session, and
- all other windows or programs are started as clients to the ssh-agent
-diff -pur old/ssh-ed25519.c new/ssh-ed25519.c
---- old/ssh-ed25519.c
-+++ new/ssh-ed25519.c
-@@ -17,6 +17,8 @@
-
- #include "includes.h"
-
-+#ifndef WITHOUT_ED25519
-+
- #include <sys/types.h>
- #include <limits.h>
-
-@@ -164,3 +166,4 @@ ssh_ed25519_verify(const struct sshkey *
- free(ktype);
- return r;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/ssh-keygen.0 new/ssh-keygen.0
---- old/ssh-keygen.0
-+++ new/ssh-keygen.0
-@@ -4,7 +4,7 @@ NAME
- ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
-
- SYNOPSIS
-- ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
-+ ssh-keygen [-q] [-b bits] [-t dsa | rsa | rsa1]
- [-N new_passphrase] [-C comment] [-f output_keyfile]
- ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
- ssh-keygen -i [-m key_format] [-f input_keyfile]
-@@ -32,7 +32,7 @@ SYNOPSIS
- DESCRIPTION
- ssh-keygen generates, manages and converts authentication keys for
- ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
-- and DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
-+ and DSA or RSA keys for use by SSH protocol version 2.
- The type of key to be generated is specified with the -t option. If
- invoked without any arguments, ssh-keygen will generate an RSA key for
- use in SSH protocol 2 connections.
-@@ -46,7 +46,7 @@ DESCRIPTION
-
- Normally each user wishing to use SSH with public key authentication runs
- this once to create the authentication key in ~/.ssh/identity,
-- ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa.
-+ ~/.ssh/id_dsa or ~/.ssh/id_rsa.
- Additionally, the system administrator may use this to generate host
- keys, as seen in /etc/rc.
-
-@@ -79,14 +79,14 @@ DESCRIPTION
-
- The options are as follows:
-
-- -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
-+ -A For each of the key types (rsa1, rsa and dsa) for
- which host keys do not exist, generate the host keys with the
- default key file path, an empty passphrase, default bits for the
- key type, and default comment. This is used by /etc/rc to
- generate new host keys.
-
- -a rounds
-- When saving a new-format private key (i.e. an ed25519 key or any
-+ When saving a new-format private key (i.e.
- SSH protocol 2 key when the -o flag is set), this option
- specifies the number of KDF (key derivation function) rounds
- used. Higher numbers result in slower passphrase verification
-@@ -103,12 +103,7 @@ DESCRIPTION
- Specifies the number of bits in the key to create. For RSA keys,
- the minimum size is 1024 bits and the default is 2048 bits.
- Generally, 2048 bits is considered sufficient. DSA keys must be
-- exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
-- the -b flag determines the key length by selecting from one of
-- three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
-- use bit lengths other than these three values for ECDSA keys will
-- fail. Ed25519 keys have a fixed length and the -b flag will be
-- ignored.
-+ exactly 1024 bits as specified by FIPS 186-2.
-
- -C comment
- Provides a new comment.
-@@ -279,7 +274,7 @@ DESCRIPTION
- new OpenSSH format rather than the more compatible PEM format.
- The new format has increased resistance to brute-force password
- cracking but is not supported by versions of OpenSSH prior to
-- 6.5. Ed25519 keys always use the new private key format.
-+ 6.5.
-
- -P passphrase
- Provides the (old) passphrase.
-@@ -318,9 +313,9 @@ DESCRIPTION
- Test DH group exchange candidate primes (generated using the -G
- option) for safety.
-
-- -t dsa | ecdsa | ed25519 | rsa | rsa1
-+ -t dsa | rsa | rsa1
- Specifies the type of key to create. The possible values are
-- M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or
-+ M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], or
- M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.
-
- -u Update a KRL. When specified with -k, keys listed via the
-@@ -525,10 +520,8 @@ FILES
- contents of this file secret.
-
- ~/.ssh/id_dsa
-- ~/.ssh/id_ecdsa
-- ~/.ssh/id_ed25519
- ~/.ssh/id_rsa
-- Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
-+ Contains the protocol version 2 DSA or RSA
- authentication identity of the user. This file should not be
- readable by anyone but the user. It is possible to specify a
- passphrase when generating the key; that passphrase will be used
-@@ -538,10 +531,8 @@ FILES
- read this file when a login attempt is made.
-
- ~/.ssh/id_dsa.pub
-- ~/.ssh/id_ecdsa.pub
-- ~/.ssh/id_ed25519.pub
- ~/.ssh/id_rsa.pub
-- Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public
-+ Contains the protocol version 2 DSA or RSA public
- key for authentication. The contents of this file should be
- added to ~/.ssh/authorized_keys on all machines where the user
- wishes to log in using public key authentication. There is no
-diff -pur old/ssh-keygen.1 new/ssh-keygen.1
---- old/ssh-keygen.1
-+++ new/ssh-keygen.1
-@@ -46,7 +46,7 @@
- .Nm ssh-keygen
- .Op Fl q
- .Op Fl b Ar bits
--.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
-+.Op Fl t Cm dsa | rsa | rsa1
- .Op Fl N Ar new_passphrase
- .Op Fl C Ar comment
- .Op Fl f Ar output_keyfile
-@@ -142,7 +142,7 @@ generates, manages and converts authenti
- .Xr ssh 1 .
- .Nm
- can create RSA keys for use by SSH protocol version 1 and
--DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
-+DSA or RSA keys for use by SSH protocol version 2.
- The type of key to be generated is specified with the
- .Fl t
- option.
-@@ -170,8 +170,6 @@ with public key authentication runs this
- key in
- .Pa ~/.ssh/identity ,
- .Pa ~/.ssh/id_dsa ,
--.Pa ~/.ssh/id_ecdsa ,
--.Pa ~/.ssh/id_ed25519
- or
- .Pa ~/.ssh/id_rsa .
- Additionally, the system administrator may use this to generate host keys,
-@@ -219,7 +217,7 @@ should be placed to be activated.
- The options are as follows:
- .Bl -tag -width Ds
- .It Fl A
--For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
-+For each of the key types (rsa1, rsa and dsa)
- for which host keys
- do not exist, generate the host keys with the default key file path,
- an empty passphrase, default bits for the key type, and default comment.
-@@ -227,7 +225,7 @@ This is used by
- .Pa /etc/rc
- to generate new host keys.
- .It Fl a Ar rounds
--When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
-+When saving a new-format private key (i.e. SSH protocol
- 2 key when the
- .Fl o
- flag is set), this option specifies the number of KDF (key derivation function)
-@@ -247,15 +245,6 @@ Specifies the number of bits in the key
- For RSA keys, the minimum size is 1024 bits and the default is 2048 bits.
- Generally, 2048 bits is considered sufficient.
- DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
--For ECDSA keys, the
--.Fl b
--flag determines the key length by selecting from one of three elliptic
--curve sizes: 256, 384 or 521 bits.
--Attempting to use bit lengths other than these three values for ECDSA keys
--will fail.
--Ed25519 keys have a fixed length and the
--.Fl b
--flag will be ignored.
- .It Fl C Ar comment
- Provides a new comment.
- .It Fl c
-@@ -478,7 +467,6 @@ to save SSH protocol 2 private keys usin
- the more compatible PEM format.
- The new format has increased resistance to brute-force password cracking
- but is not supported by versions of OpenSSH prior to 6.5.
--Ed25519 keys always use the new private key format.
- .It Fl P Ar passphrase
- Provides the (old) passphrase.
- .It Fl p
-@@ -524,14 +512,12 @@ section for details.
- Test DH group exchange candidate primes (generated using the
- .Fl G
- option) for safety.
--.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
-+.It Fl t Cm dsa | rsa | rsa1
- Specifies the type of key to create.
- The possible values are
- .Dq rsa1
- for protocol version 1 and
- .Dq dsa ,
--.Dq ecdsa ,
--.Dq ed25519 ,
- or
- .Dq rsa
- for protocol version 2.
-@@ -810,10 +796,8 @@ where the user wishes to log in using RS
- There is no need to keep the contents of this file secret.
- .Pp
- .It Pa ~/.ssh/id_dsa
--.It Pa ~/.ssh/id_ecdsa
--.It Pa ~/.ssh/id_ed25519
- .It Pa ~/.ssh/id_rsa
--Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
-+Contains the protocol version 2 DSA or RSA
- authentication identity of the user.
- This file should not be readable by anyone but the user.
- It is possible to
-@@ -826,10 +810,8 @@ but it is offered as the default file fo
- will read this file when a login attempt is made.
- .Pp
- .It Pa ~/.ssh/id_dsa.pub
--.It Pa ~/.ssh/id_ecdsa.pub
--.It Pa ~/.ssh/id_ed25519.pub
- .It Pa ~/.ssh/id_rsa.pub
--Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
-+Contains the protocol version 2 DSA or RSA
- public key for authentication.
- The contents of this file should be added to
- .Pa ~/.ssh/authorized_keys
-diff -pur old/ssh-keygen.c new/ssh-keygen.c
---- old/ssh-keygen.c
-+++ new/ssh-keygen.c
-@@ -217,7 +217,11 @@ type_bits_valid(int type, const char *na
- fatal("key bits exceeds maximum %d", maxbits);
- if (type == KEY_DSA && *bitsp != 1024)
- fatal("DSA keys must be 1024 bits");
-- else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024)
-+ else if (type != KEY_ECDSA &&
-+#ifndef WITHOUT_ED25519
-+ type != KEY_ED25519 &&
-+#endif /* WITHOUT_ED25519 */
-+ *bitsp < 1024)
- fatal("Key must at least be 1024 bits");
- else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
- fatal("Invalid ECDSA key length - valid lengths are "
-@@ -252,10 +256,12 @@ ask_filename(struct passwd *pw, const ch
- case KEY_RSA:
- name = _PATH_SSH_CLIENT_ID_RSA;
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- name = _PATH_SSH_CLIENT_ID_ED25519;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- fatal("bad key type");
- }
-@@ -939,7 +945,9 @@ do_gen_all_hostkeys(struct passwd *pw)
- { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
- #endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-- { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
-+#ifndef WITHOUT_ED25519
-+ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
-+#endif /* WITHOUT_ED25519 */
- { NULL, NULL, NULL }
- };
-
-@@ -1605,7 +1613,10 @@ do_ca_sign(struct passwd *pw, int argc,
- fatal("%s: unable to open \"%s\": %s",
- __func__, tmp, ssh_err(r));
- if (public->type != KEY_RSA && public->type != KEY_DSA &&
-- public->type != KEY_ECDSA && public->type != KEY_ED25519)
-+#ifndef WITHOUT_ED25519
-+ public->type != KEY_ED25519 &&
-+#endif /* WITHOUT_ED25519 */
-+ public->type != KEY_ECDSA)
- fatal("%s: key \"%s\" type %s cannot be certified",
- __func__, tmp, sshkey_type(public));
-
-@@ -2502,8 +2513,10 @@ main(int argc, char **argv)
- _PATH_HOST_DSA_KEY_FILE, rr_hostname);
- n += do_print_resource_record(pw,
- _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
-+#ifndef WITHOUT_ED25519
- n += do_print_resource_record(pw,
- _PATH_HOST_ED25519_KEY_FILE, rr_hostname);
-+#endif /* WITHOUT_ED25519 */
- if (n == 0)
- fatal("no keys found.");
- exit(0);
-diff -pur old/ssh-keyscan.0 new/ssh-keyscan.0
---- old/ssh-keyscan.0
-+++ new/ssh-keyscan.0
-@@ -48,9 +48,9 @@ DESCRIPTION
- -t type
- Specifies the type of the key to fetch from the scanned hosts.
- The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^],
-- M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple
-+ or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple
- values may be specified by separating them with commas. The
-- default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys.
-+ default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^] keys.
-
- -v Verbose mode. Causes ssh-keyscan to print debugging messages
- about its progress.
-@@ -72,12 +72,11 @@ FILES
-
- host-or-namelist bits exponent modulus
-
-- Output format for RSA, DSA, ECDSA, and Ed25519 keys:
-+ Output format for RSA, and DSA keys:
-
- host-or-namelist keytype base64-encoded-key
-
-- Where keytype is either M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^],
-- M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
-+ Where keytype is either M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
-
- /etc/ssh/ssh_known_hosts
-
-@@ -89,7 +88,7 @@ EXAMPLES
- Find all hosts from the file ssh_hosts which have new or different keys
- from those in the sorted file ssh_known_hosts:
-
-- $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \
-+ $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \
- sort -u - ssh_known_hosts | diff ssh_known_hosts -
-
- SEE ALSO
-diff -pur old/ssh-keyscan.1 new/ssh-keyscan.1
---- old/ssh-keyscan.1
-+++ new/ssh-keyscan.1
-@@ -90,18 +90,13 @@ Specifies the type of the key to fetch f
- The possible values are
- .Dq rsa1
- for protocol version 1 and
--.Dq dsa ,
--.Dq ecdsa ,
--.Dq ed25519 ,
-+.Dq dsa
- or
- .Dq rsa
- for protocol version 2.
- Multiple values may be specified by separating them with commas.
- The default is to fetch
--.Dq rsa ,
--.Dq ecdsa ,
--and
--.Dq ed25519
-+.Dq rsa
- keys.
- .It Fl v
- Verbose mode.
-@@ -130,7 +125,7 @@ Output format for RSA1 keys:
- host-or-namelist bits exponent modulus
- .Ed
- .Pp
--Output format for RSA, DSA, ECDSA, and Ed25519 keys:
-+Output format for RSA and DSA keys:
- .Bd -literal
- host-or-namelist keytype base64-encoded-key
- .Ed
-@@ -138,10 +133,6 @@ host-or-namelist keytype base64-encoded-
- Where
- .Ar keytype
- is either
--.Dq ecdsa-sha2-nistp256 ,
--.Dq ecdsa-sha2-nistp384 ,
--.Dq ecdsa-sha2-nistp521 ,
--.Dq ssh-ed25519 ,
- .Dq ssh-dss
- or
- .Dq ssh-rsa .
-@@ -159,7 +150,7 @@ Find all hosts from the file
- which have new or different keys from those in the sorted file
- .Pa ssh_known_hosts :
- .Bd -literal
--$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
-+$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
- sort -u - ssh_known_hosts | diff ssh_known_hosts -
- .Ed
- .Sh SEE ALSO
-diff -pur old/ssh-keyscan.c new/ssh-keyscan.c
---- old/ssh-keyscan.c
-+++ new/ssh-keyscan.c
-@@ -286,7 +286,9 @@ keygrab_ssh2(con *c)
- c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
- # endif
- #endif
-+#ifndef WITHOUT_ED25519
- c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
-+#endif /* WITHOUT_ED25519 */
- ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
- /*
- * do the key-exchange until an error occurs or until
-@@ -612,10 +614,15 @@ do_host(char *host)
- {
- char *name = strnnsep(&host, " \t\n");
- int j;
-+#ifndef WITHOUT_ED25519
-+ int max_kt = KT_ED25519;
-+#else
-+ int max_kt = KT_ECDSA;
-+#endif /* WITHOUT_ED25519 */
-
- if (name == NULL)
- return;
-- for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
-+ for (j = KT_RSA1; j <= max_kt; j *= 2) {
- if (get_keytypes & j) {
- while (ncon >= MAXCON)
- conloop();
-@@ -719,9 +726,11 @@ main(int argc, char **argv)
- case KEY_RSA:
- get_keytypes |= KT_RSA;
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- get_keytypes |= KT_ED25519;
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- fatal("unknown key type %s", tname);
- }
-diff -pur old/ssh-keysign.0 new/ssh-keysign.0
---- old/ssh-keysign.0
-+++ new/ssh-keysign.0
-@@ -24,8 +24,6 @@ FILES
- Controls whether ssh-keysign is enabled.
-
- /etc/ssh/ssh_host_dsa_key
-- /etc/ssh/ssh_host_ecdsa_key
-- /etc/ssh/ssh_host_ed25519_key
- /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys used to
- generate the digital signature. They should be owned by root,
-@@ -34,8 +32,6 @@ FILES
- host-based authentication is used.
-
- /etc/ssh/ssh_host_dsa_key-cert.pub
-- /etc/ssh/ssh_host_ecdsa_key-cert.pub
-- /etc/ssh/ssh_host_ed25519_key-cert.pub
- /etc/ssh/ssh_host_rsa_key-cert.pub
- If these files exist they are assumed to contain public
- certificate information corresponding with the private keys
-diff -pur old/ssh-keysign.8 new/ssh-keysign.8
---- old/ssh-keysign.8
-+++ new/ssh-keysign.8
-@@ -62,8 +62,6 @@ Controls whether
- is enabled.
- .Pp
- .It Pa /etc/ssh/ssh_host_dsa_key
--.It Pa /etc/ssh/ssh_host_ecdsa_key
--.It Pa /etc/ssh/ssh_host_ed25519_key
- .It Pa /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys used to
- generate the digital signature.
-@@ -74,8 +72,6 @@ Since they are readable only by root,
- must be set-uid root if host-based authentication is used.
- .Pp
- .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
--.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
--.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
- .It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
- If these files exist they are assumed to contain public certificate
- information corresponding with the private keys above.
-diff -pur old/ssh-keysign.c new/ssh-keysign.c
---- old/ssh-keysign.c
-+++ new/ssh-keysign.c
-@@ -168,7 +168,7 @@ main(int argc, char **argv)
- {
- struct sshbuf *b;
- Options options;
--#define NUM_KEYTYPES 4
-+#define NUM_KEYTYPES 3
- struct sshkey *keys[NUM_KEYTYPES], *key = NULL;
- struct passwd *pw;
- int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
-@@ -190,7 +190,9 @@ main(int argc, char **argv)
- /* XXX This really needs to read sshd_config for the paths */
- key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
- key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
-+#ifndef WITHOUT_ED25519
- key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
-+#endif /* WITHOUT_ED25519 */
- key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
-
- original_real_uid = getuid(); /* XXX readconf.c needs this */
-diff -pur old/ssh.0 new/ssh.0
---- old/ssh.0
-+++ new/ssh.0
-@@ -140,8 +140,8 @@ DESCRIPTION
- -i identity_file
- Selects a file from which the identity (private key) for public
- key authentication is read. The default is ~/.ssh/identity for
-- protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
-- ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
-+ protocol version 1, and ~/.ssh/id_dsa
-+ and ~/.ssh/id_rsa for protocol version 2.
- Identity files may also be specified on a per-host basis in the
- configuration file. It is possible to have multiple -i options
- (and multiple identities specified in configuration files). ssh
-@@ -463,7 +463,7 @@ AUTHENTICATION
- creates a public/private key pair for authentication purposes. The
- server knows the public key, and only the user knows the private key.
- ssh implements public key authentication protocol automatically, using
-- one of the DSA, ECDSA, Ed25519 or RSA algorithms. Protocol 1 is
-+ one of the DSA or RSA algorithms. Protocol 1 is
- restricted to using only RSA keys, but protocol 2 may use any. The
- HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA
- algorithms.
-@@ -476,11 +476,9 @@ AUTHENTICATION
-
- The user creates his/her key pair by running ssh-keygen(1). This stores
- the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
-- 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2
-- Ed25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
-- ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA),
-- ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2
-- Ed25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
-+ 2 DSA) or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
-+ ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA)
-+ or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
- directory. The user should then copy the public key to
- ~/.ssh/authorized_keys in his/her home directory on the remote machine.
- The authorized_keys file corresponds to the conventional ~/.rhosts file,
-@@ -825,7 +823,7 @@ FILES
- for the user, and not accessible by others.
-
- ~/.ssh/authorized_keys
-- Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
-+ Lists the public keys (DSA, RSA) that can be used
- for logging in as this user. The format of this file is
- described in the sshd(8) manual page. This file is not highly
- sensitive, but the recommended permissions are read/write for the
-@@ -843,8 +841,6 @@ FILES
-
- ~/.ssh/identity
- ~/.ssh/id_dsa
-- ~/.ssh/id_ecdsa
-- ~/.ssh/id_ed25519
- ~/.ssh/id_rsa
- Contains the private key for authentication. These files contain
- sensitive data and should be readable by the user but not
-@@ -856,8 +852,6 @@ FILES
-
- ~/.ssh/identity.pub
- ~/.ssh/id_dsa.pub
-- ~/.ssh/id_ecdsa.pub
-- ~/.ssh/id_ed25519.pub
- ~/.ssh/id_rsa.pub
- Contains the public key for authentication. These files are not
- sensitive and can (but need not) be readable by anyone.
-@@ -888,8 +882,6 @@ FILES
-
- /etc/ssh/ssh_host_key
- /etc/ssh/ssh_host_dsa_key
-- /etc/ssh/ssh_host_ecdsa_key
-- /etc/ssh/ssh_host_ed25519_key
- /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys and are
- used for host-based authentication. If protocol version 1 is
-diff -pur old/ssh.1 new/ssh.1
---- old/ssh.1
-+++ new/ssh.1
-@@ -292,9 +292,7 @@ public key authentication is read.
- The default is
- .Pa ~/.ssh/identity
- for protocol version 1, and
--.Pa ~/.ssh/id_dsa ,
--.Pa ~/.ssh/id_ecdsa ,
--.Pa ~/.ssh/id_ed25519
-+.Pa ~/.ssh/id_dsa
- and
- .Pa ~/.ssh/id_rsa
- for protocol version 2.
-@@ -848,7 +846,7 @@ key pair for authentication purposes.
- The server knows the public key, and only the user knows the private key.
- .Nm
- implements public key authentication protocol automatically,
--using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
-+using one of the DSA or RSA algorithms.
- Protocol 1 is restricted to using only RSA keys,
- but protocol 2 may use any.
- The HISTORY section of
-@@ -873,10 +871,6 @@ This stores the private key in
- (protocol 1),
- .Pa ~/.ssh/id_dsa
- (protocol 2 DSA),
--.Pa ~/.ssh/id_ecdsa
--(protocol 2 ECDSA),
--.Pa ~/.ssh/id_ed25519
--(protocol 2 Ed25519),
- or
- .Pa ~/.ssh/id_rsa
- (protocol 2 RSA)
-@@ -885,10 +879,6 @@ and stores the public key in
- (protocol 1),
- .Pa ~/.ssh/id_dsa.pub
- (protocol 2 DSA),
--.Pa ~/.ssh/id_ecdsa.pub
--(protocol 2 ECDSA),
--.Pa ~/.ssh/id_ed25519.pub
--(protocol 2 Ed25519),
- or
- .Pa ~/.ssh/id_rsa.pub
- (protocol 2 RSA)
-@@ -1444,7 +1434,7 @@ secret, but the recommended permissions
- and not accessible by others.
- .Pp
- .It Pa ~/.ssh/authorized_keys
--Lists the public keys (DSA, ECDSA, Ed25519, RSA)
-+Lists the public keys (DSA, RSA)
- that can be used for logging in as this user.
- The format of this file is described in the
- .Xr sshd 8
-@@ -1466,8 +1456,6 @@ above.
- .Pp
- .It Pa ~/.ssh/identity
- .It Pa ~/.ssh/id_dsa
--.It Pa ~/.ssh/id_ecdsa
--.It Pa ~/.ssh/id_ed25519
- .It Pa ~/.ssh/id_rsa
- Contains the private key for authentication.
- These files
-@@ -1481,8 +1469,6 @@ sensitive part of this file using 3DES.
- .Pp
- .It Pa ~/.ssh/identity.pub
- .It Pa ~/.ssh/id_dsa.pub
--.It Pa ~/.ssh/id_ecdsa.pub
--.It Pa ~/.ssh/id_ed25519.pub
- .It Pa ~/.ssh/id_rsa.pub
- Contains the public key for authentication.
- These files are not
-@@ -1521,8 +1507,6 @@ The file format and configuration option
- .Pp
- .It Pa /etc/ssh/ssh_host_key
- .It Pa /etc/ssh/ssh_host_dsa_key
--.It Pa /etc/ssh/ssh_host_ecdsa_key
--.It Pa /etc/ssh/ssh_host_ed25519_key
- .It Pa /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys
- and are used for host-based authentication.
-diff -pur old/ssh.c new/ssh.c
---- old/ssh.c
-+++ new/ssh.c
-@@ -1233,8 +1233,10 @@ main(int ac, char **av)
- sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
- _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
- #endif
-+#ifndef WITHOUT_ED25519
- sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519,
- _PATH_HOST_ED25519_KEY_FILE, "", NULL);
-+#endif /* WITHOUT_ED25519 */
- sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
- _PATH_HOST_RSA_KEY_FILE, "", NULL);
- sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
-@@ -1243,8 +1245,10 @@ main(int ac, char **av)
- sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
- _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
- #endif
-+#ifndef WITHOUT_ED25519
- sensitive_data.keys[6] = key_load_private_type(KEY_ED25519,
- _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
-+#endif /* WITHOUT_ED25519 */
- sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
- _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
- sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
-@@ -1261,8 +1265,10 @@ main(int ac, char **av)
- sensitive_data.keys[1] = key_load_cert(
- _PATH_HOST_ECDSA_KEY_FILE);
- #endif
-+#ifndef WITHOUT_ED25519
- sensitive_data.keys[2] = key_load_cert(
- _PATH_HOST_ED25519_KEY_FILE);
-+#endif /* WITHOUT_ED25519 */
- sensitive_data.keys[3] = key_load_cert(
- _PATH_HOST_RSA_KEY_FILE);
- sensitive_data.keys[4] = key_load_cert(
-@@ -1271,8 +1277,10 @@ main(int ac, char **av)
- sensitive_data.keys[5] = key_load_public(
- _PATH_HOST_ECDSA_KEY_FILE, NULL);
- #endif
-+#ifndef WITHOUT_ED25519
- sensitive_data.keys[6] = key_load_public(
- _PATH_HOST_ED25519_KEY_FILE, NULL);
-+#endif /* WITHOUT_ED25519 */
- sensitive_data.keys[7] = key_load_public(
- _PATH_HOST_RSA_KEY_FILE, NULL);
- sensitive_data.keys[8] = key_load_public(
-diff -pur old/ssh_api.c new/ssh_api.c
---- old/ssh_api.c
-+++ new/ssh_api.c
-@@ -109,7 +109,9 @@ ssh_init(struct ssh **sshp, int is_serve
- ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
- # endif
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
-+#endif /* WITHOUT_ED25519 */
- ssh->kex->load_host_public_key=&_ssh_host_public_key;
- ssh->kex->load_host_private_key=&_ssh_host_private_key;
- ssh->kex->sign=&_ssh_host_key_sign;
-@@ -123,7 +125,9 @@ ssh_init(struct ssh **sshp, int is_serve
- ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
- # endif
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
-+#endif /* WITHOUT_ED25519 */
- ssh->kex->verify_host_key =&_ssh_verify_host_key;
- }
- *sshp = ssh;
-diff -pur old/ssh_config.0 new/ssh_config.0
---- old/ssh_config.0
-+++ new/ssh_config.0
-@@ -444,13 +444,8 @@ DESCRIPTION
- specified key types will be appended to the default set instead
- of replacing them. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- The -Q option of ssh(1) may be used to list supported key types.
-
-@@ -461,13 +456,8 @@ DESCRIPTION
- key types will be appended to the default set instead of
- replacing them. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- If hostkeys are known for the destination host then this default
- is modified to prefer their algorithms.
-@@ -503,10 +493,10 @@ DESCRIPTION
- default is M-bM-^@M-^\noM-bM-^@M-^].
-
- IdentityFile
-- Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA
-+ Specifies a file from which the user's DSA or RSA
- authentication identity is read. The default is ~/.ssh/identity
-- for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
-- ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
-+ for protocol version 1, and ~/.ssh/id_dsa
-+ and ~/.ssh/id_rsa for protocol version 2.
- Additionally, any identities represented by the authentication
- agent will be used for authentication unless IdentitiesOnly is
- set. ssh(1) will try to load certificate information from the
-@@ -569,7 +559,6 @@ DESCRIPTION
- will be appended to the default set instead of replacing them.
- The default is:
-
-- [email protected],
- ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
- diffie-hellman-group-exchange-sha256,
- diffie-hellman-group-exchange-sha1,
-@@ -727,13 +716,8 @@ DESCRIPTION
- types after it will be appended to the default instead of
- replacing it. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- The -Q option of ssh(1) may be used to list supported key types.
-
-diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5
-+++ new/ssh_config.5
-@@ -806,13 +806,8 @@ character, then the specified key types
- instead of replacing them.
- The default for this option is:
- .Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
- [email protected],
--ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
--ssh-ed25519,ssh-rsa
-+ssh-rsa
- .Ed
- .Pp
- The
-@@ -829,13 +824,8 @@ character, then the specified key types
- instead of replacing them.
- The default for this option is:
- .Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
- [email protected],
--ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
--ssh-ed25519,ssh-rsa
-+ssh-rsa
- .Ed
- .Pp
- If hostkeys are known for the destination host then this default is modified
-@@ -890,14 +880,12 @@ offers many different identities.
- The default is
- .Dq no .
- .It Cm IdentityFile
--Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
-+Specifies a file from which the user's DSA or RSA authentication
- identity is read.
- The default is
- .Pa ~/.ssh/identity
- for protocol version 1, and
- .Pa ~/.ssh/id_dsa ,
--.Pa ~/.ssh/id_ecdsa ,
--.Pa ~/.ssh/id_ed25519
- and
- .Pa ~/.ssh/id_rsa
- for protocol version 2.
-@@ -1014,7 +1002,6 @@ character, then the specified methods wi
- instead of replacing them.
- The default is:
- .Bd -literal -offset indent
[email protected],
- ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
- diffie-hellman-group-exchange-sha256,
- diffie-hellman-group-exchange-sha1,
-@@ -1259,13 +1246,8 @@ character, then the key types after it w
- instead of replacing it.
- The default for this option is:
- .Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
- [email protected],
--ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
--ssh-ed25519,ssh-rsa
-+ssh-rsa
- .Ed
- .Pp
- The
-diff -pur old/sshconnect.c new/sshconnect.c
---- old/sshconnect.c
-+++ new/sshconnect.c
-@@ -1392,7 +1392,9 @@ show_other_keys(struct hostkeys *hostkey
- KEY_RSA,
- KEY_DSA,
- KEY_ECDSA,
-+#ifndef WITHOUT_ED25519
- KEY_ED25519,
-+#endif /* WITHOUT_ED25519 */
- -1
- };
- int i, ret = 0;
-diff -pur old/sshconnect2.c new/sshconnect2.c
---- old/sshconnect2.c
-+++ new/sshconnect2.c
-@@ -247,7 +247,9 @@ ssh_kex2(char *host, struct sockaddr *ho
- kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
- # endif
- #endif
-+#ifndef WITHOUT_ED25519
- kex->kex[KEX_C25519_SHA256] = kexc25519_client;
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- if (options.gss_keyex) {
- kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
-diff -pur old/sshd.0 new/sshd.0
---- old/sshd.0
-+++ new/sshd.0
-@@ -81,8 +81,7 @@ DESCRIPTION
- be given if sshd is not run as root (as the normal host key files
- are normally not readable by anyone but root). The default is
- /etc/ssh/ssh_host_key for protocol version 1, and
-- /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key.
-- /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
-+ /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key for
- protocol version 2. It is possible to have multiple host key
- files for the different protocol versions and host key
- algorithms.
-@@ -146,7 +145,7 @@ DESCRIPTION
- AUTHENTICATION
- The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to
- use protocol 2 only, though this can be changed via the Protocol option
-- in sshd_config(5). Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
-+ in sshd_config(5). Protocol 2 supports DSA and RSA keys;
- protocol 1 only supports RSA keys. For both protocols, each host has a
- host-specific key, normally 2048 bits, used to identify the host.
-
-@@ -279,15 +278,13 @@ AUTHORIZED_KEYS FILE FORMAT
- starts with a number). The bits, exponent, modulus, and comment fields
- give the RSA key for protocol version 1; the comment field is not used
- for anything (but may be convenient for the user to identify the key).
-- For protocol version 2 the keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^],
-- M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or
-- M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
-+ For protocol version 2 the keytype is M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
-
- Note that lines in this file are usually several hundred bytes long
- (because of the size of the public key encoding) up to a limit of 8
- kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
- kilobits. You don't want to type them in; instead, copy the
-- identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub
-+ identity.pub, id_dsa.pub or the id_rsa.pub
- file and edit it.
-
- sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
-@@ -514,7 +511,7 @@ FILES
- for the user, and not accessible by others.
-
- ~/.ssh/authorized_keys
-- Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
-+ Lists the public keys (DSA, RSA) that can be used
- for logging in as this user. The format of this file is
- described above. The content of the file is not highly
- sensitive, but the recommended permissions are read/write for the
-@@ -570,8 +567,6 @@ FILES
-
- /etc/ssh/ssh_host_key
- /etc/ssh/ssh_host_dsa_key
-- /etc/ssh/ssh_host_ecdsa_key
-- /etc/ssh/ssh_host_ed25519_key
- /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys. These
- files should only be owned by root, readable only by root, and
-@@ -580,8 +575,6 @@ FILES
-
- /etc/ssh/ssh_host_key.pub
- /etc/ssh/ssh_host_dsa_key.pub
-- /etc/ssh/ssh_host_ecdsa_key.pub
-- /etc/ssh/ssh_host_ed25519_key.pub
- /etc/ssh/ssh_host_rsa_key.pub
- These files contain the public parts of the host keys. These
- files should be world-readable but writable only by root. Their
-diff -pur old/sshd.8 new/sshd.8
---- old/sshd.8
-+++ new/sshd.8
-@@ -172,8 +172,6 @@ The default is
- .Pa /etc/ssh/ssh_host_key
- for protocol version 1, and
- .Pa /etc/ssh/ssh_host_dsa_key ,
--.Pa /etc/ssh/ssh_host_ecdsa_key .
--.Pa /etc/ssh/ssh_host_ed25519_key
- and
- .Pa /etc/ssh/ssh_host_rsa_key
- for protocol version 2.
-@@ -275,7 +273,7 @@ though this can be changed via the
- .Cm Protocol
- option in
- .Xr sshd_config 5 .
--Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
-+Protocol 2 supports DSA and RSA keys;
- protocol 1 only supports RSA keys.
- For both protocols,
- each host has a host-specific key,
-@@ -491,10 +489,6 @@ protocol version 1; the
- comment field is not used for anything (but may be convenient for the
- user to identify the key).
- For protocol version 2 the keytype is
--.Dq ecdsa-sha2-nistp256 ,
--.Dq ecdsa-sha2-nistp384 ,
--.Dq ecdsa-sha2-nistp521 ,
--.Dq ssh-ed25519 ,
- .Dq ssh-dss
- or
- .Dq ssh-rsa .
-@@ -506,8 +500,6 @@ keys up to 16 kilobits.
- You don't want to type them in; instead, copy the
- .Pa identity.pub ,
- .Pa id_dsa.pub ,
--.Pa id_ecdsa.pub ,
--.Pa id_ed25519.pub ,
- or the
- .Pa id_rsa.pub
- file and edit it.
-@@ -807,7 +799,7 @@ secret, but the recommended permissions
- and not accessible by others.
- .Pp
- .It Pa ~/.ssh/authorized_keys
--Lists the public keys (DSA, ECDSA, Ed25519, RSA)
-+Lists the public keys (DSA, RSA)
- that can be used for logging in as this user.
- The format of this file is described above.
- The content of the file is not highly sensitive, but the recommended
-@@ -881,8 +873,6 @@ rlogin/rsh.
- .Pp
- .It Pa /etc/ssh/ssh_host_key
- .It Pa /etc/ssh/ssh_host_dsa_key
--.It Pa /etc/ssh/ssh_host_ecdsa_key
--.It Pa /etc/ssh/ssh_host_ed25519_key
- .It Pa /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys.
- These files should only be owned by root, readable only by root, and not
-@@ -893,8 +883,6 @@ does not start if these files are group/
- .Pp
- .It Pa /etc/ssh/ssh_host_key.pub
- .It Pa /etc/ssh/ssh_host_dsa_key.pub
--.It Pa /etc/ssh/ssh_host_ecdsa_key.pub
--.It Pa /etc/ssh/ssh_host_ed25519_key.pub
- .It Pa /etc/ssh/ssh_host_rsa_key.pub
- These files contain the public parts of the host keys.
- These files should be world-readable but writable only by
-diff -pur old/sshd.c new/sshd.c
---- old/sshd.c
-+++ new/sshd.c
-@@ -811,7 +811,9 @@ list_hostkey_types(void)
- case KEY_RSA:
- case KEY_DSA:
- case KEY_ECDSA:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- if (buffer_len(&b) > 0)
- buffer_append(&b, ",", 1);
- p = key_ssh_name(key);
-@@ -826,7 +828,9 @@ list_hostkey_types(void)
- case KEY_RSA_CERT:
- case KEY_DSA_CERT:
- case KEY_ECDSA_CERT:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- if (buffer_len(&b) > 0)
- buffer_append(&b, ",", 1);
- p = key_ssh_name(key);
-@@ -852,7 +856,9 @@ get_hostkey_by_type(int type, int nid, i
- case KEY_RSA_CERT:
- case KEY_DSA_CERT:
- case KEY_ECDSA_CERT:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- key = sensitive_data.host_certificates[i];
- break;
- default:
-@@ -1810,7 +1816,9 @@ main(int ac, char **av)
- case KEY_RSA:
- case KEY_DSA:
- case KEY_ECDSA:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- if (have_agent || key != NULL)
- sensitive_data.have_ssh2_key = 1;
- break;
-@@ -2646,7 +2654,9 @@ do_ssh2_kex(void)
- kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
- # endif
- #endif
-+#ifndef WITHOUT_ED25519
- kex->kex[KEX_C25519_SHA256] = kexc25519_server;
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- if (options.gss_keyex) {
- kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
-diff -pur old/sshd_config.0 new/sshd_config.0
---- old/sshd_config.0
-+++ new/sshd_config.0
-@@ -403,13 +403,8 @@ DESCRIPTION
- specified key types will be appended to the default set instead
- of replacing them. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- The -Q option of ssh(1) may be used to list supported key types.
-
-@@ -438,8 +433,7 @@ DESCRIPTION
- HostKey
- Specifies a file containing a private host key used by SSH. The
- default is /etc/ssh/ssh_host_key for protocol version 1, and
-- /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
-- /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
-+ /etc/ssh/ssh_host_dsa_key, and /etc/ssh/ssh_host_rsa_key for
- protocol version 2.
-
- Note that sshd(8) will refuse to use a file if it is group/world-
-@@ -447,7 +441,7 @@ DESCRIPTION
- of the keys are actually used by sshd(8).
-
- It is possible to have multiple host key files. M-bM-^@M-^\rsa1M-bM-^@M-^] keys are
-- used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^] are
-+ used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] are
- used for version 2 of the SSH protocol. It is also possible to
- specify public host key files instead. In this case operations
- on the private key will be delegated to an ssh-agent(1).
-@@ -462,13 +456,8 @@ DESCRIPTION
- Specifies the protocol version 2 host key algorithms that the
- server offers. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- The list of available key types may also be obtained using the -Q
- option of ssh(1) with an argument of M-bM-^@M-^\keyM-bM-^@M-^].
-@@ -532,7 +521,6 @@ DESCRIPTION
- will be appended to the default set instead of replacing them.
- The supported algorithms are:
-
-- [email protected]
- diffie-hellman-group1-sha1
- diffie-hellman-group14-sha1
- diffie-hellman-group-exchange-sha1
-@@ -543,7 +531,6 @@ DESCRIPTION
-
- The default is:
-
-- [email protected],
- ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
- diffie-hellman-group-exchange-sha256,
- diffie-hellman-group14-sha1
-@@ -787,13 +774,8 @@ DESCRIPTION
- specified key types will be appended to the default set instead
- of replacing them. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- The -Q option of ssh(1) may be used to list supported key types.
-
-diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5
-+++ new/sshd_config.5
-@@ -712,8 +712,6 @@ The default is
- .Pa /etc/ssh/ssh_host_key
- for protocol version 1, and
- .Pa /etc/ssh/ssh_host_dsa_key ,
--.Pa /etc/ssh/ssh_host_ecdsa_key ,
--.Pa /etc/ssh/ssh_host_ed25519_key
- and
- .Pa /etc/ssh/ssh_host_rsa_key
- for protocol version 2.
-@@ -730,8 +728,6 @@ It is possible to have multiple host key
- .Dq rsa1
- keys are used for version 1 and
- .Dq dsa ,
--.Dq ecdsa ,
--.Dq ed25519
- or
- .Dq rsa
- are used for version 2 of the SSH protocol.
-@@ -878,8 +874,6 @@ The supported algorithms are:
- .Pp
- .Bl -item -compact -offset indent
- .It
[email protected]
--.It
- diffie-hellman-group1-sha1
- .It
- diffie-hellman-group14-sha1
-@@ -897,7 +891,6 @@ ecdh-sha2-nistp521
- .Pp
- The default is:
- .Bd -literal -offset indent
[email protected],
- ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
- diffie-hellman-group-exchange-sha256,
- diffie-hellman-group14-sha1
-diff -pur old/sshkey.c new/sshkey.c
---- old/sshkey.c
-+++ new/sshkey.c
-@@ -85,9 +85,11 @@ struct keytype {
- int cert;
- };
- static const struct keytype keytypes[] = {
-+#ifndef WITHOUT_ED25519
- { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },
- { "[email protected]", "ED25519-CERT",
- KEY_ED25519_CERT, 0, 1 },
-+#endif /* WITHOUT_ED25519 */
- #ifdef WITH_OPENSSL
- { NULL, "RSA1", KEY_RSA1, 0, 0 },
- { "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
-@@ -278,8 +280,10 @@ sshkey_size(const struct sshkey *k)
- case KEY_ECDSA_CERT:
- return sshkey_curve_nid_to_bits(k->ecdsa_nid);
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- return 256; /* XXX */
- }
- return 0;
-@@ -292,7 +296,9 @@ sshkey_type_is_valid_ca(int type)
- case KEY_RSA:
- case KEY_DSA:
- case KEY_ECDSA:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- return 1;
- default:
- return 0;
-@@ -318,8 +324,10 @@ sshkey_type_plain(int type)
- return KEY_DSA;
- case KEY_ECDSA_CERT:
- return KEY_ECDSA;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- return KEY_ED25519;
-+#endif /* WITHOUT_ED25519 */
- default:
- return type;
- }
-@@ -472,8 +480,10 @@ sshkey_new(int type)
- k->dsa = NULL;
- k->rsa = NULL;
- k->cert = NULL;
-+#ifndef WITHOUT_ED25519
- k->ed25519_sk = NULL;
- k->ed25519_pk = NULL;
-+#endif /* WITHOUT_ED25519 */
- switch (k->type) {
- #ifdef WITH_OPENSSL
- case KEY_RSA1:
-@@ -508,10 +518,12 @@ sshkey_new(int type)
- /* Cannot do anything until we know the group */
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- /* no need to prealloc */
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-@@ -558,10 +570,12 @@ sshkey_add_private(struct sshkey *k)
- /* Cannot do anything until we know the group */
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- /* no need to prealloc */
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-@@ -613,6 +627,7 @@ sshkey_free(struct sshkey *k)
- break;
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- if (k->ed25519_pk) {
-@@ -626,6 +641,7 @@ sshkey_free(struct sshkey *k)
- k->ed25519_sk = NULL;
- }
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-@@ -703,10 +719,12 @@ sshkey_equal_public(const struct sshkey
- return 1;
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
- memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
-+#endif /* WITHOUT_ED25519 */
- default:
- return 0;
- }
-@@ -749,7 +767,9 @@ to_blob_buf(const struct sshkey *key, st
- case KEY_ECDSA_CERT:
- case KEY_RSA_CERT:
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- /* Use the existing blob */
- /* XXX modified flag? */
- if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
-@@ -786,6 +806,7 @@ to_blob_buf(const struct sshkey *key, st
- return ret;
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- if (key->ed25519_pk == NULL)
- return SSH_ERR_INVALID_ARGUMENT;
-@@ -794,6 +815,7 @@ to_blob_buf(const struct sshkey *key, st
- key->ed25519_pk, ED25519_PK_SZ)) != 0)
- return ret;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_KEY_TYPE_UNKNOWN;
- }
-@@ -1267,11 +1289,13 @@ sshkey_read(struct sshkey *ret, char **c
- case KEY_RSA:
- case KEY_DSA:
- case KEY_ECDSA:
-- case KEY_ED25519:
-+#ifndef WITHOUT_ED25519
-+ case KEY_ED25519:
-+ case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- case KEY_DSA_CERT:
- case KEY_ECDSA_CERT:
- case KEY_RSA_CERT:
-- case KEY_ED25519_CERT:
- space = strchr(cp, ' ');
- if (space == NULL)
- return SSH_ERR_INVALID_FORMAT;
-@@ -1363,6 +1387,7 @@ sshkey_read(struct sshkey *ret, char **c
- }
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- if (sshkey_type_plain(ret->type) == KEY_ED25519) {
- free(ret->ed25519_pk);
- ret->ed25519_pk = k->ed25519_pk;
-@@ -1371,6 +1396,7 @@ sshkey_read(struct sshkey *ret, char **c
- /* XXX */
- #endif
- }
-+#endif /* WITHOUT_ED25519 */
- retval = 0;
- /*XXXX*/
- sshkey_free(k);
-@@ -1662,7 +1688,8 @@ sshkey_generate(int type, u_int bits, st
- if ((k = sshkey_new(KEY_UNSPEC)) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- switch (type) {
-- case KEY_ED25519:
-+#ifndef WITHOUT_ED25519
-+ case KEY_ED25519:
- if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL ||
- (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) {
- ret = SSH_ERR_ALLOC_FAIL;
-@@ -1671,6 +1698,7 @@ sshkey_generate(int type, u_int bits, st
- crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
- ret = 0;
- break;
-+#endif /* WITHOUT_ED25519 */
- #ifdef WITH_OPENSSL
- case KEY_DSA:
- ret = dsa_generate_private_key(bits, &k->dsa);
-@@ -1806,6 +1834,7 @@ sshkey_from_private(const struct sshkey
- }
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- if ((n = sshkey_new(k->type)) == NULL)
-@@ -1818,6 +1847,7 @@ sshkey_from_private(const struct sshkey
- memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
- }
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_KEY_TYPE_UNKNOWN;
- }
-@@ -2084,6 +2114,7 @@ sshkey_from_blob_internal(struct sshbuf
- break;
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- /* Skip nonce */
- if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {
-@@ -2105,6 +2136,7 @@ sshkey_from_blob_internal(struct sshbuf
- key->ed25519_pk = pk;
- pk = NULL;
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- if ((key = sshkey_new(type)) == NULL) {
- ret = SSH_ERR_ALLOC_FAIL;
-@@ -2197,9 +2229,11 @@ sshkey_sign(const struct sshkey *key,
- case KEY_RSA:
- return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat);
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_KEY_TYPE_UNKNOWN;
- }
-@@ -2229,9 +2263,11 @@ sshkey_verify(const struct sshkey *key,
- case KEY_RSA:
- return ssh_rsa_verify(key, sig, siglen, data, dlen, compat);
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat);
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_KEY_TYPE_UNKNOWN;
- }
-@@ -2255,8 +2291,10 @@ sshkey_demote(const struct sshkey *k, st
- pk->dsa = NULL;
- pk->ecdsa = NULL;
- pk->rsa = NULL;
-+#ifndef WITHOUT_ED25519
- pk->ed25519_pk = NULL;
- pk->ed25519_sk = NULL;
-+#endif /* WITHOUT_ED25519 */
-
- switch (k->type) {
- #ifdef WITH_OPENSSL
-@@ -2306,6 +2344,7 @@ sshkey_demote(const struct sshkey *k, st
- break;
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- if ((ret = sshkey_cert_copy(k, pk)) != 0)
- goto fail;
-@@ -2319,6 +2358,7 @@ sshkey_demote(const struct sshkey *k, st
- memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
- }
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- ret = SSH_ERR_KEY_TYPE_UNKNOWN;
- fail:
-@@ -2347,9 +2387,11 @@ sshkey_to_certified(struct sshkey *k)
- newtype = KEY_ECDSA_CERT;
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- newtype = KEY_ED25519_CERT;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_INVALID_ARGUMENT;
- }
-@@ -2428,11 +2470,13 @@ sshkey_certify(struct sshkey *k, struct
- goto out;
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- if ((ret = sshbuf_put_string(cert,
- k->ed25519_pk, ED25519_PK_SZ)) != 0)
- goto out;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- ret = SSH_ERR_INVALID_ARGUMENT;
- goto out;
-@@ -2607,6 +2651,7 @@ sshkey_private_serialize(const struct ss
- break;
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- if ((r = sshbuf_put_string(b, key->ed25519_pk,
- ED25519_PK_SZ)) != 0 ||
-@@ -2626,6 +2671,7 @@ sshkey_private_serialize(const struct ss
- ED25519_SK_SZ)) != 0)
- goto out;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- r = SSH_ERR_INVALID_ARGUMENT;
- goto out;
-@@ -2750,6 +2796,7 @@ sshkey_private_deserialize(struct sshbuf
- goto out;
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- if ((k = sshkey_new_private(type)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
-@@ -2780,6 +2827,7 @@ sshkey_private_deserialize(struct sshbuf
- k->ed25519_sk = ed25519_sk;
- ed25519_pk = ed25519_sk = NULL;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- r = SSH_ERR_KEY_TYPE_UNKNOWN;
- goto out;
-@@ -3545,9 +3593,11 @@ sshkey_private_to_fileblob(struct sshkey
- return sshkey_private_pem_to_blob(key, blob,
- passphrase, comment);
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- return sshkey_private_to_blob2(key, blob, passphrase,
- comment, new_format_cipher, new_format_rounds);
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_KEY_TYPE_UNKNOWN;
- }
-@@ -3853,9 +3903,11 @@ sshkey_parse_private_fileblob_type(struc
- return sshkey_parse_private_pem_fileblob(blob, type,
- passphrase, keyp);
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- return sshkey_parse_private2(blob, type, passphrase,
- keyp, commentp);
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- if ((r = sshkey_parse_private2(blob, type, passphrase, keyp,
- commentp)) == 0)
-diff -pur old/sshkey.h new/sshkey.h
---- old/sshkey.h
-+++ new/sshkey.h
-@@ -57,11 +57,15 @@ enum sshkey_types {
- KEY_RSA,
- KEY_DSA,
- KEY_ECDSA,
-- KEY_ED25519,
-+#ifndef WITHOUT_ED25519
-+ KEY_ED25519,
-+#endif /* WITHOUT_ED25519 */
- KEY_RSA_CERT,
- KEY_DSA_CERT,
- KEY_ECDSA_CERT,
-+#ifndef WITHOUT_ED25519
- KEY_ED25519_CERT,
-+#endif /* WITHOUT_ED25519 */
- KEY_NULL,
- KEY_UNSPEC
- };
-@@ -104,13 +108,17 @@ struct sshkey {
- DSA *dsa;
- int ecdsa_nid; /* NID of curve */
- EC_KEY *ecdsa;
-+#ifndef WITHOUT_ED25519
- u_char *ed25519_sk;
- u_char *ed25519_pk;
-+#endif /* WITHOUT_ED25519 */
- struct sshkey_cert *cert;
- };
-
-+#ifndef WITHOUT_ED25519
- #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
- #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
-+#endif /* WITHOUT_ED25519 */
-
- struct sshkey *sshkey_new(int);
- int sshkey_add_private(struct sshkey *);
-@@ -208,11 +216,13 @@ int ssh_ecdsa_sign(const struct sshkey *
- int ssh_ecdsa_verify(const struct sshkey *key,
- const u_char *signature, size_t signaturelen,
- const u_char *data, size_t datalen, u_int compat);
-+#ifndef WITHOUT_ED25519
- int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
- const u_char *data, size_t datalen, u_int compat);
- int ssh_ed25519_verify(const struct sshkey *key,
- const u_char *signature, size_t signaturelen,
- const u_char *data, size_t datalen, u_int compat);
-+#endif /* WITHOUT_ED25519 */
- #endif
-
- #if !defined(WITH_OPENSSL)