PSARC/2015/395 OpenSSH 7.1p1
PSARC 2014/390 OpenSSH GSSKEY
21696247 upgrade OpenSSH to 7.1p1
22031540 problem in UTILITY/OPENSSH
22022180 problem in UTILITY/OPENSSH
22048638 problem in UTILITY/OPENSSH
19775805 OpenSSH contains a redundant call to do_pam_setcred()
21379157 OpenSSH shouldn't call setproject(3PROJECT) when configured to use PAM
20919294 upgrade OpenSSH to 6.8p1
19130869 migrate the Xforwarding bug fix (15350344) from SunSSH to OpenSSH
21861322 OpenSSH client hangs on broken pipe
22018764 remove cast128-cbc from OpenSSH
21919790 add GSSKeyEx as an alias to GSSAPIKeyExchange in OpenSSH
19941148 GSS-API Key Exchange for OpenSSH
21643415 OpenSSH should use AI_ADDRCONFIG per bug 19827438
20370803 OpenSSH patch number collision
20711463 OpenSSH wants to be able to login to a role too
22389801 OpenSSH: remove cast from ssh(1), sshd(8), ssh_config(5) and sshd_config(5)
22582153 openssh system/linker should be added to core REQ
--- a/components/openssh/Makefile Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/Makefile Mon Jan 25 10:57:40 2016 -0800
@@ -18,29 +18,28 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
#
-COMPILER= gcc
-
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= openssh
-COMPONENT_VERSION= 6.5p1
+COMPONENT_VERSION= 7.1p1
HUMAN_VERSION= $(COMPONENT_VERSION)
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
# Version for IPS. The encoding rules are:
# OpenSSH <x>.<y>p<n> => IPS <x>.<y>.0.<n>
# OpenSSH <x>.<y>.<z>p<n> => IPS <x>.<y>.<z>.<n>
-IPS_COMPONENT_VERSION= 6.5.0.1
+IPS_COMPONENT_VERSION= 7.1.0.1
COMPONENT_PROJECT_URL= http://www.openssh.org/
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH= sha256:a1195ed55db945252d5a1730d4a2a2a5c1c9a6aa01ef2e5af750a962623d9027
+COMPONENT_ARCHIVE_HASH= sha256:fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428
COMPONENT_ARCHIVE_URL= http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB=utility/openssh
-TPNO= 16633
+TPNO_OPENSSH= 24282
+TPNO_GSSKEX= 20377
include $(WS_MAKE_RULES)/prep.mk
include $(WS_MAKE_RULES)/configure.mk
@@ -49,15 +48,18 @@
# Enable ASLR for this component
ASLR_MODE = $(ASLR_ENABLE)
+COMPILER= gcc
+
CFLAGS += -DSET_USE_PAM
CFLAGS += -DDEPRECATE_SUNSSH_OPT
CFLAGS += -DKRB5_BUILD_FIX
-CFLAGS += -DDTRACE_SFTP
CFLAGS += -DDISABLE_BANNER
CFLAGS += -DPAM_ENHANCEMENT
CFLAGS += -DPAM_BUGFIX
CFLAGS += -DOPTION_DEFAULT_VALUE
CFLAGS += -DWITHOUT_ED25519
+CFLAGS += -DPER_SESSION_XAUTHFILE
+CFLAGS += -DWITHOUT_CAST128
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
@@ -65,7 +67,7 @@
# pre-authentication phase, sshd will chroot to /var/empty which doesn't
# contain any files. If we use lazyloading, sshd will fail to find any
# libraries that it needs.
-CONFIGURE_OPTIONS += LDFLAGS="$(LDFLAGS) -B direct -z nolazyload"
+LDFLAGS += -B direct -z nolazyload
CONFIGURE_OPTIONS += --with-audit=solaris
CONFIGURE_OPTIONS += --with-libedit
@@ -73,7 +75,6 @@
CONFIGURE_OPTIONS += --with-pam
CONFIGURE_OPTIONS += --with-sandbox=no
CONFIGURE_OPTIONS += --with-solaris-contracts
-CONFIGURE_OPTIONS += --with-solaris-projects
CONFIGURE_OPTIONS += --with-tcp-wrappers
CONFIGURE_OPTIONS += --with-4in6
CONFIGURE_OPTIONS += --with-xauth=/usr/bin/xauth
@@ -89,6 +90,8 @@
COMPONENT_PREP_ACTION += ($(CP) sources/*.c $(@D)/)
# common targets
+configure: $(CONFIGURE_32)
+
build: $(BUILD_32)
install: $(INSTALL_32)
@@ -102,7 +105,7 @@
REQUIRED_PACKAGES += library/zlib
REQUIRED_PACKAGES += service/security/kerberos-5
REQUIRED_PACKAGES += system/library
-REQUIRED_PACKAGES += system/library/gcc-45-runtime
REQUIRED_PACKAGES += system/library/gcc/gcc-c-runtime
REQUIRED_PACKAGES += system/library/security/gss
REQUIRED_PACKAGES += system/linker
+REQUIRED_PACKAGES += text/groff/groff-core
--- a/components/openssh/openssh.p5m Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/openssh.p5m Mon Jan 25 10:57:40 2016 -0800
@@ -18,9 +18,9 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
#
-<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
+<transform file path=usr.*/man/.+ -> default mangler.man.stability "Pass-through Uncommitted">
set name=pkg.fmri \
value=pkg:/network/openssh@$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
set name=pkg.summary value=OpenSSH
@@ -29,7 +29,6 @@
set name=pkg.human-version value=$(HUMAN_VERSION)
set name=com.oracle.info.description \
value="OpenSSH, a suite of tools that help secure network connections"
-set name=com.oracle.info.tpno value=$(TPNO)
set name=info.classification \
value=org.opensolaris.category.2008:Applications/Internet \
value=org.opensolaris.category.2008:System/Security
@@ -128,7 +127,14 @@
group groupname=sshd gid=22
user username=sshd ftpuser=false gcos-field="sshd privsep" group=sshd \
home-dir=/var/empty login-shell=/bin/false uid=22
-license openssh.license license="BSD, BSD-like"
+license openssh.license license="BSD, BSD-like (OpenSSH)" \
+ com.oracle.info.description="OpenSSH, a suite of tools that help secure network connections" \
+ com.oracle.info.name=openssh com.oracle.info.tpno=$(TPNO_OPENSSH) \
+ com.oracle.info.version=$(COMPONENT_VERSION)
+license openssh.license license="BSD, BSD-like (gsskex)" \
+ com.oracle.info.description="GSS-API authenticated key exchange" \
+ com.oracle.info.name=gsskex com.oracle.info.tpno=$(TPNO_GSSKEX) \
+ com.oracle.info.version=5.7p1
depend type=conditional fmri=pkg:/x11/session/xauth \
predicate=pkg:/x11/library/libxau
depend type=require fmri=service/network/ssh-common
--- a/components/openssh/patches/003-last_login.patch Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/patches/003-last_login.patch Mon Jan 25 10:57:40 2016 -0800
@@ -12,58 +12,52 @@
# can't be changed so we update sshd's configuration parsing to flag
# this as unsupported and update the man page here.
#
-*** old/servconf.c Wed Sep 17 02:54:26 2014
---- new/servconf.c Wed Sep 17 02:56:55 2014
-***************
-*** 432,438 ****
---- 432,442 ----
- { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
- { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
- { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
-+ #ifdef DISABLE_LASTLOG
-+ { "printlastlog", sUnsupported, SSHCFG_GLOBAL },
-+ #else
- { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
-+ #endif
- { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
- { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
- { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
-*** old/sshd_config.5 Tue Sep 16 06:24:13 2014
---- new/sshd_config.5 Tue Sep 16 06:47:47 2014
-***************
-*** 1008,1015 ****
- .Xr sshd 1M
- should print the date and time of the last user login when a user logs
- in interactively.
-! The default is
-! .Dq yes .
- .It Cm PrintMotd
- Specifies whether
- .Xr sshd 1M
---- 1008,1015 ----
- .Xr sshd 1M
- should print the date and time of the last user login when a user logs
- in interactively.
-! On Solaris this option is always ignored since pam_unix_session(5)
-! reports the last login time.
- .It Cm PrintMotd
- Specifies whether
- .Xr sshd 1M
-***************
-*** 1349,1355 ****
- (though not necessary) that it be world-readable.
- .El
- .Sh SEE ALSO
-! .Xr sshd 8
- .Sh AUTHORS
- OpenSSH is a derivative of the original and free
- ssh 1.2.12 release by Tatu Ylonen.
---- 1349,1356 ----
- (though not necessary) that it be world-readable.
- .El
- .Sh SEE ALSO
-! .Xr sshd 8 ,
-! .Xr pam_unix_session 5
- .Sh AUTHORS
- OpenSSH is a derivative of the original and free
- ssh 1.2.12 release by Tatu Ylonen.
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c
++++ new/servconf.c
+@@ -504,7 +504,11 @@ static struct {
+ { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
+ { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
+ { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
++#ifdef DISABLE_LASTLOG
++ { "printlastlog", sUnsupported, SSHCFG_GLOBAL },
++#else
+ { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
++#endif
+ { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
+ { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
+ { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
+@@ -2268,7 +2272,9 @@ dump_config(ServerOptions *o)
+ dump_cfg_fmtint(sChallengeResponseAuthentication,
+ o->challenge_response_authentication);
+ dump_cfg_fmtint(sPrintMotd, o->print_motd);
++#ifndef DISABLE_LASTLOG
+ dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
++#endif /* !DISABLE_LASTLOG */
+ dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
+ dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
+ dump_cfg_fmtint(sPermitTTY, o->permit_tty);
+diff -pur old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5
++++ new/sshd_config.5
+@@ -1300,8 +1300,8 @@ Specifies whether
+ .Xr sshd 8
+ should print the date and time of the last user login when a user logs
+ in interactively.
+-The default is
+-.Dq yes .
++On Solaris this option is always ignored since pam_unix_session(5)
++reports the last login time.
+ .It Cm PrintMotd
+ Specifies whether
+ .Xr sshd 8
+@@ -1721,7 +1721,8 @@ This file should be writable by root onl
+ (though not necessary) that it be world-readable.
+ .El
+ .Sh SEE ALSO
+-.Xr sshd 8
++.Xr sshd 8 ,
++.Xr pam_unix_session 5
+ .Sh AUTHORS
+ OpenSSH is a derivative of the original and free
+ ssh 1.2.12 release by Tatu Ylonen.
--- a/components/openssh/patches/005-openssh_krb5_build_fix.patch Thu Jan 14 09:14:14 2016 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,102 +0,0 @@
-#
-# This is to work around an unresloved symbol problem with the Kerberos
-# build option. Unlike MIT Kerberos, the gss_krb5_copy_ccache() function
-# is not supported on Solaris, because it violates API abstraction. This
-# workaround disables delegated credentials storing on server side.
-#
-# The long term goal is to replace Solaris Kerberos libraries with MIT Kerberos
-# delivered from Userland gate (The Solaris MIT Kerberos Drop in Project).
-# After that, function gss_krb5_copy_ccache() will be available in Solaris and
-# the delegating credentials functionality will be made available using the
-# upstream code.
-#
---- orig/auth2-gss.c Fri Mar 21 10:41:03 2014
-+++ new/auth2-gss.c Fri Mar 21 11:13:57 2014
-@@ -47,6 +47,10 @@
-
- extern ServerOptions options;
-
-+#ifdef KRB5_BUILD_FIX
-+ extern gss_OID_set g_supported;
-+#endif
-+
- static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
- static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
- static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
-@@ -77,7 +81,13 @@
- return (0);
- }
-
-+#ifdef KRB5_BUILD_FIX
-+ /* use value obtained in privileged parent */
-+ supported = g_supported;
-+#else
- ssh_gssapi_supported_oids(&supported);
-+#endif
-+
- do {
- mechs--;
-
---- orig/configure Fri Mar 21 10:41:03 2014
-+++ new/configure Fri Mar 21 11:02:11 2014
-@@ -16634,6 +16634,12 @@
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
- $as_echo "no" >&6; }
- fi
-+
-+ # Oracle Solaris
-+ # OpenSSH is mixed-up gssapi AND krb5 aplication
-+ K5CFLAGS="$K5CFLAGS `$KRB5CONF --cflags krb5`"
-+ K5LIBS="$K5LIBS `$KRB5CONF --libs krb5`"
-+
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
- $as_echo_n "checking whether we are using Heimdal... " >&6; }
- cat confdefs.h - <<_ACEOF >conftest.$ac_ext
---- orig/sshd.c Fri Mar 21 10:41:03 2014
-+++ new/sshd.c Fri Mar 21 11:09:30 2014
-@@ -259,6 +259,11 @@
- /* Unprivileged user */
- struct passwd *privsep_pw = NULL;
-
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+/* Temporary storing supported GSS mechs */
-+gss_OID_set g_supported;
-+#endif
-+
- /* Prototypes for various functions defined later in this file. */
- void destroy_sensitive_data(void);
- void demote_sensitive_data(void);
-@@ -1407,6 +1412,10 @@
- av = saved_argv;
- #endif
-
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+ OM_uint32 ms;
-+#endif
-+
- if (geteuid() == 0 && setgroups(0, NULL) == -1)
- debug("setgroups(): %.200s", strerror(errno));
-
-@@ -2083,6 +2092,11 @@
- buffer_init(&loginmsg);
- auth_debug_reset();
-
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+ /* collect gss mechs for later use in privsep child */
-+ ssh_gssapi_supported_oids(&g_supported);
-+#endif
-+
- if (use_privsep) {
- if (privsep_preauth(authctxt) == 1)
- goto authenticated;
-@@ -2120,6 +2134,10 @@
- startup_pipe = -1;
- }
-
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+ gss_release_oid_set(&ms, &g_supported);
-+#endif
-+
- #ifdef SSH_AUDIT_EVENTS
- audit_event(SSH_AUTH_SUCCESS);
- #endif
--- a/components/openssh/patches/007-manpages.patch Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/patches/007-manpages.patch Mon Jan 25 10:57:40 2016 -0800
@@ -7,8 +7,10 @@
# pages, the section numbers of some OpenSSH man pages are changed to be the
# same as their corresponding ones in SunSSH.
#
---- orig/moduli.5 Thu Feb 6 10:00:17 2014
-+++ new/moduli.5 Thu Feb 6 10:08:07 2014
+
+diff -rupN old/moduli.5 new/moduli.5
+--- old/moduli.5 2015-12-08 21:19:59.482474430 -0800
++++ new/moduli.5 2015-12-08 21:15:53.128029200 -0800
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
@@ -27,7 +29,7 @@
in the Diffie-Hellman Group Exchange key exchange method.
.Pp
New moduli may be generated with
-@@ -40,7 +40,7 @@
+@@ -40,7 +40,7 @@ pass, using
.Ic ssh-keygen -T ,
provides a high degree of assurance that the numbers are prime and are
safe for use in Diffie-Hellman operations by
@@ -36,7 +38,7 @@
This
.Nm
format is used as the output from each pass.
-@@ -70,7 +70,7 @@
+@@ -70,7 +70,7 @@ are Sophie Germain primes (type 4).
Further primality testing with
.Xr ssh-keygen 1
produces safe prime moduli (type 2) that are ready for use in
@@ -45,7 +47,7 @@
Other types are not used by OpenSSH.
.It tests
Decimal number indicating the type of primality tests that the number
-@@ -105,16 +105,16 @@
+@@ -105,16 +105,16 @@ The modulus itself in hexadecimal.
.El
.Pp
When performing Diffie-Hellman Group Exchange,
@@ -65,18 +67,19 @@
.Sh STANDARDS
.Rs
.%A M. Friedl
---- orig/sftp-server.8 Thu Feb 6 10:01:20 2014
-+++ new/sftp-server.8 Thu Feb 6 10:09:59 2014
+diff -rupN old/sftp-server.8 new/sftp-server.8
+--- old/sftp-server.8 2015-12-08 21:04:19.872169630 -0800
++++ new/sftp-server.8 2015-12-08 21:36:18.267186200 -0800
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
- .Dd $Mdocdate: October 14 2013 $
+ .Dd $Mdocdate: December 11 2014 $
-.Dt SFTP-SERVER 8
-+.Dt SFTP-SERVER 1M
++.Dt SFTP-SERVER 1M
.Os
.Sh NAME
.Nm sftp-server
-@@ -47,7 +47,7 @@
+@@ -47,7 +47,7 @@ is a program that speaks the server side
to stdout and expects client requests from stdin.
.Nm
is not intended to be called directly, but from
@@ -85,7 +88,7 @@
using the
.Cm Subsystem
option.
-@@ -58,7 +58,7 @@
+@@ -58,7 +58,7 @@ should be specified in the
.Cm Subsystem
declaration.
See
@@ -94,7 +97,7 @@
for more information.
.Pp
Valid options are:
-@@ -71,7 +71,7 @@
+@@ -71,7 +71,7 @@ The pathname may contain the following t
and %u is replaced by the username of that user.
The default is to use the user's home directory.
This option is useful in conjunction with the
@@ -103,7 +106,13 @@
.Cm ChrootDirectory
option.
.It Fl e
-@@ -152,8 +152,8 @@
+@@ -147,13 +147,13 @@ must be able to access
+ for logging to work, and use of
+ .Nm
+ in a chroot configuration therefore requires that
+-.Xr syslogd 8
++.Xr syslogd 1M
+ establish a logging socket inside the chroot directory.
.Sh SEE ALSO
.Xr sftp 1 ,
.Xr ssh 1 ,
@@ -114,18 +123,19 @@
.Rs
.%A T. Ylonen
.%A S. Lehtinen
---- orig/ssh_config.5 Thu Feb 6 10:01:20 2014
-+++ new/ssh_config.5 Thu Mar 27 16:37:50 2014
+diff -rupN old/ssh_config.5 new/ssh_config.5
+--- old/ssh_config.5 2015-12-08 21:04:19.876611140 -0800
++++ new/ssh_config.5 2015-12-08 22:02:41.048804430 -0800
@@ -35,7 +35,7 @@
.\"
- .\" $OpenBSD: ssh_config.5,v 1.184 2014/01/19 04:48:08 djm Exp $
- .Dd $Mdocdate: January 19 2014 $
+ .\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $
+ .Dd $Mdocdate: August 14 2015 $
-.Dt SSH_CONFIG 5
+.Dt SSH_CONFIG 4
.Os
.Sh NAME
.Nm ssh_config
-@@ -503,7 +503,7 @@
+@@ -568,7 +568,7 @@ then the master connection will remain i
.Dq Fl O No exit
option).
If set to a time in seconds, or a time in any of the formats documented in
@@ -134,7 +144,25 @@
then the backgrounded master connection will automatically terminate
after it has remained idle (with no client connections) for the
specified time.
-@@ -622,7 +622,7 @@
+@@ -610,7 +610,7 @@ Setting this option to
+ in the global client configuration file
+ .Pa /etc/ssh/ssh_config
+ enables the use of the helper program
+-.Xr ssh-keysign 8
++.Xr ssh-keysign 1M
+ during
+ .Cm HostbasedAuthentication .
+ The argument must be
+@@ -621,7 +621,7 @@ The default is
+ .Dq no .
+ This option should be placed in the non-hostspecific section.
+ See
+-.Xr ssh-keysign 8
++.Xr ssh-keysign 1M
+ for more information.
+ .It Cm EscapeChar
+ Sets the escape character (default:
+@@ -695,7 +695,7 @@ option is also enabled.
Specify a timeout for untrusted X11 forwarding
using the format described in the
TIME FORMATS section of
@@ -143,7 +171,7 @@
X11 connections received by
.Xr ssh 1
after this time will be refused.
-@@ -689,7 +689,7 @@
+@@ -762,7 +762,7 @@ should hash host names and addresses whe
These hashed names may be used normally by
.Xr ssh 1
and
@@ -152,7 +180,16 @@
but they do not reveal identifying information should the file's contents
be disclosed.
The default is
-@@ -1122,7 +1122,7 @@
+@@ -1206,7 +1206,7 @@ by the remote user name.
+ The command can be basically anything,
+ and should read from its standard input and write to its standard output.
+ It should eventually connect an
+-.Xr sshd 8
++.Xr sshd 1M
+ server running on some machine, or execute
+ .Ic sshd -i
+ somewhere.
+@@ -1286,7 +1286,7 @@ depending on the cipher.
The optional second value is specified in seconds and may use any of the
units documented in the
TIME FORMATS section of
@@ -161,7 +198,7 @@
The default value for
.Cm RekeyLimit
is
-@@ -1166,7 +1166,7 @@
+@@ -1330,7 +1330,7 @@ Specifying a remote
will only succeed if the server's
.Cm GatewayPorts
option is enabled (see
@@ -170,7 +207,7 @@
.It Cm RequestTTY
Specifies whether to request a pseudo-tty for the session.
The argument may be one of:
-@@ -1218,7 +1218,7 @@
+@@ -1396,7 +1396,7 @@ pseudo-terminal is requested as it is re
Refer to
.Cm AcceptEnv
in
@@ -179,8 +216,18 @@
for how to configure the server.
Variables are specified by name, which may contain wildcard characters.
Multiple environment variables may be separated by whitespace or spread
---- orig/ssh-keysign.8 Thu Feb 6 10:01:20 2014
-+++ new/ssh-keysign.8 Thu Feb 6 10:13:05 2014
+@@ -1586,7 +1586,7 @@ Confirmation is currently incompatible w
+ and will be disabled if it is enabled.
+ .Pp
+ Presently, only
+-.Xr sshd 8
++.Xr sshd 1M
+ from OpenSSH 6.8 and greater support the
+ .Dq [email protected]
+ protocol extension used to inform the client of all the server's hostkeys.
+diff -rupN old/ssh-keysign.8 new/ssh-keysign.8
+--- old/ssh-keysign.8 2015-12-08 21:20:45.638888550 -0800
++++ new/ssh-keysign.8 2015-12-08 21:15:29.266139300 -0800
@@ -23,7 +23,7 @@
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
@@ -190,7 +237,7 @@
.Os
.Sh NAME
.Nm ssh-keysign
-@@ -52,7 +52,7 @@
+@@ -52,7 +52,7 @@ is not intended to be invoked by the use
See
.Xr ssh 1
and
@@ -199,7 +246,7 @@
for more information about host-based authentication.
.Sh FILES
.Bl -tag -width Ds -compact
-@@ -83,8 +83,8 @@
+@@ -83,8 +83,8 @@ information corresponding with the priva
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,
@@ -210,8 +257,9 @@
.Sh HISTORY
.Nm
first appeared in
---- orig/ssh-pkcs11-helper.8 Thu Feb 6 10:01:20 2014
-+++ new/ssh-pkcs11-helper.8 Thu Feb 6 10:14:40 2014
+diff -rupN old/ssh-pkcs11-helper.8 new/ssh-pkcs11-helper.8
+--- old/ssh-pkcs11-helper.8 2015-12-08 21:18:49.511938140 -0800
++++ new/ssh-pkcs11-helper.8 2015-12-08 21:16:10.866823750 -0800
@@ -15,7 +15,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
@@ -221,12 +269,13 @@
.Os
.Sh NAME
.Nm ssh-pkcs11-helper
---- orig/sshd_config.5 Thu Feb 6 10:01:20 2014
-+++ new/sshd_config.5 Thu Feb 6 10:17:21 2014
+diff -rupN old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5 2015-12-08 21:04:19.889738130 -0800
++++ new/sshd_config.5 2015-12-08 22:19:12.187929340 -0800
@@ -35,7 +35,7 @@
.\"
- .\" $OpenBSD: sshd_config.5,v 1.170 2013/12/08 09:53:27 dtucker Exp $
- .Dd $Mdocdate: December 8 2013 $
+ .\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $
+ .Dd $Mdocdate: August 14 2015 $
-.Dt SSHD_CONFIG 5
+.Dt SSHD_CONFIG 4
.Os
@@ -241,16 +290,16 @@
reads configuration data from
.Pa /etc/ssh/sshd_config
(or the file specified with
-@@ -68,7 +68,7 @@
+@@ -68,7 +68,7 @@ the session's
See
.Cm SendEnv
in
-.Xr ssh_config 5
+.Xr ssh_config 4
for how to configure the client.
- Note that environment passing is only supported for protocol 2.
- Variables are specified by name, which may contain the wildcard characters
-@@ -85,7 +85,7 @@
+ Note that environment passing is only supported for protocol 2, and
+ that the
+@@ -89,7 +89,7 @@ For this reason, care should be taken in
The default is not to accept any environment variables.
.It Cm AddressFamily
Specifies which address family should be used by
@@ -259,7 +308,7 @@
Valid arguments are
.Dq any ,
.Dq inet
-@@ -118,7 +118,7 @@
+@@ -122,7 +122,7 @@ and finally
.Cm AllowGroups .
.Pp
See PATTERNS in
@@ -268,7 +317,7 @@
for more information on patterns.
.It Cm AllowTcpForwarding
Specifies whether TCP forwarding is permitted.
-@@ -158,7 +158,7 @@
+@@ -182,7 +182,7 @@ and finally
.Cm AllowGroups .
.Pp
See PATTERNS in
@@ -277,16 +326,34 @@
for more information on patterns.
.It Cm AuthenticationMethods
Specifies the authentication methods that must be successfully completed
-@@ -202,7 +202,7 @@
- It will be invoked with a single argument of the username
- being authenticated, and should produce on standard output zero or
+@@ -217,7 +217,7 @@ device.
+ If the
+ .Dq publickey
+ method is listed more than once,
+-.Xr sshd 8
++.Xr sshd 1M
+ verifies that keys that have been used successfully are not reused for
+ subsequent authentications.
+ For example, an
+@@ -250,7 +250,7 @@ will be supplied.
+ .Pp
+ The program should produce on standard output zero or
more lines of authorized_keys output (see AUTHORIZED_KEYS in
-.Xr sshd 8 ) .
+.Xr sshd 1M ) .
If a key supplied by AuthorizedKeysCommand does not successfully authenticate
and authorize the user then public key authentication continues using the usual
.Cm AuthorizedKeysFile
-@@ -218,7 +218,7 @@
+@@ -265,7 +265,7 @@ If
+ is specified but
+ .Cm AuthorizedKeysCommandUser
+ is not, then
+-.Xr sshd 8
++.Xr sshd 1M
+ will refuse to start.
+ .It Cm AuthorizedKeysFile
+ Specifies the file that contains the public keys that can be used
+@@ -273,7 +273,7 @@ for user authentication.
The format is described in the
AUTHORIZED_KEYS FILE FORMAT
section of
@@ -295,7 +362,16 @@
.Cm AuthorizedKeysFile
may contain tokens of the form %T which are substituted during connection
setup.
-@@ -241,7 +241,7 @@
+@@ -321,7 +321,7 @@ If
+ is specified but
+ .Cm AuthorizedPrincipalsCommandUser
+ is not, then
+-.Xr sshd 8
++.Xr sshd 1M
+ will refuse to start.
+ .It Cm AuthorizedPrincipalsFile
+ Specifies a file that lists principal names that are accepted for
+@@ -332,7 +332,7 @@ this file lists names, one of which must
to be accepted for authentication.
Names are listed one per line preceded by key options (as described
in AUTHORIZED_KEYS FILE FORMAT in
@@ -304,7 +380,7 @@
Empty lines and comments starting with
.Ql #
are ignored.
-@@ -271,7 +271,7 @@
+@@ -362,7 +362,7 @@ and is not consulted for certification a
though the
.Cm principals=
key option offers a similar facility (see
@@ -313,16 +389,38 @@
for details).
.It Cm Banner
The contents of the specified file are sent to the remote user before
-@@ -294,7 +294,7 @@
- All components of the pathname must be root-owned directories that are
- not writable by any other user or group.
+@@ -383,11 +383,11 @@ Specifies the pathname of a directory to
+ .Xr chroot 2
+ to after authentication.
+ At session startup
+-.Xr sshd 8
++.Xr sshd 1M
+ checks that all components of the pathname are root-owned directories
+ which are not writable by any other user or group.
After the chroot,
-.Xr sshd 8
+.Xr sshd 1M
changes the working directory to the user's home directory.
.Pp
The pathname may contain the following tokens that are expanded at runtime once
-@@ -370,7 +370,7 @@
+@@ -419,14 +419,14 @@ in-process sftp server is used,
+ though sessions which use logging may require
+ .Pa /dev/log
+ inside the chroot directory on some operating systems (see
+-.Xr sftp-server 8
++.Xr sftp-server 1M
+ for details).
+ .Pp
+ For safety, it is very important that the directory hierarchy be
+ prevented from modification by other processes on the system (especially
+ those outside the jail).
+ Misconfiguration can lead to unsafe environments which
+-.Xr sshd 8
++.Xr sshd 1M
+ cannot detect.
+ .Pp
+ The default is not to
+@@ -490,7 +490,7 @@ with an argument of
.It Cm ClientAliveCountMax
Sets the number of client alive messages (see below) which may be
sent without
@@ -331,7 +429,7 @@
receiving any messages back from the client.
If this threshold is reached while client alive messages are being sent,
sshd will disconnect the client, terminating the session.
-@@ -397,7 +397,7 @@
+@@ -517,7 +517,7 @@ This option applies to protocol version
.It Cm ClientAliveInterval
Sets a timeout interval in seconds after which if no data has been received
from the client,
@@ -340,7 +438,7 @@
will send a message through the encrypted
channel to request a response from the client.
The default
-@@ -428,7 +428,7 @@
+@@ -548,7 +548,7 @@ and finally
.Cm AllowGroups .
.Pp
See PATTERNS in
@@ -349,16 +447,16 @@
for more information on patterns.
.It Cm DenyUsers
This keyword can be followed by a list of user name patterns, separated
-@@ -447,7 +447,7 @@
+@@ -567,7 +567,7 @@ and finally
.Cm AllowGroups .
.Pp
See PATTERNS in
-.Xr ssh_config 5
+.Xr ssh_config 4
for more information on patterns.
- .It Cm ForceCommand
- Forces the execution of the command specified by
-@@ -472,7 +472,7 @@
+ .It Cm FingerprintHash
+ Specifies the hash algorithm used when logging key fingerprints.
+@@ -600,7 +600,7 @@ files when used with
Specifies whether remote hosts are allowed to connect to ports
forwarded for the client.
By default,
@@ -367,7 +465,7 @@
binds remote port forwardings to the loopback address.
This prevents other remote hosts from connecting to forwarded ports.
.Cm GatewayPorts
-@@ -520,7 +520,7 @@
+@@ -686,7 +686,7 @@ files during
A setting of
.Dq yes
means that
@@ -376,7 +474,7 @@
uses the name supplied by the client rather than
attempting to resolve the name from the TCP connection itself.
The default is
-@@ -531,7 +531,7 @@
+@@ -697,7 +697,7 @@ The certificate's public key must match
by
.Cm HostKey .
The default behaviour of
@@ -385,16 +483,22 @@
is not to load any certificates.
.It Cm HostKey
Specifies a file containing a private host key
-@@ -546,7 +546,7 @@
- .Pa /etc/ssh/ssh_host_rsa_key
+@@ -713,12 +713,12 @@ and
for protocol version 2.
+ .Pp
Note that
-.Xr sshd 8
+.Xr sshd 1M
- will refuse to use a file if it is group/world-accessible.
+ will refuse to use a file if it is group/world-accessible
+ and that the
+ .Cm HostKeyAlgorithms
+ option restricts which of the keys are actually used by
+-.Xr sshd 8 .
++.Xr sshd 1M .
+ .Pp
It is possible to have multiple host key files.
.Dq rsa1
-@@ -587,7 +587,7 @@
+@@ -779,7 +779,7 @@ The default is
.Dq yes .
.It Cm IgnoreUserKnownHosts
Specifies whether
@@ -403,7 +507,7 @@
should ignore the user's
.Pa ~/.ssh/known_hosts
during
-@@ -681,7 +681,7 @@
+@@ -914,7 +914,7 @@ If the value is 0, the key is never rege
The default is 3600 (seconds).
.It Cm ListenAddress
Specifies the local addresses
@@ -412,7 +516,7 @@
should listen on.
The following forms may be used:
.Pp
-@@ -724,7 +724,7 @@
+@@ -954,7 +954,7 @@ If the value is 0, there is no time limi
The default is 120 seconds.
.It Cm LogLevel
Gives the verbosity level that is used when logging messages from
@@ -421,7 +525,7 @@
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
The default is INFO.
-@@ -776,7 +776,7 @@
+@@ -1059,7 +1059,7 @@ and
The match patterns may consist of single entries or comma-separated
lists and may use the wildcard and negation operators described in the
PATTERNS section of
@@ -430,7 +534,7 @@
.Pp
The patterns in an
.Cm Address
-@@ -856,7 +856,7 @@
+@@ -1148,7 +1148,7 @@ Alternatively, random early drop can be
the three colon separated values
.Dq start:rate:full
(e.g. "10:30:60").
@@ -439,7 +543,7 @@
will refuse connection attempts with a probability of
.Dq rate/100
(30%)
-@@ -969,7 +969,7 @@
+@@ -1268,7 +1268,7 @@ and
options in
.Pa ~/.ssh/authorized_keys
are processed by
@@ -448,7 +552,7 @@
The default is
.Dq no .
Enabling environment processing may enable users to bypass access
-@@ -982,7 +982,7 @@
+@@ -1289,7 +1289,7 @@ The default is
.Pa /var/run/sshd.pid .
.It Cm Port
Specifies the port number that
@@ -457,7 +561,7 @@
listens on.
The default is 22.
Multiple options of this type are permitted.
-@@ -990,7 +990,7 @@
+@@ -1297,14 +1297,14 @@ See also
.Cm ListenAddress .
.It Cm PrintLastLog
Specifies whether
@@ -465,9 +569,8 @@
+.Xr sshd 1M
should print the date and time of the last user login when a user logs
in interactively.
- The default is
-@@ -997,7 +997,7 @@
- .Dq yes .
+ On Solaris this option is always ignored since pam_unix_session(5)
+ reports the last login time.
.It Cm PrintMotd
Specifies whether
-.Xr sshd 8
@@ -475,7 +578,7 @@
should print
.Pa /etc/motd
when a user logs in interactively.
-@@ -1008,7 +1008,7 @@
+@@ -1315,7 +1315,7 @@ The default is
.Dq yes .
.It Cm Protocol
Specifies the protocol versions
@@ -484,8 +587,8 @@
supports.
The possible values are
.Sq 1
-@@ -1081,7 +1081,7 @@
- The minimum value is 512, and the default is 1024.
+@@ -1440,7 +1440,7 @@ The default is
+ .Dq no .
.It Cm StrictModes
Specifies whether
-.Xr sshd 8
@@ -493,7 +596,16 @@
should check file modes and ownership of the
user's files and home directory before accepting login.
This is normally desirable because novices sometimes accidentally leave their
-@@ -1115,7 +1115,7 @@
+@@ -1456,7 +1456,7 @@ Arguments should be a subsystem name and
+ to execute upon subsystem request.
+ .Pp
+ The command
+-.Xr sftp-server 8
++.Xr sftp-server 1M
+ implements the
+ .Dq sftp
+ file transfer subsystem.
+@@ -1474,7 +1474,7 @@ By default no subsystems are defined.
Note that this option applies to protocol version 2 only.
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
@@ -502,16 +614,16 @@
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
-@@ -1156,7 +1156,7 @@
+@@ -1517,7 +1517,7 @@ For more details on certificates, see th
.Xr ssh-keygen 1 .
.It Cm UseDNS
Specifies whether
-.Xr sshd 8
+.Xr sshd 1M
- should look up the remote host name and check that
+ should look up the remote host name, and to check that
the resolved host name for the remote IP address maps back to the
very same IP address.
-@@ -1201,13 +1201,13 @@
+@@ -1571,13 +1571,13 @@ or
If
.Cm UsePAM
is enabled, you will not be able to run
@@ -527,7 +639,7 @@
separates privileges by creating an unprivileged child process
to deal with incoming network traffic.
After successful authentication, another process will be created that has
-@@ -1229,7 +1229,7 @@
+@@ -1599,7 +1599,7 @@ The default is
.Dq none .
.It Cm X11DisplayOffset
Specifies the first display number available for
@@ -536,7 +648,7 @@
X11 forwarding.
This prevents sshd from interfering with real X11 servers.
The default is 10.
-@@ -1244,7 +1244,7 @@
+@@ -1614,7 +1614,7 @@ The default is
.Pp
When X11 forwarding is enabled, there may be additional exposure to
the server and to client displays if the
@@ -545,7 +657,7 @@
proxy display is configured to listen on the wildcard address (see
.Cm X11UseLocalhost
below), though this is not the default.
-@@ -1255,7 +1255,7 @@
+@@ -1625,7 +1625,7 @@ display server may be exposed to attack
forwarding (see the warnings for
.Cm ForwardX11
in
@@ -554,7 +666,7 @@
A system administrator may have a stance in which they want to
protect clients that may expose themselves to attack by unwittingly
requesting X11 forwarding, which can warrant a
-@@ -1269,7 +1269,7 @@
+@@ -1639,7 +1639,7 @@ X11 forwarding is automatically disabled
is enabled.
.It Cm X11UseLocalhost
Specifies whether
@@ -563,7 +675,7 @@
should bind the X11 forwarding server to the loopback address or to
the wildcard address.
By default,
-@@ -1300,7 +1300,7 @@
+@@ -1672,7 +1672,7 @@ The default is
.Pa /usr/X11R6/bin/xauth .
.El
.Sh TIME FORMATS
@@ -572,7 +684,7 @@
command-line arguments and configuration file options that specify time
may be expressed using a sequence of the form:
.Sm off
-@@ -1344,12 +1344,12 @@
+@@ -1716,12 +1716,12 @@ Time format examples:
.Bl -tag -width Ds
.It Pa /etc/ssh/sshd_config
Contains configuration data for
@@ -587,19 +699,19 @@
.Xr pam_unix_session 5
.Sh AUTHORS
OpenSSH is a derivative of the original and free
- ssh 1.2.12 release by Tatu Ylonen.
---- orig/sshd.8 Thu Feb 6 10:01:20 2014
-+++ new/sshd.8 Thu Feb 6 10:22:35 2014
+diff -rupN old/sshd.8 new/sshd.8
+--- old/sshd.8 2015-12-08 21:04:19.894093050 -0800
++++ new/sshd.8 2015-12-08 22:08:55.024892200 -0800
@@ -35,7 +35,7 @@
.\"
- .\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $
- .Dd $Mdocdate: December 7 2013 $
+ .\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $
+ .Dd $Mdocdate: July 3 2015 $
-.Dt SSHD 8
+.Dt SSHD 1M
.Os
.Sh NAME
.Nm sshd
-@@ -80,7 +80,7 @@
+@@ -77,7 +77,7 @@ and data exchange.
.Nm
can be configured using command-line options or a configuration file
(by default
@@ -608,7 +720,7 @@
command-line options override values specified in the
configuration file.
.Nm
-@@ -210,7 +210,7 @@
+@@ -204,7 +204,7 @@ Can be used to give options in the forma
This is useful for specifying options for which there is no separate
command-line flag.
For full details of the options, and their values, see
@@ -617,16 +729,16 @@
.It Fl p Ar port
Specifies the port on which the server listens for connections
(default 22).
-@@ -280,7 +280,7 @@
+@@ -274,7 +274,7 @@ The default is to use protocol 2 only,
though this can be changed via the
.Cm Protocol
option in
-.Xr sshd_config 5 .
+.Xr sshd_config 4 .
- Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
+ Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
protocol 1 only supports RSA keys.
For both protocols,
-@@ -405,7 +405,7 @@
+@@ -399,14 +399,14 @@ if it exists, and users are allowed to c
See the
.Cm PermitUserEnvironment
option in
@@ -635,7 +747,15 @@
.It
Changes to user's home directory.
.It
-@@ -550,7 +550,7 @@
+ If
+ .Pa ~/.ssh/rc
+ exists and the
+-.Xr sshd_config 5
++.Xr sshd_config 4
+ .Cm PermitUserRC
+ option is set, runs it; else if
+ .Pa /etc/ssh/sshrc
+@@ -549,7 +549,7 @@ The command originally supplied by the c
environment variable.
Note that this option applies to shell, command or subsystem execution.
Also note that this command may be superseded by either a
@@ -644,25 +764,7 @@
.Cm ForceCommand
directive or a command embedded in a certificate.
.It Cm environment="NAME=value"
-@@ -571,7 +571,7 @@
- name of the remote host or its IP address must be present in the
- comma-separated list of patterns.
- See PATTERNS in
--.Xr ssh_config 5
-+.Xr ssh_config 4
- for more information on patterns.
- .Pp
- In addition to the wildcard matching that may be applied to hostnames or
-@@ -865,7 +865,7 @@
- .It Pa /etc/moduli
- Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
- The file format is described in
--.Xr moduli 5 .
-+.Xr moduli 4 .
- .Pp
- .It Pa /etc/motd
- See
-@@ -926,7 +926,7 @@
+@@ -919,7 +919,7 @@ should be world-readable.
Contains configuration data for
.Nm sshd .
The file format and configuration options are described in
@@ -671,9 +773,11 @@
.Pp
.It Pa /etc/ssh/sshrc
Similar to
-@@ -962,10 +962,10 @@
+@@ -953,11 +953,12 @@ The content of this file is not sensitiv
+ .Xr ssh-keygen 1 ,
+ .Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
- .Xr hosts_access 5 ,
++.Xr hosts_access 5 ,
.Xr login.conf 5 ,
-.Xr moduli 5 ,
-.Xr sshd_config 5 ,
--- a/components/openssh/patches/008-deprecate_sunssh_opt.patch Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/patches/008-deprecate_sunssh_opt.patch Mon Jan 25 10:57:40 2016 -0800
@@ -6,10 +6,26 @@
# changed from deprecated to supported. Since this is for Solaris only, we will
# not contribute back this change to the upstream community.
#
---- orig/readconf.c Fri May 23 09:56:00 2014
-+++ new/readconf.c Fri May 23 09:59:57 2014
-@@ -268,6 +268,25 @@
- { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
+diff -pur old/readconf.c new/readconf.c
+--- old/readconf.c
++++ new/readconf.c
+@@ -192,10 +192,14 @@ static struct {
+ { "afstokenpassing", oUnsupported },
+ #if defined(GSSAPI)
+ { "gssapiauthentication", oGssAuthentication },
++ { "gssauthentication", oGssAuthentication }, /* alias */
+ { "gssapidelegatecredentials", oGssDelegateCreds },
++ { "gssdelegatecreds", oGssDelegateCreds }, /* alias */
+ #else
+ { "gssapiauthentication", oUnsupported },
++ { "gssauthentication", oUnsupported },
+ { "gssapidelegatecredentials", oUnsupported },
++ { "gssdelegatecreds", oUnsupported },
+ #endif
+ { "fallbacktorsh", oDeprecated },
+ { "usersh", oDeprecated },
+@@ -279,6 +283,24 @@ static struct {
+ { "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
{ "ignoreunknown", oIgnoreUnknown },
+#ifdef DEPRECATE_SUNSSH_OPT
@@ -23,7 +39,6 @@
+ * smoother. If a deprecated SunSSH-only option is migrated to OpenSSH
+ * later, then it will be changed from deprecated to supported.
+ */
-+ { "gssapikeyexchange", oDeprecated },
+ { "kmfpolicydatabase", oDeprecated },
+ { "kmfpolicyname", oDeprecated },
+ { "trustedanchorkeystore", oDeprecated },
--- a/components/openssh/patches/010-gss_store_cred.patch Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/patches/010-gss_store_cred.patch Mon Jan 25 10:57:40 2016 -0800
@@ -16,9 +16,10 @@
# The patch is implemented as Solaris-specific using USE_GSS_STORE_CRED
# and GSSAPI_STORECREDS_NEEDS_RUID macros.
#
---- orig/config.h.in Fri Mar 21 11:42:17 2014
-+++ new/config.h.in Fri Mar 21 11:46:26 2014
-@@ -1616,6 +1616,12 @@
+diff -pur old/config.h.in new/config.h.in
+--- old/config.h.in
++++ new/config.h.in
+@@ -1623,6 +1623,12 @@
/* Use btmp to log bad logins */
#undef USE_BTMP
@@ -31,9 +32,10 @@
/* Use libedit for sftp */
#undef USE_LIBEDIT
---- orig/configure Fri Mar 21 11:42:24 2014
-+++ new/configure Fri Mar 21 11:49:51 2014
-@@ -7797,6 +7797,9 @@
+diff -pur old/configure new/configure
+--- old/configure
++++ new/configure
+@@ -10944,6 +10944,9 @@ fi
fi
@@ -43,9 +45,10 @@
TEST_SHELL=$SHELL # let configure find us a capable shell
;;
*-*-sunos4*)
---- orig/configure.ac Fri Mar 21 11:42:28 2014
-+++ new/configure.ac Fri Mar 21 16:32:28 2014
-@@ -866,6 +866,8 @@
+diff -pur old/configure.ac new/configure.ac
+--- old/configure.ac
++++ new/configure.ac
+@@ -910,6 +910,8 @@ mips-sony-bsd|mips-sony-newsos4)
],
)
TEST_SHELL=$SHELL # let configure find us a capable shell
@@ -54,9 +57,10 @@
;;
*-*-sunos4*)
CPPFLAGS="$CPPFLAGS -DSUNOS4"
---- orig/gss-serv-krb5.c Fri Mar 21 11:42:46 2014
-+++ new/gss-serv-krb5.c Fri Mar 21 11:54:48 2014
-@@ -109,7 +109,7 @@
+diff -pur old/gss-serv-krb5.c new/gss-serv-krb5.c
+--- old/gss-serv-krb5.c
++++ new/gss-serv-krb5.c
+@@ -110,7 +110,7 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client
return retval;
}
@@ -65,7 +69,7 @@
/* This writes out any forwarded credentials from the structure populated
* during userauth. Called after we have setuid to the user */
-@@ -195,6 +195,7 @@
+@@ -196,6 +196,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
return;
}
@@ -73,7 +77,7 @@
ssh_gssapi_mech gssapi_kerberos_mech = {
"toWM5Slw5Ew8Mqkay+al2g==",
-@@ -203,7 +204,11 @@
+@@ -204,7 +205,11 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
NULL,
&ssh_gssapi_krb5_userok,
NULL,
@@ -85,9 +89,10 @@
};
#endif /* KRB5 */
---- orig/gss-serv.c Fri Mar 21 11:42:53 2014
-+++ new/gss-serv.c Fri Mar 21 15:59:43 2014
-@@ -292,6 +292,9 @@
+diff -pur old/gss-serv.c new/gss-serv.c
+--- old/gss-serv.c
++++ new/gss-serv.c
+@@ -320,22 +320,66 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_g
void
ssh_gssapi_cleanup_creds(void)
{
@@ -97,7 +102,6 @@
if (gssapi_client.store.filename != NULL) {
/* Unlink probably isn't sufficient */
debug("removing gssapi cred file\"%s\"",
-@@ -298,6 +301,7 @@
gssapi_client.store.filename);
unlink(gssapi_client.store.filename);
}
@@ -105,7 +109,6 @@
}
/* As user */
-@@ -304,10 +308,50 @@
void
ssh_gssapi_storecreds(void)
{
@@ -156,23 +159,36 @@
}
/* This allows GSSAPI methods to do things to the childs environment based
---- orig/servconf.c Fri Mar 21 11:43:02 2014
-+++ new/servconf.c Fri Mar 21 16:02:54 2014
-@@ -409,7 +409,11 @@
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c
++++ new/servconf.c
+@@ -489,7 +489,11 @@ static struct {
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+- { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
+#ifdef USE_GSS_STORE_CRED
+ { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+#else /* USE_GSS_STORE_CRED */
- { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
++ { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
+#endif /* USE_GSS_STORE_CRED */
+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
- { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
---- orig/sshd.c Fri Mar 21 11:43:08 2014
-+++ new/sshd.c Mon Mar 24 15:05:30 2014
-@@ -2126,9 +2126,23 @@
+@@ -2264,7 +2268,9 @@ dump_config(ServerOptions *o)
+ #endif
+ #ifdef GSSAPI
+ dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
++#ifndef USE_GSS_STORE_CRED
+ dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
++#endif /* !USE_GSS_STORE_CRED */
+ #endif
+ dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
+ dump_cfg_fmtint(sKbdInteractiveAuthentication,
+diff -pur old/sshd.c new/sshd.c
+--- old/sshd.c
++++ new/sshd.c
+@@ -2228,9 +2228,23 @@ main(int ac, char **av)
#ifdef GSSAPI
if (options.gss_authentication) {
--- a/components/openssh/patches/011-useprivilegedport_regression.patch Thu Jan 14 09:14:14 2016 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-#
-# This is to fix a regression in OpenSSH6.5p1 for UsePrivilegedPort=yes. The
-# bug fix code came from OpenSSH.org. When we upgrade OpenSSH to version 6.6
-# or later, we will remove this patch file.
-#
---- orig/sshconnect.c Mon Feb 10 13:56:07 2014
-+++ new/sshconnect.c Mon Feb 10 17:10:54 2014
-@@ -269,7 +269,7 @@
- ssh_create_socket(int privileged, struct addrinfo *ai)
- {
- int sock, r, gaierr;
-- struct addrinfo hints, *res;
-+ struct addrinfo hints, *res = NULL;
-
- sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
- if (sock < 0) {
-@@ -282,17 +282,19 @@
- if (options.bind_address == NULL && !privileged)
- return sock;
-
-- memset(&hints, 0, sizeof(hints));
-- hints.ai_family = ai->ai_family;
-- hints.ai_socktype = ai->ai_socktype;
-- hints.ai_protocol = ai->ai_protocol;
-- hints.ai_flags = AI_PASSIVE;
-- gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
-- if (gaierr) {
-+ if (options.bind_address) {
-+ memset(&hints, 0, sizeof(hints));
-+ hints.ai_family = ai->ai_family;
-+ hints.ai_socktype = ai->ai_socktype;
-+ hints.ai_protocol = ai->ai_protocol;
-+ hints.ai_flags = AI_PASSIVE;
-+ gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
-+ if (gaierr) {
- error("getaddrinfo: %s: %s", options.bind_address,
- ssh_gai_strerror(gaierr));
- close(sock);
- return -1;
-+ }
- }
- /*
- * If we are running as root and want to connect to a privileged
-@@ -300,7 +302,7 @@
- */
- if (privileged) {
- PRIV_START;
-- r = bindresvport_sa(sock, res->ai_addr);
-+ r = bindresvport_sa(sock, res ? res->ai_addr : NULL);
- PRIV_END;
- if (r < 0) {
- error("bindresvport_sa: af=%d %s", ai->ai_family,
-@@ -317,7 +319,8 @@
- return -1;
- }
- }
-- freeaddrinfo(res);
-+ if (res != NULL)
-+ freeaddrinfo(res);
- return sock;
- }
-
--- a/components/openssh/patches/012-acceptenv.patch Thu Jan 14 09:14:14 2016 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-#
-# This is to fix a security bug (CVE-2014-2532) when using environment passing
-# with a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6
-# could be tricked into accepting any enviornment variable that contains the
-# characters before the wildcard character. The bug fix code came from
-# OpenSSH.org. When we upgrade OpenSSH to version 6.6 or later, we will remove
-# this patch file.
-#
---- orig/session.c Tue Mar 18 18:37:57 2014
-+++ new/session.c Tue Mar 18 18:41:17 2014
-@@ -978,6 +978,11 @@
- u_int envsize;
- u_int i, namelen;
-
-+ if (strchr(name, '=') != NULL) {
-+ error("Invalid environment variable \"%.100s\"", name);
-+ return;
-+ }
-+
- /*
- * If we're passed an uninitialized list, allocate a single null
- * entry before continuing.
-@@ -2225,8 +2230,8 @@
- char *name, *val;
- u_int name_len, val_len, i;
-
-- name = packet_get_string(&name_len);
-- val = packet_get_string(&val_len);
-+ name = packet_get_cstring(&name_len);
-+ val = packet_get_cstring(&val_len);
- packet_check_eom();
-
- /* Don't set too many environment variables */
--- a/components/openssh/patches/014-disable_banner.patch Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/patches/014-disable_banner.patch Mon Jan 25 10:57:40 2016 -0800
@@ -6,31 +6,30 @@
# In the future, if this feature is accepted by the upsteam in a later release,
# we will remove this patch when we upgrade to that release.
#
---- orig/readconf.c Wed May 21 15:04:21 2014
-+++ new/readconf.c Wed May 28 11:56:04 2014
-@@ -148,7 +148,11 @@
+diff -pur old/readconf.c new/readconf.c
+--- old/readconf.c 2015-03-28 21:57:35.551727235 +0100
++++ new/readconf.c 2015-03-28 22:06:01.694836272 +0100
+@@ -150,6 +150,9 @@ typedef enum {
+ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+ oSendEnv, oControlPath, oControlMaster, oControlPersist,
+ oHashKnownHosts,
++#ifdef DISABLE_BANNER
++ oDisableBanner,
++#endif
+ oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+ oVisualHostKey, oUseRoaming,
oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
- oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
- oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
-+#ifdef DISABLE_BANNER
-+ oDisableBanner, oIgnoredUnknownOption, oDeprecated, oUnsupported
-+#else
- oIgnoredUnknownOption, oDeprecated, oUnsupported
-+#endif
- } OpCodes;
-
- /* Textual representations of the tokens. */
-@@ -266,6 +270,9 @@
- { "canonicalizehostname", oCanonicalizeHostname },
- { "canonicalizemaxdots", oCanonicalizeMaxDots },
- { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
+@@ -254,6 +257,9 @@ static struct {
+ { "controlmaster", oControlMaster },
+ { "controlpersist", oControlPersist },
+ { "hashknownhosts", oHashKnownHosts },
+#ifdef DISABLE_BANNER
+ { "disablebanner", oDisableBanner },
+#endif
- { "ignoreunknown", oIgnoreUnknown },
-
- { NULL, oBadOption }
-@@ -682,6 +689,17 @@
+ { "tunnel", oTunnel },
+ { "tunneldevice", oTunnelDevice },
+ { "localcommand", oLocalCommand },
+@@ -754,6 +760,17 @@ static const struct multistate multistat
{ NULL, -1 }
};
@@ -48,9 +47,9 @@
/*
* Processes a single option line as used in the configuration files. This
* only sets those values that have not already been set.
-@@ -1392,6 +1410,13 @@
- intptr = &options->canonicalize_fallback_local;
- goto parse_flag;
+@@ -1514,6 +1531,13 @@ parse_int:
+ *charptr = xstrdup(arg);
+ break;
+#ifdef DISABLE_BANNER
+ case oDisableBanner:
@@ -62,7 +61,7 @@
case oDeprecated:
debug("%s line %d: Deprecated option \"%s\"",
filename, linenum, keyword);
-@@ -1554,6 +1579,9 @@
+@@ -1684,6 +1708,9 @@ initialize_options(Options * options)
options->ip_qos_bulk = -1;
options->request_tty = -1;
options->proxy_use_fdpass = -1;
@@ -72,23 +71,22 @@
options->ignored_unknown = NULL;
options->num_canonical_domains = 0;
options->num_permitted_cnames = 0;
-@@ -1721,6 +1749,12 @@
+@@ -1871,6 +1898,10 @@ fill_default_options(Options * options)
options->canonicalize_fallback_local = 1;
if (options->canonicalize_hostname == -1)
options->canonicalize_hostname = SSH_CANONICALISE_NO;
-+
+#ifdef DISABLE_BANNER
+ if (options->disable_banner == -1)
+ options->disable_banner = 0;
+#endif
-+
- #define CLEAR_ON_NONE(v) \
- do { \
- if (v != NULL && strcasecmp(v, "none") == 0) { \
---- orig/readconf.h Wed May 21 15:04:35 2014
-+++ new/readconf.h Wed May 28 11:08:53 2014
-@@ -155,6 +155,9 @@
- struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
+ if (options->fingerprint_hash == -1)
+ options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+ if (options->update_hostkeys == -1)
+diff -pur old/readconf.h new/readconf.h
+--- old/readconf.h 2015-03-17 06:49:20.000000000 +0100
++++ new/readconf.h 2015-03-28 21:57:35.684348892 +0100
+@@ -153,6 +153,9 @@ typedef struct {
+ char *hostbased_key_types;
char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
+#ifdef DISABLE_BANNER
@@ -97,9 +95,9 @@
} Options;
#define SSH_CANONICALISE_NO 0
-@@ -175,6 +178,12 @@
- #define SSHCONF_CHECKPERM 1 /* check permissions on config file */
- #define SSHCONF_USERCONF 2 /* user provided config file not system */
+@@ -178,6 +181,12 @@ typedef struct {
+ #define SSH_UPDATE_HOSTKEYS_YES 1
+ #define SSH_UPDATE_HOSTKEYS_ASK 2
+#ifdef DISABLE_BANNER
+#define SSH_DISABLEBANNER_NO 0
@@ -109,10 +107,11 @@
+
void initialize_options(Options *);
void fill_default_options(Options *);
- int process_config_line(Options *, struct passwd *, const char *, char *,
---- orig/ssh_config.5 Thu May 22 15:05:04 2014
-+++ new/ssh_config.5 Fri May 23 09:36:52 2014
-@@ -507,6 +507,14 @@
+ void fill_default_options_for_canonicalization(Options *);
+diff -pur old/ssh_config.5 new/ssh_config.5
+--- old/ssh_config.5 2015-03-28 21:57:35.544033907 +0100
++++ new/ssh_config.5 2015-03-28 21:57:35.684635985 +0100
+@@ -566,6 +566,14 @@ If set to a time in seconds, or a time i
then the backgrounded master connection will automatically terminate
after it has remained idle (with no client connections) for the
specified time.
@@ -127,9 +126,10 @@
.It Cm DynamicForward
Specifies that a TCP port on the local machine be forwarded
over the secure channel, and the application
---- orig/sshconnect2.c Wed May 21 15:05:27 2014
-+++ new/sshconnect2.c Thu May 29 17:33:56 2014
-@@ -82,6 +82,10 @@
+diff -pur old/sshconnect2.c new/sshconnect2.c
+--- old/sshconnect2.c 2015-03-17 06:49:20.000000000 +0100
++++ new/sshconnect2.c 2015-03-28 21:57:35.684940995 +0100
+@@ -81,6 +81,10 @@ extern char *client_version_string;
extern char *server_version_string;
extern Options options;
@@ -140,7 +140,7 @@
/*
* SSH2 key exchange
*/
-@@ -480,7 +484,20 @@
+@@ -480,7 +484,20 @@ input_userauth_banner(int type, u_int32_
debug3("input_userauth_banner");
raw = packet_get_string(&len);
lang = packet_get_string(NULL);
--- a/components/openssh/patches/016-pam_enhancement.patch Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/patches/016-pam_enhancement.patch Mon Jan 25 10:57:40 2016 -0800
@@ -9,9 +9,10 @@
# In the future, if these enhancements are accepted by the upsteam in a
# later release, we will remove this patch when we upgrade to that release.
#
---- orig/auth-pam.c Mon Jan 26 18:02:09 2015
-+++ new/auth-pam.c Mon Mar 30 15:24:11 2015
-@@ -617,6 +617,72 @@
+diff -pur old/auth-pam.c new/auth-pam.c
+--- old/auth-pam.c 2015-04-28 06:15:57.335765454 -0700
++++ new/auth-pam.c 2015-04-28 06:15:57.417753483 -0700
+@@ -617,6 +617,72 @@ sshpam_cleanup(void)
sshpam_handle = NULL;
}
@@ -84,7 +85,7 @@
static int
sshpam_init(Authctxt *authctxt)
{
-@@ -624,18 +690,71 @@
+@@ -624,18 +690,71 @@ sshpam_init(Authctxt *authctxt)
const char *pam_rhost, *pam_user, *user = authctxt->user;
const char **ptr_pam_user = &pam_user;
@@ -146,31 +147,33 @@
+#ifdef PAM_ENHANCEMENT
+ debug3("Starting PAM service %s for user %s method %s", svc, user,
+ authctxt->authmethod_name);
- sshpam_err =
++ sshpam_err =
+ pam_start(svc, user, &store_conv, &sshpam_handle);
+ free(svc);
+#else /* Original */
-+ sshpam_err =
+ sshpam_err =
pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);
+#endif
sshpam_authctxt = authctxt;
if (sshpam_err != PAM_SUCCESS) {
---- orig/auth.h Mon Jan 26 18:02:11 2015
-+++ new/auth.h Mon Jan 26 18:02:11 2015
-@@ -76,6 +76,9 @@
- #endif
- Buffer *loginmsg;
- void *methoddata;
+diff -pur old/auth.h new/auth.h
+--- old/auth.h 2015-03-16 22:49:20.000000000 -0700
++++ new/auth.h 2015-04-28 06:18:25.719914272 -0700
+@@ -81,6 +81,9 @@ struct Authctxt {
+
+ struct sshkey **prev_userkeys;
+ u_int nprev_userkeys;
+#ifdef PAM_ENHANCEMENT
+ char *authmethod_name;
+#endif
};
/*
* Every authentication method has to handle authentication requests for
---- orig/auth2.c Mon Jan 26 18:02:10 2015
-+++ new/auth2.c Tue Mar 31 15:19:10 2015
-@@ -249,10 +249,21 @@
+diff -pur old/auth2.c new/auth2.c
+--- old/auth2.c 2015-03-16 22:49:20.000000000 -0700
++++ new/auth2.c 2015-04-28 06:15:57.419262466 -0700
+@@ -243,10 +243,21 @@ input_userauth_request(int type, u_int32
PRIVSEP(audit_event(SSH_INVALID_USER));
#endif
}
@@ -192,7 +195,7 @@
setproctitle("%s%s", authctxt->valid ? user : "unknown",
use_privsep ? " [net]" : "");
authctxt->service = xstrdup(service);
-@@ -286,6 +297,18 @@
+@@ -277,6 +288,18 @@ input_userauth_request(int type, u_int32
/* try to authenticate user */
m = authmethod_lookup(authctxt, method);
if (m != NULL && authctxt->failures < options.max_authtries) {
@@ -211,7 +214,7 @@
debug2("input_userauth_request: try method %s", method);
authenticated = m->userauth(authctxt);
}
-@@ -303,6 +326,10 @@
+@@ -295,6 +318,10 @@ userauth_finish(Authctxt *authctxt, int
char *methods;
int partial = 0;
@@ -222,7 +225,7 @@
if (!authctxt->valid && authenticated)
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
-@@ -319,6 +346,25 @@
+@@ -311,6 +338,25 @@ userauth_finish(Authctxt *authctxt, int
}
if (authenticated && options.num_auth_methods != 0) {
@@ -248,7 +251,7 @@
if (!auth2_update_methods_lists(authctxt, method, submethod)) {
authenticated = 0;
partial = 1;
-@@ -332,7 +378,20 @@
+@@ -324,7 +370,20 @@ userauth_finish(Authctxt *authctxt, int
return;
#ifdef USE_PAM
@@ -269,42 +272,16 @@
if (!PRIVSEP(do_pam_account())) {
/* if PAM returned a message, send it to the user */
if (buffer_len(&loginmsg) > 0) {
-@@ -623,5 +682,3 @@
+@@ -615,5 +674,3 @@ auth2_update_methods_lists(Authctxt *aut
fatal("%s: method not in AuthenticationMethods", __func__);
return 0;
}
-
-
---- orig/monitor_wrap.c Mon Jan 26 18:02:09 2015
-+++ new/monitor_wrap.c Mon Jan 26 18:02:11 2015
-@@ -338,6 +338,24 @@
- buffer_free(&m);
- }
-
-+#ifdef PAM_ENHANCEMENT
-+/* Inform the privileged process about the authentication method */
-+void
-+mm_inform_authmethod(char *authmethod)
-+{
-+ Buffer m;
-+
-+ debug3("%s entering", __func__);
-+
-+ buffer_init(&m);
-+ buffer_put_cstring(&m, authmethod);
-+
-+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHMETHOD, &m);
-+
-+ buffer_free(&m);
-+}
-+#endif
-+
- /* Do the password authentication */
- int
- mm_auth_password(Authctxt *authctxt, char *password)
---- orig/monitor.c Mon Jan 26 18:02:10 2015
-+++ new/monitor.c Tue Mar 31 16:10:50 2015
-@@ -146,6 +146,9 @@
+diff -pur old/monitor.c new/monitor.c
+--- old/monitor.c 2015-03-16 22:49:20.000000000 -0700
++++ new/monitor.c 2015-04-28 06:15:57.421294814 -0700
+@@ -127,6 +127,9 @@ int mm_answer_sign(int, Buffer *);
int mm_answer_pwnamallow(int, Buffer *);
int mm_answer_auth2_read_banner(int, Buffer *);
int mm_answer_authserv(int, Buffer *);
@@ -314,7 +291,7 @@
int mm_answer_authpassword(int, Buffer *);
int mm_answer_bsdauthquery(int, Buffer *);
int mm_answer_bsdauthrespond(int, Buffer *);
-@@ -225,10 +228,17 @@
+@@ -206,10 +209,17 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
{MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
{MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -332,7 +309,7 @@
{MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
{MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
{MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
-@@ -391,6 +401,24 @@
+@@ -371,6 +381,24 @@ monitor_child_preauth(Authctxt *_authctx
if (!compat20)
fatal("AuthenticationMethods is not supported"
"with SSH protocol 1");
@@ -357,7 +334,7 @@
if (authenticated &&
!auth2_update_methods_lists(authctxt,
auth_method, auth_submethod)) {
-@@ -409,8 +437,21 @@
+@@ -389,8 +417,21 @@ monitor_child_preauth(Authctxt *_authctx
!auth_root_allowed(auth_method))
authenticated = 0;
#ifdef USE_PAM
@@ -379,7 +356,7 @@
Buffer m;
buffer_init(&m);
-@@ -828,6 +869,10 @@
+@@ -863,6 +904,10 @@ mm_answer_pwnamallow(int sock, Buffer *m
/* Allow service/style information on the auth context */
monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
@@ -390,12 +367,12 @@
}
#ifdef USE_PAM
if (options.use_pam)
-@@ -868,7 +913,25 @@
+@@ -903,6 +948,24 @@ mm_answer_authserv(int sock, Buffer *m)
return (0);
}
+#ifdef PAM_ENHANCEMENT
- int
++int
+mm_answer_authmethod(int sock, Buffer *m)
+{
+ monitor_permit_authentications(1);
@@ -412,13 +389,13 @@
+}
+#endif
+
-+int
+ int
mm_answer_authpassword(int sock, Buffer *m)
{
- static int call_count;
---- orig/monitor.h Mon Jan 26 18:02:10 2015
-+++ new/monitor.h Mon Jan 26 18:02:11 2015
-@@ -70,6 +70,9 @@
+diff -pur old/monitor.h new/monitor.h
+--- old/monitor.h 2015-03-16 22:49:20.000000000 -0700
++++ new/monitor.h 2015-04-28 06:15:57.421684373 -0700
+@@ -65,6 +65,9 @@ enum monitor_reqtype {
MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111,
MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113,
@@ -428,12 +405,41 @@
};
struct mm_master;
---- orig/servconf.c Mon Jan 26 18:02:09 2015
-+++ new/servconf.c Tue Mar 31 16:24:59 2015
-@@ -154,6 +154,18 @@
- options->ip_qos_interactive = -1;
+diff -pur old/monitor_wrap.c new/monitor_wrap.c
+--- old/monitor_wrap.c 2015-03-16 22:49:20.000000000 -0700
++++ new/monitor_wrap.c 2015-04-28 06:15:57.419906674 -0700
+@@ -347,6 +347,24 @@ mm_inform_authserv(char *service, char *
+ buffer_free(&m);
+ }
+
++#ifdef PAM_ENHANCEMENT
++/* Inform the privileged process about the authentication method */
++void
++mm_inform_authmethod(char *authmethod)
++{
++ Buffer m;
++
++ debug3("%s entering", __func__);
++
++ buffer_init(&m);
++ buffer_put_cstring(&m, authmethod);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHMETHOD, &m);
++
++ buffer_free(&m);
++}
++#endif
++
+ /* Do the password authentication */
+ int
+ mm_auth_password(Authctxt *authctxt, char *password)
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c 2015-04-28 06:15:57.300968063 -0700
++++ new/servconf.c 2015-04-28 06:27:06.330272555 -0700
+@@ -163,6 +163,18 @@ initialize_server_options(ServerOptions
options->ip_qos_bulk = -1;
options->version_addendum = NULL;
+ options->fingerprint_hash = -1;
+#ifdef PAM_ENHANCEMENT
+ options->pam_service_name = NULL;
+ options->pam_service_prefix = NULL;
@@ -444,48 +450,48 @@
+ * is not compat20, then there will be only one PAM service for the
+ * entire user authentication.
+ */
-+ options->pam_service_per_authmethod = 1;
++ options->pam_service_per_authmethod = 1;
+#endif
}
- void
-@@ -303,6 +315,12 @@
+ /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
+@@ -332,6 +344,12 @@ fill_default_server_options(ServerOption
options->ip_qos_bulk = IPTOS_THROUGHPUT;
if (options->version_addendum == NULL)
options->version_addendum = xstrdup("");
+
+#ifdef PAM_ENHANCEMENT
-+ if (options->pam_service_prefix == NULL)
-+ options->pam_service_prefix = _SSH_PAM_SERVICE_PREFIX;
++ if (options->pam_service_prefix == NULL)
++ options->pam_service_prefix = _SSH_PAM_SERVICE_PREFIX;
+#endif
+
- /* Turn privilege separation on by default */
- if (use_privsep == -1)
- use_privsep = PRIVSEP_NOSANDBOX;
-@@ -351,6 +369,9 @@
- sKexAlgorithms, sIPQoS, sVersionAddendum,
- sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
- sAuthenticationMethods, sHostKeyAgent,
+ if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
+ options->fwd_opts.streamlocal_bind_mask = 0177;
+ if (options->fwd_opts.streamlocal_bind_unlink == -1)
+@@ -400,6 +418,9 @@ typedef enum {
+ sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ sUsePrivilegeSeparation, sAllowAgentForwarding,
+ sHostCertificate,
+#ifdef PAM_ENHANCEMENT
+ sPAMServicePrefix, sPAMServiceName,
+#endif
- sDeprecated, sUnsupported
- } ServerOpCodes;
-
-@@ -482,6 +503,10 @@
- { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
- { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
- { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sKexAlgorithms, sIPQoS, sVersionAddendum,
+ sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
+@@ -534,6 +555,10 @@ static struct {
+ { "forcecommand", sForceCommand, SSHCFG_ALL },
+ { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
+ { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
+#ifdef PAM_ENHANCEMENT
-+ { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
-+ { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
++ { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
++ { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
+#endif
- { NULL, sBadOption, 0 }
- };
-
-@@ -1632,6 +1657,37 @@
- }
- return 0;
+ { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
+ { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+ { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
+@@ -1765,6 +1790,37 @@ process_server_config_line(ServerOptions
+ options->fingerprint_hash = value;
+ break;
+ case sPAMServicePrefix:
+ arg = strdelim(&cp);
@@ -521,8 +527,9 @@
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
---- orig/servconf.h Mon Jan 26 18:02:10 2015
-+++ new/servconf.h Tue Mar 31 15:07:14 2015
+diff -pur old/servconf.h new/servconf.h
+--- old/servconf.h 2015-03-16 22:49:20.000000000 -0700
++++ new/servconf.h 2015-04-28 06:28:25.181429777 -0700
@@ -54,6 +54,10 @@
/* Magic name for internal sftp-server */
#define INTERNAL_SFTP_NAME "internal-sftp"
@@ -534,57 +541,23 @@
typedef struct {
u_int num_ports;
u_int ports_from_cmdline;
-@@ -185,6 +189,13 @@
-
+@@ -188,6 +192,12 @@ typedef struct {
u_int num_auth_methods;
char *auth_methods[MAX_AUTH_METHODS];
-+
+
+#ifdef PAM_ENHANCEMENT
+ char *pam_service_prefix;
+ char *pam_service_name;
+ int pam_service_per_authmethod;
+#endif
+
+ int fingerprint_hash;
} ServerOptions;
- /* Information about the incoming connection as used by Match */
---- orig/sshd_config.5 Mon Jan 26 18:02:10 2015
-+++ new/sshd_config.5 Mon Jan 26 18:03:45 2015
-@@ -868,6 +868,21 @@
- are refused if the number of unauthenticated connections reaches
- .Dq full
- (60).
-+.It Cm PAMServiceName
-+Specifies the PAM service name for the PAM session. The PAMServiceName and
-+PAMServicePrefix options are mutually exclusive and if both set, sshd does not
-+start. If this option is set the service name is the same for all user
-+authentication methods. The option has no default value. See PAMServicePrefix
-+for more information.
-+.It Cm PAMServicePrefix
-+Specifies the PAM service name prefix for service names used for individual
-+user authentication methods. The default is sshd. The PAMServiceName and
-+PAMServicePrefix options are mutually exclusive and if both set, sshd does not
-+start.
-+.Pp
-+For example, if this option is set to admincli, the service name for the
-+keyboard-interactive authentication method is admincli-kbdint instead of the
-+default sshd-kbdint.
- .It Cm PasswordAuthentication
- Specifies whether password authentication is allowed.
- The default is
-@@ -1203,8 +1218,7 @@
- is enabled, you will not be able to run
- .Xr sshd 8
- as a non-root user.
--The default is
--.Dq no .
-+On Solaris, the option is always enabled.
- .It Cm UsePrivilegeSeparation
- Specifies whether
- .Xr sshd 8
---- orig/sshd.8 Mon Jan 26 18:02:09 2015
-+++ new/sshd.8 Mon Jan 26 18:02:11 2015
-@@ -951,6 +951,33 @@
+diff -pur old/sshd.8 new/sshd.8
+--- old/sshd.8 2015-04-28 06:15:57.254681499 -0700
++++ new/sshd.8 2015-04-28 06:15:57.426325504 -0700
+@@ -945,6 +945,33 @@ concurrently for different ports, this c
started last).
The content of this file is not sensitive; it can be world-readable.
.El
@@ -618,9 +591,10 @@
.Sh SEE ALSO
.Xr scp 1 ,
.Xr sftp 1 ,
---- orig/sshd.c Tue Mar 31 18:12:33 2015
-+++ new/sshd.c Tue Mar 31 18:42:28 2015
-@@ -2065,6 +2065,11 @@
+diff -pur old/sshd.c new/sshd.c
+--- old/sshd.c 2015-04-28 06:15:57.302106750 -0700
++++ new/sshd.c 2015-04-28 06:15:57.427449259 -0700
+@@ -2146,6 +2146,11 @@ main(int ac, char **av)
sshd_exchange_identification(sock_in, sock_out);
@@ -632,3 +606,38 @@
/* In inetd mode, generate ephemeral key only for proto 1 connections */
if (!compat20 && inetd_flag && sensitive_data.server_key == NULL)
generate_ephemeral_server_key();
+diff -pur old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5 2015-04-28 06:15:57.256560985 -0700
++++ new/sshd_config.5 2015-04-28 06:15:57.425661853 -0700
+@@ -1044,6 +1044,21 @@ The probability increases linearly and a
+ are refused if the number of unauthenticated connections reaches
+ .Dq full
+ (60).
++.It Cm PAMServiceName
++Specifies the PAM service name for the PAM session. The PAMServiceName and
++PAMServicePrefix options are mutually exclusive and if both set, sshd does not
++start. If this option is set the service name is the same for all user
++authentication methods. The option has no default value. See PAMServicePrefix
++for more information.
++.It Cm PAMServicePrefix
++Specifies the PAM service name prefix for service names used for individual
++user authentication methods. The default is sshd. The PAMServiceName and
++PAMServicePrefix options are mutually exclusive and if both set, sshd does not
++start.
++.Pp
++For example, if this option is set to admincli, the service name for the
++keyboard-interactive authentication method is admincli-kbdint instead of the
++default sshd-kbdint.
+ .It Cm PasswordAuthentication
+ Specifies whether password authentication is allowed.
+ The default is
+@@ -1427,8 +1442,7 @@ If
+ is enabled, you will not be able to run
+ .Xr sshd 8
+ as a non-root user.
+-The default is
+-.Dq no .
++On Solaris, the option is always enabled.
+ .It Cm UsePrivilegeSeparation
+ Specifies whether
+ .Xr sshd 8
--- a/components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch Mon Jan 25 10:57:40 2016 -0800
@@ -13,16 +13,28 @@
# This is a Solaris specific change to ease the transition and will not be
# offered upstream.
#
---- orig/servconf.c Mon Jun 1 15:37:53 2015
-+++ new/servconf.c Mon Jun 1 15:43:35 2015
-@@ -1,4 +1,3 @@
--
- /* $OpenBSD: servconf.c,v 1.248 2013/12/06 13:39:49 markus Exp $ */
- /*
- * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland
-@@ -528,6 +527,30 @@
- { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
- { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c
++++ new/servconf.c
+@@ -518,6 +518,7 @@ static struct {
+ { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
+ #ifdef GSSAPI
+ { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
++ { "gssauthentication", sGssAuthentication, SSHCFG_ALL }, /* alias */
+ #ifdef USE_GSS_STORE_CRED
+ { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ #else /* USE_GSS_STORE_CRED */
+@@ -526,6 +527,7 @@ static struct {
+ { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
+ #else
+ { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
++ { "gssauthentication", sUnsupported, SSHCFG_ALL }, /* alias */
+ { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
+ #endif
+@@ -592,6 +594,30 @@ static struct {
+ { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
+ { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
#endif
+#ifdef DEPRECATE_SUNSSH_OPT
+ /*
@@ -46,8 +58,8 @@
+ { "useunsupportedsshv1", sDeprecated, SSHCFG_GLOBAL },
+ { "usefips140", sDeprecated, SSHCFG_ALL},
+ { "gssapistoredelegatedcredentials", sDeprecated, SSHCFG_ALL },
-+ { "gssapikeyexchange", sDeprecated, SSHCFG_ALL},
++ { "gssstoredelegcreds", sDeprecated, SSHCFG_ALL },
+#endif
- { NULL, sBadOption, 0 }
- };
-
+ { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
+ { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+ { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
--- a/components/openssh/patches/021-CVE-2014-2653.patch Thu Jan 14 09:14:14 2016 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-#
-# This is to fix the CVE-2014-2653 security bug. The bug fix code came from
-# OpenSSH. When we upgrade OpenSSH to version 6.7 or later, we will remove
-# this patch file.
-#
---- orig/sshconnect.c Mon Jun 16 10:31:17 2014
-+++ new/sshconnect.c Mon Jun 16 10:44:16 2014
-@@ -1216,29 +1216,39 @@
- {
- int flags = 0;
- char *fp;
-+ Key *plain = NULL;
-
- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
- debug("Server host key: %s %s", key_type(host_key), fp);
- free(fp);
-
-- /* XXX certs are not yet supported for DNS */
-- if (!key_is_cert(host_key) && options.verify_host_key_dns &&
-- verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
-- if (flags & DNS_VERIFY_FOUND) {
--
-- if (options.verify_host_key_dns == 1 &&
-- flags & DNS_VERIFY_MATCH &&
-- flags & DNS_VERIFY_SECURE)
-- return 0;
--
-- if (flags & DNS_VERIFY_MATCH) {
-- matching_host_key_dns = 1;
-- } else {
-- warn_changed_key(host_key);
-- error("Update the SSHFP RR in DNS with the new "
-- "host key to get rid of this message.");
-+ if (options.verify_host_key_dns) {
-+ /*
-+ * XXX certs are not yet supported for DNS, so downgrade
-+ * them and try the plain key.
-+ */
-+ plain = key_from_private(host_key);
-+ if (key_is_cert(plain))
-+ key_drop_cert(plain);
-+ if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
-+ if (flags & DNS_VERIFY_FOUND) {
-+ if (options.verify_host_key_dns == 1 &&
-+ flags & DNS_VERIFY_MATCH &&
-+ flags & DNS_VERIFY_SECURE) {
-+ key_free(plain);
-+ return 0;
-+ }
-+ if (flags & DNS_VERIFY_MATCH) {
-+ matching_host_key_dns = 1;
-+ } else {
-+ warn_changed_key(plain);
-+ error("Update the SSHFP RR in DNS "
-+ "with the new host key to get rid "
-+ "of this message.");
-+ }
- }
- }
-+ key_free(plain);
- }
-
- return check_host_key(host, hostaddr, options.port, host_key, RDRW,
--- a/components/openssh/patches/022-solaris_audit.patch Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/patches/022-solaris_audit.patch Mon Jan 25 10:57:40 2016 -0800
@@ -20,74 +20,10 @@
# An additional patch relying on the --with-audit=solaris configuration
# should/will be created for sftp Solaris Audit and password change.
#
---- orig/config.h.in 2014-11-05 13:11:59.968745838 -0800
-+++ new/config.h.in 2014-10-13 14:00:31.117475979 -0700
-@@ -1628,6 +1628,9 @@
- /* Use Linux audit module */
- #undef USE_LINUX_AUDIT
-
-+/* Use Solaris audit module */
-+#undef USE_SOLARIS_AUDIT
-+
- /* Enable OpenSSL engine support */
- #undef USE_OPENSSL_ENGINE
-
---- orig/configure 2014-11-05 13:11:59.971959419 -0800
-+++ new/configure 2014-12-04 08:43:59.945675841 -0800
-@@ -1420,7 +1420,7 @@
- --with-tcp-wrappers[=PATH] Enable tcpwrappers support (optionally in PATH)
- --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH)
- --with-libedit[=PATH] Enable libedit support for sftp
-- --with-audit=module Enable audit support (modules=debug,bsm,linux)
-+ --with-audit=module Enable audit support (modules=debug,bsm,linux,solaris)
- --with-pie Build Position Independent Executables if possible
- --with-ssl-dir=PATH Specify path to OpenSSL installation
- --without-openssl-header-check Disable OpenSSL version consistency check
-@@ -10185,6 +10185,27 @@
- $as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h
-
- ;;
-+ solaris)
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: solaris" >&5
-+$as_echo "solaris" >&6; }
-+ AUDIT_MODULE=solaris
-+ for ac_header in bsm/adt.h
-+do :
-+ ac_fn_c_check_header_compile "$LINENO" "bsm/adt.h" "ac_cv_header_bsm_adt_h" ""
-+if test "x$ac_cv_header_bsm_adt_h" = xyes; then :
-+ cat >>confdefs.h <<_ACEOF
-+#define HAVE_ADT_H 1
-+_ACEOF
-+
-+else
-+ as_fn_error $? "Solaris Audit enabled and bsm/adt.h not found" "$LINENO" 5
-+fi
-+
-+done
-+
-+ SSHDLIBS="$SSHDLIBS -lbsm"
-+$as_echo "#define USE_SOLARIS_AUDIT 1" >>confdefs.h
-+ ;;
- debug)
- AUDIT_MODULE=debug
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5
---- orig/defines.h 2014-01-17 05:12:38.000000000 -0800
-+++ new/defines.h 2014-09-12 10:09:27.000000000 -0700
-@@ -622,6 +622,11 @@
- # define CUSTOM_SSH_AUDIT_EVENTS
- #endif
-
-+#ifdef USE_SOLARIS_AUDIT
-+# define SSH_AUDIT_EVENTS
-+# define CUSTOM_SSH_AUDIT_EVENTS
-+#endif
-+
- #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)
- # define __func__ __FUNCTION__
- #elif !defined(HAVE___func__)
---- orig/INSTALL 2013-03-06 17:33:35.000000000 -0800
-+++ new/INSTALL 2014-12-04 08:41:24.369920230 -0800
-@@ -97,9 +97,13 @@
+diff -pur old/INSTALL new/INSTALL
+--- old/INSTALL 2015-03-16 22:49:20.000000000 -0700
++++ new/INSTALL 2015-05-21 03:54:29.120932630 -0700
+@@ -92,9 +92,13 @@ http://www.gnu.org/software/autoconf/
Basic Security Module (BSM):
@@ -104,7 +40,7 @@
2. Building / Installation
-@@ -152,8 +156,9 @@
+@@ -147,8 +151,9 @@ name).
There are a few other options to the configure script:
--with-audit=[module] enable additional auditing via the specified module.
@@ -116,9 +52,10 @@
--with-pam enables PAM support. If PAM support is compiled in, it must
also be enabled in sshd_config (refer to the UsePAM directive).
---- orig/Makefile.in 2014-11-12 15:18:05.366726810 -0800
-+++ new/Makefile.in 2014-11-12 15:22:36.825227512 -0800
-@@ -84,7 +84,7 @@
+diff -pur old/Makefile.in new/Makefile.in
+--- old/Makefile.in 2015-12-07 15:43:45.335711670 -0800
++++ new/Makefile.in 2015-12-07 15:51:37.440455000 -0800
+@@ -98,7 +98,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o s
roaming_common.o roaming_client.o
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
@@ -127,9 +64,10 @@
sshpty.o sshlogin.o servconf.o serverloop.o \
auth.o auth1.o auth2.o auth-options.o session.o \
auth-chall.o auth2-chall.o groupaccess.o \
---- orig/README.platform 2009-08-28 16:14:48.000000000 -0700
-+++ new/README.platform 2014-09-12 09:45:50.000000000 -0700
-@@ -68,8 +68,8 @@
+diff -pur old/README.platform new/README.platform
+--- old/README.platform 2015-03-16 22:49:20.000000000 -0700
++++ new/README.platform 2015-05-21 03:54:29.121331205 -0700
+@@ -68,8 +68,8 @@ zlib-devel and pam-devel, on Debian base
libssl-dev, libz-dev and libpam-dev.
@@ -140,7 +78,7 @@
If you enable BSM auditing on Solaris, you need to update audit_event(4)
for praudit(1m) to give sensible output. The following line needs to be
added to /etc/security/audit_event:
-@@ -82,6 +82,9 @@
+@@ -82,6 +82,9 @@ There is no official registry of 3rd par
number is already in use on your system, you may change it at build time
by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
@@ -150,10 +88,212 @@
Platforms using PAM
-------------------
---- orig/sshd.c 2014-11-05 13:11:59.974945893 -0800
-+++ new/sshd.c 2014-11-10 13:33:12.279354856 -0800
-@@ -2139,7 +2139,9 @@
- #endif
+diff -pur old/config.h.in new/config.h.in
+--- old/config.h.in 2015-05-21 03:54:29.047656051 -0700
++++ new/config.h.in 2015-05-21 03:54:29.121686621 -0700
+@@ -1635,6 +1635,9 @@
+ /* Use Linux audit module */
+ #undef USE_LINUX_AUDIT
+
++/* Use Solaris audit module */
++#undef USE_SOLARIS_AUDIT
++
+ /* Enable OpenSSL engine support */
+ #undef USE_OPENSSL_ENGINE
+
+diff -pur old/configure new/configure
+--- old/configure 2015-05-21 03:54:29.053171257 -0700
++++ new/configure 2015-05-21 06:53:04.579282150 -0700
+@@ -1336,7 +1336,7 @@ Optional Packages:
+ --with-skey[=PATH] Enable S/Key support (optionally in PATH)
+ --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH)
+ --with-libedit[=PATH] Enable libedit support for sftp
+- --with-audit=module Enable audit support (modules=debug,bsm,linux)
++ --with-audit=module Enable audit support (modules=debug,bsm,linux,solaris)
+ --with-pie Build Position Independent Executables if possible
+ --with-ssl-dir=PATH Specify path to OpenSSL installation
+ --without-openssl-header-check Disable OpenSSL version consistency check
+@@ -16106,6 +16106,160 @@ cat >>confdefs.h <<\_ACEOF
+ _ACEOF
+
+ ;;
++ solaris)
++ { echo "$as_me:$LINENO: result: solaris" >&5
++echo "${ECHO_T}solaris" >&6; }
++ AUDIT_MODULE=solaris
++
++for ac_header in bsm/adt.h
++do
++as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
++ { echo "$as_me:$LINENO: checking for $ac_header" >&5
++echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
++ echo $ECHO_N "(cached) $ECHO_C" >&6
++fi
++ac_res=`eval echo '${'$as_ac_Header'}'`
++ { echo "$as_me:$LINENO: result: $ac_res" >&5
++echo "${ECHO_T}$ac_res" >&6; }
++else
++ # Is the header compilable?
++{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
++echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h. */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h. */
++$ac_includes_default
++#include <$ac_header>
++_ACEOF
++rm -f conftest.$ac_objext
++if { (ac_try="$ac_compile"
++case "(($ac_try" in
++ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
++ *) ac_try_echo=$ac_try;;
++esac
++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
++ (eval "$ac_compile") 2>conftest.er1
++ ac_status=$?
++ grep -v '^ *+' conftest.er1 >conftest.err
++ rm -f conftest.er1
++ cat conftest.err >&5
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } && {
++ test -z "$ac_c_werror_flag" ||
++ test ! -s conftest.err
++ } && test -s conftest.$ac_objext; then
++ ac_header_compiler=yes
++else
++ echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++ ac_header_compiler=no
++fi
++
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
++echo "${ECHO_T}$ac_header_compiler" >&6; }
++
++# Is the header present?
++{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
++echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h. */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h. */
++#include <$ac_header>
++_ACEOF
++if { (ac_try="$ac_cpp conftest.$ac_ext"
++case "(($ac_try" in
++ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
++ *) ac_try_echo=$ac_try;;
++esac
++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
++ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
++ ac_status=$?
++ grep -v '^ *+' conftest.er1 >conftest.err
++ rm -f conftest.er1
++ cat conftest.err >&5
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } >/dev/null && {
++ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
++ test ! -s conftest.err
++ }; then
++ ac_header_preproc=yes
++else
++ echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++ ac_header_preproc=no
++fi
++
++rm -f conftest.err conftest.$ac_ext
++{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
++echo "${ECHO_T}$ac_header_preproc" >&6; }
++
++# So? What about this header?
++case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
++ yes:no: )
++ { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
++echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
++echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
++ ac_header_preproc=yes
++ ;;
++ no:yes:* )
++ { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
++echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
++echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
++echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
++echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
++echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
++ { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
++echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
++ ( cat <<\_ASBOX
++## ------------------------------------------- ##
++## Report this to [email protected] ##
++## ------------------------------------------- ##
++_ASBOX
++ ) | sed "s/^/$as_me: WARNING: /" >&2
++ ;;
++esac
++{ echo "$as_me:$LINENO: checking for $ac_header" >&5
++echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
++ echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++ eval "$as_ac_Header=\$ac_header_preproc"
++fi
++ac_res=`eval echo '${'$as_ac_Header'}'`
++ { echo "$as_me:$LINENO: result: $ac_res" >&5
++echo "${ECHO_T}$ac_res" >&6; }
++
++fi
++if test `eval echo '${'$as_ac_Header'}'` = yes; then
++ cat >>confdefs.h <<_ACEOF
++#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
++_ACEOF
++
++fi
++
++done
++
++ SSHDLIBS="$SSHDLIBS -lbsm"
++cat >>confdefs.h <<\_ACEOF
++#define USE_SOLARIS_AUDIT 1
++_ACEOF
++ ;;
+ debug)
+ AUDIT_MODULE=debug
+ { echo "$as_me:$LINENO: result: debug" >&5
+diff -pur old/defines.h new/defines.h
+--- old/defines.h 2015-03-16 22:49:20.000000000 -0700
++++ new/defines.h 2015-05-21 03:54:29.127386034 -0700
+@@ -635,6 +635,11 @@ struct winsize {
+ # define CUSTOM_SSH_AUDIT_EVENTS
+ #endif
+
++#ifdef USE_SOLARIS_AUDIT
++# define SSH_AUDIT_EVENTS
++# define CUSTOM_SSH_AUDIT_EVENTS
++#endif
++
+ #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)
+ # define __func__ __FUNCTION__
+ #elif !defined(HAVE___func__)
+diff -pur old/sshd.c new/sshd.c
+--- old/sshd.c 2015-05-21 03:54:29.070139157 -0700
++++ new/sshd.c 2015-05-21 03:54:29.127803176 -0700
+@@ -2215,7 +2215,9 @@ main(int ac, char **av)
+ }
#ifdef SSH_AUDIT_EVENTS
+#ifndef USE_SOLARIS_AUDIT
@@ -162,7 +302,7 @@
#endif
#ifdef GSSAPI
-@@ -2169,6 +2171,10 @@
+@@ -2245,6 +2247,10 @@ main(int ac, char **av)
do_pam_session();
}
#endif
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/023-gsskex.patch Mon Jan 25 10:57:40 2016 -0800
@@ -0,0 +1,1256 @@
+#
+# GSS-API key exchange support
+#
+# Based on https://github.com/SimonWilkinson/gss-openssh/commit/ffae842
+# Updated to apply to OpenSSH 6.5.
+# Default value for GSSAPIKeyExchange changed to yes to match SunSSH behavior.
+# New files kexgssc.c and kexgsss.c moved to ../sources/ and made cstyle clean.
+#
+# Upstream rejected GSS-API key exchange several times before.
+#
+diff -pur old/Makefile.in new/Makefile.in
+--- old/Makefile.in 2015-12-10 14:51:47.781146370 -0800
++++ new/Makefile.in 2015-12-10 14:48:21.907121340 -0800
+@@ -85,6 +85,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
+ atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o \
+ monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
+ msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
++ kexgssc.o \
+ ssh-pkcs11.o smult_curve25519_ref.o \
+ poly1305.o chacha.o cipher-chachapoly.o \
+ ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
+@@ -105,7 +106,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
+ auth2-none.o auth2-passwd.o auth2-pubkey.o \
+ monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \
+- auth2-gss.o gss-serv.o gss-serv-krb5.o \
++ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
+ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+ sftp-server.o sftp-common.o \
+ roaming_common.o roaming_serv.o \
+diff -pur old/auth2-gss.c new/auth2-gss.c
+--- old/auth2-gss.c
++++ new/auth2-gss.c
+@@ -1,7 +1,7 @@
+ /* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */
+
+ /*
+- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
++ * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -53,6 +53,39 @@ static int input_gssapi_mic(int type, u_
+ static int input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
+ static int input_gssapi_errtok(int, u_int32_t, void *);
+
++/*
++ * The 'gssapi_keyex' userauth mechanism.
++ */
++static int
++userauth_gsskeyex(Authctxt *authctxt)
++{
++ int authenticated = 0;
++ Buffer b;
++ gss_buffer_desc mic, gssbuf;
++ u_int len;
++
++ mic.value = packet_get_string(&len);
++ mic.length = len;
++
++ packet_check_eom();
++
++ ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service,
++ "gssapi-keyex");
++
++ gssbuf.value = buffer_ptr(&b);
++ gssbuf.length = buffer_len(&b);
++
++ /* gss_kex_context is NULL with privsep, so we can't check it here */
++ if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gss_kex_context,
++ &gssbuf, &mic))))
++ authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
++
++ buffer_free(&b);
++ free(mic.value);
++
++ return (authenticated);
++}
++
+ /*
+ * We only support those mechanisms that we know about (ie ones that we know
+ * how to check local user kuserok and the like)
+@@ -290,6 +323,12 @@ input_gssapi_mic(int type, u_int32_t ple
+ return 0;
+ }
+
++Authmethod method_gsskeyex = {
++ "gssapi-keyex",
++ userauth_gsskeyex,
++ &options.gss_authentication
++};
++
+ Authmethod method_gssapi = {
+ "gssapi-with-mic",
+ userauth_gssapi,
+diff -pur old/auth2.c new/auth2.c
+--- old/auth2.c
++++ new/auth2.c
+@@ -70,6 +70,7 @@ extern Authmethod method_passwd;
+ extern Authmethod method_kbdint;
+ extern Authmethod method_hostbased;
+ #ifdef GSSAPI
++extern Authmethod method_gsskeyex;
+ extern Authmethod method_gssapi;
+ #endif
+
+@@ -77,6 +78,7 @@ Authmethod *authmethods[] = {
+ &method_none,
+ &method_pubkey,
+ #ifdef GSSAPI
++ &method_gsskeyex,
+ &method_gssapi,
+ #endif
+ &method_passwd,
+diff -pur old/configure new/configure
+--- old/configure
++++ new/configure
+@@ -10944,8 +10944,10 @@ fi
+
+ fi
+
+- $as_echo "#define USE_GSS_STORE_CRED 1" >>confdefs.h
+- $as_echo "#define GSSAPI_STORECREDS_NEEDS_RUID 1" >>confdefs.h
++cat >>confdefs.h <<\_ACEOF
++#define USE_GSS_STORE_CRED 1
++#define GSSAPI_STORECREDS_NEEDS_RUID 1
++_ACEOF
+
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ ;;
+diff -pur old/gss-genr.c new/gss-genr.c
+--- old/gss-genr.c
++++ new/gss-genr.c
+@@ -1,7 +1,7 @@
+ /* $OpenBSD: gss-genr.c,v 1.23 2015/01/20 23:14:00 deraadt Exp $ */
+
+ /*
+- * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
++ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -41,12 +41,167 @@
+ #include "buffer.h"
+ #include "log.h"
+ #include "ssh2.h"
++#include "cipher.h"
++#include "key.h"
++#include "kex.h"
++#include <openssl/evp.h>
+
+ #include "ssh-gss.h"
+
+ extern u_char *session_id2;
+ extern u_int session_id2_len;
+
++typedef struct {
++ char *encoded;
++ gss_OID oid;
++} ssh_gss_kex_mapping;
++
++/*
++ * XXX - It would be nice to find a more elegant way of handling the
++ * XXX passing of the key exchange context to the userauth routines
++ */
++
++Gssctxt *gss_kex_context = NULL;
++
++static ssh_gss_kex_mapping *gss_enc2oid = NULL;
++
++int
++ssh_gssapi_oid_table_ok() {
++ return (gss_enc2oid != NULL);
++}
++
++/*
++ * Return a list of the gss-group1-sha1 mechanisms supported by this program
++ *
++ * We test mechanisms to ensure that we can use them, to avoid starting
++ * a key exchange with a bad mechanism
++ */
++
++char *
++ssh_gssapi_client_mechanisms(const char *host) {
++ gss_OID_set gss_supported;
++ OM_uint32 min_status;
++
++ if (GSS_ERROR(gss_indicate_mechs(&min_status, &gss_supported)))
++ return NULL;
++
++ return(ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism,
++ host));
++}
++
++char *
++ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check,
++ const char *data) {
++ Buffer buf;
++ size_t i;
++ int oidpos, enclen;
++ char *mechs, *encoded;
++ u_char digest[EVP_MAX_MD_SIZE];
++ char deroid[2];
++ const EVP_MD *evp_md = EVP_md5();
++ EVP_MD_CTX md;
++
++ if (gss_enc2oid != NULL) {
++ for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
++ free(gss_enc2oid[i].encoded);
++ free(gss_enc2oid);
++ }
++
++ gss_enc2oid = xmalloc(sizeof(ssh_gss_kex_mapping) *
++ (gss_supported->count + 1));
++
++ buffer_init(&buf);
++
++ oidpos = 0;
++ for (i = 0; i < gss_supported->count; i++) {
++ if (gss_supported->elements[i].length < 128 &&
++ (*check)(NULL, &(gss_supported->elements[i]), data)) {
++
++ deroid[0] = SSH_GSS_OIDTYPE;
++ deroid[1] = gss_supported->elements[i].length;
++
++ EVP_DigestInit(&md, evp_md);
++ EVP_DigestUpdate(&md, deroid, 2);
++ EVP_DigestUpdate(&md,
++ gss_supported->elements[i].elements,
++ gss_supported->elements[i].length);
++ EVP_DigestFinal(&md, digest, NULL);
++
++ encoded = xmalloc(EVP_MD_size(evp_md) * 2);
++ enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
++ encoded, EVP_MD_size(evp_md) * 2);
++
++ if (oidpos != 0)
++ buffer_put_char(&buf, ',');
++
++ buffer_append(&buf, KEX_GSS_GEX_SHA1_ID,
++ sizeof(KEX_GSS_GEX_SHA1_ID) - 1);
++ buffer_append(&buf, encoded, enclen);
++ buffer_put_char(&buf, ',');
++ buffer_append(&buf, KEX_GSS_GRP1_SHA1_ID,
++ sizeof(KEX_GSS_GRP1_SHA1_ID) - 1);
++ buffer_append(&buf, encoded, enclen);
++ buffer_put_char(&buf, ',');
++ buffer_append(&buf, KEX_GSS_GRP14_SHA1_ID,
++ sizeof(KEX_GSS_GRP14_SHA1_ID) - 1);
++ buffer_append(&buf, encoded, enclen);
++
++ gss_enc2oid[oidpos].oid = &(gss_supported->elements[i]);
++ gss_enc2oid[oidpos].encoded = encoded;
++ oidpos++;
++ }
++ }
++ gss_enc2oid[oidpos].oid = NULL;
++ gss_enc2oid[oidpos].encoded = NULL;
++
++ buffer_put_char(&buf, '\0');
++
++ mechs = xmalloc(buffer_len(&buf));
++ buffer_get(&buf, mechs, buffer_len(&buf));
++ buffer_free(&buf);
++
++ if (strlen(mechs) == 0) {
++ free(mechs);
++ mechs = NULL;
++ }
++
++ return (mechs);
++}
++
++gss_OID
++ssh_gssapi_id_kex(Gssctxt *ctx, char *name, int kex_type) {
++ int i = 0;
++
++ switch (kex_type) {
++ case KEX_GSS_GRP1_SHA1:
++ if (strlen(name) < sizeof(KEX_GSS_GRP1_SHA1_ID))
++ return GSS_C_NO_OID;
++ name += sizeof(KEX_GSS_GRP1_SHA1_ID) - 1;
++ break;
++ case KEX_GSS_GRP14_SHA1:
++ if (strlen(name) < sizeof(KEX_GSS_GRP14_SHA1_ID))
++ return GSS_C_NO_OID;
++ name += sizeof(KEX_GSS_GRP14_SHA1_ID) - 1;
++ break;
++ case KEX_GSS_GEX_SHA1:
++ if (strlen(name) < sizeof(KEX_GSS_GEX_SHA1_ID))
++ return GSS_C_NO_OID;
++ name += sizeof(KEX_GSS_GEX_SHA1_ID) - 1;
++ break;
++ default:
++ return GSS_C_NO_OID;
++ }
++
++ while (gss_enc2oid[i].encoded != NULL &&
++ strcmp(name, gss_enc2oid[i].encoded) != 0)
++ i++;
++
++ if (gss_enc2oid[i].oid != NULL && ctx != NULL)
++ ssh_gssapi_set_oid(ctx, gss_enc2oid[i].oid);
++
++ return gss_enc2oid[i].oid;
++}
++
+ /* Check that the OID in a data stream matches that in the context */
+ int
+ ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
+@@ -231,6 +386,9 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
+ OM_uint32
+ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
+ {
++ if (ctx == NULL)
++ return -1;
++
+ if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
+ GSS_C_QOP_DEFAULT, buffer, hash)))
+ ssh_gssapi_error(ctx);
+@@ -238,6 +396,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
+ return (ctx->major);
+ }
+
++/* Priviledged when used by server */
++OM_uint32
++ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
++{
++ if (ctx == NULL)
++ return -1;
++
++ ctx->major = gss_verify_mic(&ctx->minor, ctx->context,
++ gssbuf, gssmic, NULL);
++
++ return (ctx->major);
++}
++
+ void
+ ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
+ const char *context)
+@@ -256,6 +427,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
+ gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
+ OM_uint32 major, minor;
+ gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
++ Gssctxt *intctx = NULL;
++
++ if (ctx == NULL)
++ ctx = &intctx;
+
+ /* RFC 4462 says we MUST NOT do SPNEGO */
+ if (oid->length == spnego_oid.length &&
+@@ -274,7 +449,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
+ GSS_C_NO_BUFFER);
+ }
+
+- if (GSS_ERROR(major))
++ if (GSS_ERROR(major) || intctx != NULL)
+ ssh_gssapi_delete_ctx(ctx);
+
+ return (!GSS_ERROR(major));
+diff -pur old/gss-serv.c new/gss-serv.c
+--- old/gss-serv.c
++++ new/gss-serv.c
+@@ -1,7 +1,7 @@
+ /* $OpenBSD: gss-serv.c,v 1.29 2015/05/22 03:50:02 djm Exp $ */
+
+ /*
+- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
++ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+@@ -47,6 +47,7 @@
+ #include "servconf.h"
+
+ #include "ssh-gss.h"
++#include "monitor_wrap.h"
+
+ extern ServerOptions options;
+
+@@ -142,6 +143,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
+ }
+
+ /* Unprivileged */
++char *
++ssh_gssapi_server_mechanisms() {
++ gss_OID_set supported;
++
++ ssh_gssapi_supported_oids(&supported);
++ return (ssh_gssapi_kex_mechs(supported, &ssh_gssapi_server_check_mech,
++ NULL));
++}
++
++/* Unprivileged */
++int
++ssh_gssapi_server_check_mech(Gssctxt **dum, gss_OID oid, const char *data) {
++ Gssctxt *ctx = NULL;
++ int res;
++
++ res = !GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctx, oid)));
++ ssh_gssapi_delete_ctx(&ctx);
++
++ return (res);
++}
++
++/* Unprivileged */
+ void
+ ssh_gssapi_supported_oids(gss_OID_set *oidset)
+ {
+@@ -151,7 +174,9 @@ ssh_gssapi_supported_oids(gss_OID_set *o
+ gss_OID_set supported;
+
+ gss_create_empty_oid_set(&min_status, oidset);
+- gss_indicate_mechs(&min_status, &supported);
++
++ if (GSS_ERROR(gss_indicate_mechs(&min_status, &supported)))
++ return;
+
+ while (supported_mechs[i]->name != NULL) {
+ if (GSS_ERROR(gss_test_oid_set_member(&min_status,
+@@ -427,14 +452,4 @@ ssh_gssapi_userok(char *user)
+ return (0);
+ }
+
+-/* Privileged */
+-OM_uint32
+-ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
+-{
+- ctx->major = gss_verify_mic(&ctx->minor, ctx->context,
+- gssbuf, gssmic, NULL);
+-
+- return (ctx->major);
+-}
+-
+ #endif
+diff -pur old/kex.c new/kex.c
+--- old/kex.c
++++ new/kex.c
+@@ -55,6 +55,10 @@
+ #include "sshbuf.h"
+ #include "digest.h"
+
++#ifdef GSSAPI
++#include "ssh-gss.h"
++#endif
++
+ #if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ # if defined(HAVE_EVP_SHA256)
+ # define evp_ssh_sha256 EVP_sha256
+@@ -95,6 +99,11 @@ static const struct kexalg kexalgs[] = {
+ #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
+ { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
+ #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
++#ifdef GSSAPI
++ { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
++ { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
++ { KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
++#endif
+ { NULL, -1, -1, -1},
+ };
+
+@@ -126,7 +135,7 @@ kex_alg_by_name(const char *name)
+ const struct kexalg *k;
+
+ for (k = kexalgs; k->name != NULL; k++) {
+- if (strcmp(k->name, name) == 0)
++ if (strncmp(k->name, name, strlen(k->name)) == 0)
+ return k;
+ }
+ return NULL;
+diff -pur old/kex.h new/kex.h
+--- old/kex.h
++++ new/kex.h
+@@ -93,6 +93,9 @@ enum kex_exchange {
+ KEX_DH_GEX_SHA256,
+ KEX_ECDH_SHA2,
+ KEX_C25519_SHA256,
++ KEX_GSS_GRP1_SHA1,
++ KEX_GSS_GRP14_SHA1,
++ KEX_GSS_GEX_SHA1,
+ KEX_MAX
+ };
+
+@@ -139,6 +142,10 @@ struct kex {
+ u_int flags;
+ int hash_alg;
+ int ec_nid;
++#ifdef GSSAPI
++ int gss_deleg_creds;
++ char *gss_host;
++#endif
+ char *client_version_string;
+ char *server_version_string;
+ char *failed_choice;
+@@ -186,6 +193,10 @@ int kexecdh_client(struct ssh *);
+ int kexecdh_server(struct ssh *);
+ int kexc25519_client(struct ssh *);
+ int kexc25519_server(struct ssh *);
++#ifdef GSSAPI
++int kexgss_client(struct ssh *);
++int kexgss_server(struct ssh *);
++#endif
+
+ int kex_dh_hash(const char *, const char *,
+ const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+diff -pur old/monitor.c new/monitor.c
+--- old/monitor.c
++++ new/monitor.c
+@@ -160,6 +160,7 @@ int mm_answer_gss_setup_ctx(int, Buffer
+ int mm_answer_gss_accept_ctx(int, Buffer *);
+ int mm_answer_gss_userok(int, Buffer *);
+ int mm_answer_gss_checkmic(int, Buffer *);
++int mm_answer_gss_sign(int, Buffer *);
+ #endif
+
+ #ifdef SSH_AUDIT_EVENTS
+@@ -244,11 +245,17 @@ struct mon_table mon_dispatch_proto20[]
+ {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
+ {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
+ {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
++ {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
+ #endif
+ {0, 0, NULL}
+ };
+
+ struct mon_table mon_dispatch_postauth20[] = {
++#ifdef GSSAPI
++ {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx},
++ {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
++ {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
++#endif
+ #ifdef WITH_OPENSSL
+ {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
+ #endif
+@@ -363,6 +370,10 @@ monitor_child_preauth(Authctxt *_authctx
+ /* Permit requests for moduli and signatures */
+ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
++#ifdef GSSAPI
++ /* and for the GSSAPI key exchange */
++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
++#endif
+ } else {
+ mon_dispatch = mon_dispatch_proto15;
+
+@@ -502,6 +513,10 @@ monitor_child_postauth(struct monitor *p
+ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
++#ifdef GSSAPI
++ /* and for the GSSAPI key exchange */
++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSETUP, 1);
++#endif
+ } else {
+ mon_dispatch = mon_dispatch_postauth15;
+ monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
+@@ -1927,6 +1942,13 @@ monitor_apply_keystate(struct monitor *p
+ # endif
+ #endif /* WITH_OPENSSL */
+ kex->kex[KEX_C25519_SHA256] = kexc25519_server;
++#ifdef GSSAPI
++ if (options.gss_keyex) {
++ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
++ kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
++ kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
++ }
++#endif
+ kex->load_host_public_key=&get_hostkey_public_by_type;
+ kex->load_host_private_key=&get_hostkey_private_by_type;
+ kex->host_key_index=&get_hostkey_index;
+@@ -2026,6 +2048,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
+ OM_uint32 major;
+ u_int len;
+
++ if (!options.gss_authentication && !options.gss_keyex)
++ fatal("In GSSAPI monitor when GSSAPI is disabled");
++
+ goid.elements = buffer_get_string(m, &len);
+ goid.length = len;
+
+@@ -2053,6 +2078,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
+ OM_uint32 flags = 0; /* GSI needs this */
+ u_int len;
+
++ if (!options.gss_authentication && !options.gss_keyex)
++ fatal("In GSSAPI monitor when GSSAPI is disabled");
++
+ in.value = buffer_get_string(m, &len);
+ in.length = len;
+ major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
+@@ -2070,6 +2098,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
+ monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
++ monitor_permit(mon_dispatch, MONITOR_REQ_GSSSIGN, 1);
+ }
+ return (0);
+ }
+@@ -2081,6 +2110,9 @@ mm_answer_gss_checkmic(int sock, Buffer
+ OM_uint32 ret;
+ u_int len;
+
++ if (!options.gss_authentication && !options.gss_keyex)
++ fatal("In GSSAPI monitor when GSSAPI is disabled");
++
+ gssbuf.value = buffer_get_string(m, &len);
+ gssbuf.length = len;
+ mic.value = buffer_get_string(m, &len);
+@@ -2107,6 +2139,9 @@ mm_answer_gss_userok(int sock, Buffer *m
+ {
+ int authenticated;
+
++ if (!options.gss_authentication && !options.gss_keyex)
++ fatal("In GSSAPI monitor when GSSAPI is disabled");
++
+ authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
+
+ buffer_clear(m);
+@@ -2120,5 +2155,47 @@ mm_answer_gss_userok(int sock, Buffer *m
+ /* Monitor loop will terminate if authenticated */
+ return (authenticated);
+ }
++
++int
++mm_answer_gss_sign(int socket, Buffer *m)
++{
++ gss_buffer_desc data;
++ gss_buffer_desc hash = GSS_C_EMPTY_BUFFER;
++ OM_uint32 major, minor;
++ u_int len;
++
++ if (!options.gss_authentication && !options.gss_keyex)
++ fatal("In GSSAPI monitor when GSSAPI is disabled");
++
++ data.value = buffer_get_string(m, &len);
++ data.length = len;
++ if (data.length != 20)
++ fatal("%s: data length incorrect: %d", __func__,
++ (int) data.length);
++
++ /* Save the session ID on the first time around */
++ if (session_id2_len == 0) {
++ session_id2_len = data.length;
++ session_id2 = xmalloc(session_id2_len);
++ memcpy(session_id2, data.value, session_id2_len);
++ }
++ major = ssh_gssapi_sign(gsscontext, &data, &hash);
++
++ free(data.value);
++
++ buffer_clear(m);
++ buffer_put_int(m, major);
++ buffer_put_string(m, hash.value, hash.length);
++
++ mm_request_send(socket, MONITOR_ANS_GSSSIGN, m);
++
++ gss_release_buffer(&minor, &hash);
++
++ /* Turn on getpwnam permissions */
++ monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
++
++ return (0);
++}
++
+ #endif /* GSSAPI */
+
+diff -pur old/monitor.h new/monitor.h
+--- old/monitor.h
++++ new/monitor.h
+@@ -68,6 +68,9 @@ enum monitor_reqtype {
+ #ifdef PAM_ENHANCEMENT
+ MONITOR_REQ_AUTHMETHOD = 114,
+ #endif
++#ifdef GSSAPI
++ MONITOR_REQ_GSSSIGN = 130, MONITOR_ANS_GSSSIGN = 131,
++#endif
+ };
+
+ struct mm_master;
+diff -pur old/monitor_wrap.c new/monitor_wrap.c
+--- old/monitor_wrap.c
++++ new/monitor_wrap.c
+@@ -1103,5 +1103,28 @@ mm_ssh_gssapi_userok(char *user)
+ debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
+ return (authenticated);
+ }
++
++OM_uint32
++mm_ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_desc *data, gss_buffer_desc *hash)
++{
++ Buffer m;
++ OM_uint32 major;
++ u_int len;
++
++ buffer_init(&m);
++ buffer_put_string(&m, data->value, data->length);
++
++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSIGN, &m);
++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSIGN, &m);
++
++ major = buffer_get_int(&m);
++ hash->value = buffer_get_string(&m, &len);
++ hash->length = len;
++
++ buffer_free(&m);
++
++ return(major);
++}
++
+ #endif /* GSSAPI */
+
+diff -pur old/monitor_wrap.h new/monitor_wrap.h
+--- old/monitor_wrap.h
++++ new/monitor_wrap.h
+@@ -60,6 +60,7 @@ OM_uint32 mm_ssh_gssapi_accept_ctx(Gssct
+ gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
+ int mm_ssh_gssapi_userok(char *user);
+ OM_uint32 mm_ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
++OM_uint32 mm_ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
+ #endif
+
+ #ifdef USE_PAM
+diff -pur old/readconf.c new/readconf.c
+--- old/readconf.c
++++ new/readconf.c
+@@ -147,6 +147,7 @@ typedef enum {
+ oClearAllForwardings, oNoHostAuthenticationForLocalhost,
+ oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
+ oAddressFamily, oGssAuthentication, oGssDelegateCreds,
++ oGssKeyEx,
+ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+ oSendEnv, oControlPath, oControlMaster, oControlPersist,
+ oHashKnownHosts,
+@@ -198,11 +199,15 @@ static struct {
+ { "gssauthentication", oGssAuthentication }, /* alias */
+ { "gssapidelegatecredentials", oGssDelegateCreds },
+ { "gssdelegatecreds", oGssDelegateCreds }, /* alias */
++ { "gssapikeyexchange", oGssKeyEx },
++ { "gsskeyex", oGssKeyEx }, /* alias */
+ #else
+ { "gssapiauthentication", oUnsupported },
+ { "gssauthentication", oUnsupported },
+ { "gssapidelegatecredentials", oUnsupported },
+ { "gssdelegatecreds", oUnsupported },
++ { "gssapikeyexchange", oUnsupported },
++ { "gsskeyex", oUnsupported },
+ #endif
+ { "fallbacktorsh", oDeprecated },
+ { "usersh", oDeprecated },
+@@ -933,6 +938,10 @@ parse_time:
+ intptr = &options->gss_authentication;
+ goto parse_flag;
+
++ case oGssKeyEx:
++ intptr = &options->gss_keyex;
++ goto parse_flag;
++
+ case oGssDelegateCreds:
+ intptr = &options->gss_deleg_creds;
+ goto parse_flag;
+@@ -1647,6 +1656,7 @@ initialize_options(Options * options)
+ options->pubkey_authentication = -1;
+ options->challenge_response_authentication = -1;
+ options->gss_authentication = -1;
++ options->gss_keyex = -1;
+ options->gss_deleg_creds = -1;
+ options->password_authentication = -1;
+ options->kbd_interactive_authentication = -1;
+@@ -1786,6 +1796,12 @@ fill_default_options(Options * options)
+ #else
+ options->gss_authentication = 0;
+ #endif
++ if (options->gss_keyex == -1)
++#ifdef OPTION_DEFAULT_VALUE
++ options->gss_keyex = 1;
++#else
++ options->gss_keyex = 0;
++#endif
+ if (options->gss_deleg_creds == -1)
+ options->gss_deleg_creds = 0;
+ if (options->password_authentication == -1)
+diff -pur old/readconf.h new/readconf.h
+--- old/readconf.h
++++ new/readconf.h
+@@ -45,6 +45,7 @@ typedef struct {
+ int challenge_response_authentication;
+ /* Try S/Key or TIS, authentication. */
+ int gss_authentication; /* Try GSS authentication */
++ int gss_keyex; /* Try GSS key exchange */
+ int gss_deleg_creds; /* Delegate GSS credentials */
+ int password_authentication; /* Try password
+ * authentication. */
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c
++++ new/servconf.c
+@@ -117,6 +117,7 @@ initialize_server_options(ServerOptions
+ options->kerberos_ticket_cleanup = -1;
+ options->kerberos_get_afs_token = -1;
+ options->gss_authentication=-1;
++ options->gss_keyex = -1;
+ options->gss_cleanup_creds = -1;
+ options->gss_strict_acceptor = -1;
+ options->password_authentication = -1;
+@@ -300,6 +301,12 @@ fill_default_server_options(ServerOption
+ #else
+ options->gss_authentication = 0;
+ #endif
++ if (options->gss_keyex == -1)
++#ifdef OPTION_DEFAULT_VALUE
++ options->gss_keyex = 1;
++#else
++ options->gss_keyex = 0;
++#endif
+ if (options->gss_cleanup_creds == -1)
+ options->gss_cleanup_creds = 1;
+ if (options->gss_strict_acceptor == -1)
+@@ -442,6 +449,7 @@ typedef enum {
+ sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
+ sHostKeyAlgorithms,
+ sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
++ sGssKeyEx,
+ sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
+ sAcceptEnv, sPermitTunnel,
+ sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+@@ -519,6 +527,8 @@ static struct {
+ #ifdef GSSAPI
+ { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
+ { "gssauthentication", sGssAuthentication, SSHCFG_ALL }, /* alias */
++ { "gssapikeyexchange", sGssKeyEx, SSHCFG_ALL },
++ { "gsskeyex", sGssKeyEx, SSHCFG_ALL }, /* alias */
+ #ifdef USE_GSS_STORE_CRED
+ { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ #else /* USE_GSS_STORE_CRED */
+@@ -528,6 +538,8 @@ static struct {
+ #else
+ { "gssapiauthentication", sUnsupported, SSHCFG_ALL },
+ { "gssauthentication", sUnsupported, SSHCFG_ALL }, /* alias */
++ { "gssapikeyexchange", sUnsupported,, SSHCFG_ALL },
++ { "gsskeyex", sUnsupported,, SSHCFG_ALL },
+ { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
+ { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
+ #endif
+@@ -1311,6 +1323,10 @@ process_server_config_line(ServerOptions
+ intptr = &options->gss_authentication;
+ goto parse_flag;
+
++ case sGssKeyEx:
++ intptr = &options->gss_keyex;
++ goto parse_flag;
++
+ case sGssCleanupCreds:
+ intptr = &options->gss_cleanup_creds;
+ goto parse_flag;
+@@ -2357,6 +2373,7 @@ dump_config(ServerOptions *o)
+ #endif
+ #ifdef GSSAPI
+ dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
++ dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
+ #ifndef USE_GSS_STORE_CRED
+ dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
+ #endif /* !USE_GSS_STORE_CRED */
+diff -pur old/servconf.h new/servconf.h
+--- old/servconf.h
++++ new/servconf.h
+@@ -122,6 +122,7 @@ typedef struct {
+ int kerberos_get_afs_token; /* If true, try to get AFS token if
+ * authenticated with Kerberos. */
+ int gss_authentication; /* If true, permit GSSAPI authentication */
++ int gss_keyex; /* If true, permit GSSAPI key exchange */
+ int gss_cleanup_creds; /* If true, destroy cred cache on logout */
+ int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */
+ int password_authentication; /* If true, permit password
+diff -pur old/ssh-gss.h new/ssh-gss.h
+--- old/ssh-gss.h
++++ new/ssh-gss.h
+@@ -61,6 +61,17 @@
+
+ #define SSH_GSS_OIDTYPE 0x06
+
++#define SSH2_MSG_KEXGSS_INIT 30
++#define SSH2_MSG_KEXGSS_CONTINUE 31
++#define SSH2_MSG_KEXGSS_COMPLETE 32
++#define SSH2_MSG_KEXGSS_HOSTKEY 33
++#define SSH2_MSG_KEXGSS_ERROR 34
++#define SSH2_MSG_KEXGSS_GROUPREQ 40
++#define SSH2_MSG_KEXGSS_GROUP 41
++#define KEX_GSS_GRP1_SHA1_ID "gss-group1-sha1-"
++#define KEX_GSS_GRP14_SHA1_ID "gss-group14-sha1-"
++#define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-"
++
+ typedef struct {
+ char *filename;
+ char *envvar;
+@@ -98,6 +109,7 @@ typedef struct {
+ } Gssctxt;
+
+ extern ssh_gssapi_mech *supported_mechs[];
++extern Gssctxt *gss_kex_context;
+
+ int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
+ void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
+@@ -122,6 +134,11 @@ void ssh_gssapi_buildmic(Buffer *, const
+ int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *);
+
+ /* In the server */
++typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *);
++char *ssh_gssapi_client_mechanisms(const char *host);
++char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *);
++gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int);
++int ssh_gssapi_server_check_mech(Gssctxt **,gss_OID, const char *);
+ OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
+ int ssh_gssapi_userok(char *name);
+ OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
+@@ -129,6 +146,8 @@ void ssh_gssapi_do_child(char ***, u_int
+ void ssh_gssapi_cleanup_creds(void);
+ void ssh_gssapi_storecreds(void);
+
++char *ssh_gssapi_server_mechanisms(void);
++int ssh_gssapi_oid_table_ok();
+ #endif /* GSSAPI */
+
+ #endif /* _SSH_GSS_H */
+diff -pur old/ssh_config new/ssh_config
+--- old/ssh_config
++++ new/ssh_config
+@@ -26,6 +26,7 @@
+ # HostbasedAuthentication no
+ # GSSAPIAuthentication no
+ # GSSAPIDelegateCredentials no
++# GSSAPIKeyExchange yes
+ # BatchMode no
+ # CheckHostIP yes
+ # AddressFamily any
+diff -pur old/ssh_config.5 new/ssh_config.5
+--- old/ssh_config.5
++++ new/ssh_config.5
+@@ -757,6 +757,12 @@ Specifies whether user authentication ba
+ The default on Solaris is
+ .Dq yes .
+ Note that this option applies to protocol version 2 only.
++.It Cm GSSAPIKeyExchange
++Specifies whether key exchange based on GSSAPI may be used. When using
++GSSAPI key exchange the server need not have a host key.
++The default on Solaris is
++.Dq yes .
++Note that this option applies to protocol version 2 only.
+ .It Cm GSSAPIDelegateCredentials
+ Forward (delegate) credentials to the server.
+ The default is
+diff -pur old/sshconnect2.c new/sshconnect2.c
+--- old/sshconnect2.c
++++ new/sshconnect2.c
+@@ -163,12 +163,37 @@ ssh_kex2(char *host, struct sockaddr *ho
+ char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
+ struct kex *kex;
+ int r;
++#ifdef GSSAPI
++ char *orig = NULL, *gss = NULL;
++ char *gss_host = NULL;
++#endif
++
+
+ xxx_host = host;
+ xxx_hostaddr = hostaddr;
+
++ if (options.kex_algorithms != NULL)
++ myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
++
++#ifdef GSSAPI
++ if (options.gss_keyex) {
++ /* Add the GSSAPI mechanisms currently supported on this
++ * client to the key exchange algorithm proposal */
++ orig = myproposal[PROPOSAL_KEX_ALGS];
++
++ gss_host = (char *)get_canonical_hostname(1);
++
++ gss = ssh_gssapi_client_mechanisms(gss_host);
++ if (gss) {
++ debug("Offering GSSAPI proposal: %s", gss);
++ xasprintf(&myproposal[PROPOSAL_KEX_ALGS],
++ "%s,%s", gss, orig);
++ }
++ }
++#endif
++
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+- options.kex_algorithms);
++ myproposal[PROPOSAL_KEX_ALGS]);
+ myproposal[PROPOSAL_ENC_ALGS_CTOS] =
+ compat_cipher_proposal(options.ciphers);
+ myproposal[PROPOSAL_ENC_ALGS_STOC] =
+@@ -197,6 +222,17 @@ ssh_kex2(char *host, struct sockaddr *ho
+ order_hostkeyalgs(host, hostaddr, port));
+ }
+
++#ifdef GSSAPI
++ /* If we've got GSSAPI algorithms, then we also support the
++ * 'null' hostkey, as a last resort */
++ if (options.gss_keyex && gss) {
++ orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS];
++ xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS],
++ "%s,null", orig);
++ free(gss);
++ }
++#endif
++
+ if (options.rekey_limit || options.rekey_interval)
+ packet_set_rekey_limits((u_int32_t)options.rekey_limit,
+ (time_t)options.rekey_interval);
+@@ -215,9 +251,22 @@ ssh_kex2(char *host, struct sockaddr *ho
+ # endif
+ #endif
+ kex->kex[KEX_C25519_SHA256] = kexc25519_client;
++#ifdef GSSAPI
++ if (options.gss_keyex) {
++ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
++ kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_client;
++ kex->kex[KEX_GSS_GEX_SHA1] = kexgss_client;
++ }
++#endif
+ kex->client_version_string=client_version_string;
+ kex->server_version_string=server_version_string;
+ kex->verify_host_key=&verify_host_key_callback;
++#ifdef GSSAPI
++ if (options.gss_keyex) {
++ kex->gss_deleg_creds = options.gss_deleg_creds;
++ kex->gss_host = gss_host;
++ }
++#endif
+
+ dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
+
+@@ -310,6 +359,7 @@ int input_gssapi_token(int type, u_int32
+ int input_gssapi_hash(int type, u_int32_t, void *);
+ int input_gssapi_error(int, u_int32_t, void *);
+ int input_gssapi_errtok(int, u_int32_t, void *);
++int userauth_gsskeyex(Authctxt *authctxt);
+ #endif
+
+ void userauth(Authctxt *, char *);
+@@ -325,6 +375,11 @@ static char *authmethods_get(void);
+
+ Authmethod authmethods[] = {
+ #ifdef GSSAPI
++ {"gssapi-keyex",
++ userauth_gsskeyex,
++ NULL,
++ &options.gss_authentication,
++ NULL},
+ {"gssapi-with-mic",
+ userauth_gssapi,
+ NULL,
+@@ -649,7 +704,10 @@ userauth_gssapi(Authctxt *authctxt)
+ * once. */
+
+ if (gss_supported == NULL)
+- gss_indicate_mechs(&min, &gss_supported);
++ if (GSS_ERROR(gss_indicate_mechs(&min, &gss_supported))) {
++ gss_supported = NULL;
++ return 0;
++ }
+
+ /* Check to see if the mechanism is usable before we offer it */
+ while (mech < gss_supported->count && !ok) {
+@@ -753,8 +811,8 @@ input_gssapi_response(int type, u_int32_
+ {
+ Authctxt *authctxt = ctxt;
+ Gssctxt *gssctxt;
+- int oidlen;
+- char *oidv;
++ u_int oidlen;
++ u_char *oidv;
+
+ if (authctxt == NULL)
+ fatal("input_gssapi_response: no authentication context");
+@@ -867,6 +925,48 @@ input_gssapi_error(int type, u_int32_t p
+ free(lang);
+ return 0;
+ }
++
++int
++userauth_gsskeyex(Authctxt *authctxt)
++{
++ Buffer b;
++ gss_buffer_desc gssbuf;
++ gss_buffer_desc mic = GSS_C_EMPTY_BUFFER;
++ OM_uint32 ms;
++
++ static int attempt = 0;
++ if (attempt++ >= 1)
++ return (0);
++
++ if (gss_kex_context == NULL) {
++ debug("No valid Key exchange context");
++ return (0);
++ }
++
++ ssh_gssapi_buildmic(&b, authctxt->server_user, authctxt->service,
++ "gssapi-keyex");
++
++ gssbuf.value = buffer_ptr(&b);
++ gssbuf.length = buffer_len(&b);
++
++ if (GSS_ERROR(ssh_gssapi_sign(gss_kex_context, &gssbuf, &mic))) {
++ buffer_free(&b);
++ return (0);
++ }
++
++ packet_start(SSH2_MSG_USERAUTH_REQUEST);
++ packet_put_cstring(authctxt->server_user);
++ packet_put_cstring(authctxt->service);
++ packet_put_cstring(authctxt->method->name);
++ packet_put_string(mic.value, mic.length);
++ packet_send();
++
++ buffer_free(&b);
++ gss_release_buffer(&ms, &mic);
++
++ return (1);
++}
++
+ #endif /* GSSAPI */
+
+ int
+diff -pur old/sshd.c new/sshd.c
+--- old/sshd.c
++++ new/sshd.c
+@@ -1827,10 +1827,13 @@ main(int ac, char **av)
+ logit("Disabling protocol version 1. Could not load host key");
+ options.protocol &= ~SSH_PROTO_1;
+ }
++#ifndef GSSAPI
++ /* The GSSAPI key exchange can run without a host key */
+ if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
+ logit("Disabling protocol version 2. Could not load host key");
+ options.protocol &= ~SSH_PROTO_2;
+ }
++#endif
+ if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
+ logit("sshd: no hostkeys available -- exiting.");
+ exit(1);
+@@ -2588,6 +2591,48 @@ do_ssh2_kex(void)
+ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
+ list_hostkey_types());
+
++#ifdef GSSAPI
++ {
++ char *orig;
++ char *gss = NULL;
++ char *newstr = NULL;
++ orig = myproposal[PROPOSAL_KEX_ALGS];
++
++ /*
++ * If we don't have a host key, then there's no point advertising
++ * the other key exchange algorithms
++ */
++
++ if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0)
++ orig = NULL;
++
++ if (options.gss_keyex)
++ gss = ssh_gssapi_server_mechanisms();
++ else
++ gss = NULL;
++
++ if (gss && orig)
++ xasprintf(&newstr, "%s,%s", gss, orig);
++ else if (gss)
++ newstr = gss;
++ else if (orig)
++ newstr = orig;
++
++ /*
++ * If we've got GSSAPI mechanisms, then we've got the 'null' host
++ * key alg, but we can't tell people about it unless its the only
++ * host key algorithm we support
++ */
++ if (gss && (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS])) == 0)
++ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = "null";
++
++ if (newstr)
++ myproposal[PROPOSAL_KEX_ALGS] = newstr;
++ else
++ fatal("No supported key exchange algorithms");
++ }
++#endif
++
+ /* start key exchange */
+ if ((r = kex_setup(active_state, myproposal)) != 0)
+ fatal("kex_setup: %s", ssh_err(r));
+@@ -2602,6 +2647,13 @@ do_ssh2_kex(void)
+ # endif
+ #endif
+ kex->kex[KEX_C25519_SHA256] = kexc25519_server;
++#ifdef GSSAPI
++ if (options.gss_keyex) {
++ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
++ kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
++ kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
++ }
++#endif
+ kex->server = 1;
+ kex->client_version_string=client_version_string;
+ kex->server_version_string=server_version_string;
+diff -pur old/sshd_config new/sshd_config
+--- old/sshd_config
++++ new/sshd_config
+@@ -82,8 +82,9 @@ AuthorizedKeysFile .ssh/authorized_keys
+ #KerberosGetAFSToken no
+
+ # GSSAPI options
+-#GSSAPIAuthentication no
++#GSSAPIAuthentication yes
+ #GSSAPICleanupCredentials yes
++#GSSAPIKeyExchange yes
+
+ # Set this to 'yes' to enable PAM authentication, account processing,
+ # and session processing. If this is enabled, PAM authentication will
+diff -pur old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5
++++ new/sshd_config.5
+@@ -621,6 +621,12 @@ Specifies whether user authentication ba
+ The default on Solaris is
+ .Dq yes .
+ Note that this option applies to protocol version 2 only.
++.It Cm GSSAPIKeyExchange
++Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
++doesn't rely on ssh keys to verify host identity.
++The default on Solaris is
++.Dq yes .
++Note that this option applies to protocol version 2 only.
+ .It Cm GSSAPICleanupCredentials
+ Specifies whether to automatically destroy the user's credentials cache
+ on logout.
+diff -pur old/sshkey.c new/sshkey.c
+--- old/sshkey.c
++++ new/sshkey.c
+@@ -112,6 +112,7 @@ static const struct keytype keytypes[] =
+ # endif /* OPENSSL_HAS_NISTP521 */
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++ { "null", "null", KEY_NULL, 0, 0 },
+ { NULL, NULL, -1, -1, 0 }
+ };
+
+diff -pur old/sshkey.h new/sshkey.h
+--- old/sshkey.h
++++ new/sshkey.h
+@@ -62,6 +62,7 @@ enum sshkey_types {
+ KEY_DSA_CERT,
+ KEY_ECDSA_CERT,
+ KEY_ED25519_CERT,
++ KEY_NULL,
+ KEY_UNSPEC
+ };
+
--- a/components/openssh/patches/024-disable_ed25519.patch Thu Jan 14 09:14:14 2016 +0100
+++ b/components/openssh/patches/024-disable_ed25519.patch Mon Jan 25 10:57:40 2016 -0800
@@ -1,8 +1,15 @@
+#
+# Per Solaris crypto team recommendation, we need to remove support for
+# Curve25519 from OpenSSH.
+#
+# Patch offered upstream but rejected:
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2376
+#
diff -pur old/Makefile.in new/Makefile.in
---- old/Makefile.in 2015-04-10 02:43:51.101312444 -0700
-+++ new/Makefile.in 2015-04-10 02:43:51.156820521 -0700
-@@ -138,7 +138,7 @@ $(SSHDOBJS): Makefile.in config.h
- $(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+--- old/Makefile.in 2015-12-07 15:58:19.591097920 -0800
++++ new/Makefile.in 2015-12-07 16:05:02.810457680 -0800
+@@ -153,7 +153,7 @@ $(SSHDOBJS): Makefile.in config.h
+ $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
-$(LIBCOMPAT): always
@@ -10,14 +17,13 @@
(cd openbsd-compat && $(MAKE))
always:
-Only in new: Makefile.in.orig
diff -pur old/authfd.c new/authfd.c
---- old/authfd.c 2013-12-28 22:49:56.000000000 -0800
-+++ new/authfd.c 2015-04-10 02:43:51.157515880 -0700
-@@ -508,8 +508,10 @@ ssh_add_identity_constrained(Authenticat
- case KEY_DSA_CERT_V00:
+--- old/authfd.c
++++ new/authfd.c
+@@ -565,8 +565,10 @@ ssh_add_identity_constrained(int sock, s
case KEY_ECDSA:
case KEY_ECDSA_CERT:
+ #endif
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
case KEY_ED25519_CERT:
@@ -26,127 +32,117 @@
SSH2_AGENTC_ADD_ID_CONSTRAINED :
SSH2_AGENTC_ADD_IDENTITY;
diff -pur old/authfile.c new/authfile.c
---- old/authfile.c 2013-12-28 22:50:15.000000000 -0800
-+++ new/authfile.c 2015-04-10 02:43:51.158405633 -0700
-@@ -597,9 +597,11 @@ key_private_to_blob(Key *key, Buffer *bl
- comment, new_format_cipher, new_format_rounds);
- }
- return key_private_pem_to_blob(key, blob, passphrase, comment);
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- return key_private_to_blob2(key, blob, passphrase,
- comment, new_format_cipher, new_format_rounds);
-+#endif /* WITHOUT_ED25519 */
- default:
- error("%s: cannot save key type %d", __func__, key->type);
- return 0;
-@@ -1005,8 +1007,10 @@ key_parse_private_type(Buffer *blob, int
- case KEY_ECDSA:
- case KEY_RSA:
- return key_parse_private_pem(blob, type, passphrase, commentp);
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- return key_parse_private2(blob, type, passphrase, commentp);
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- if ((k = key_parse_private2(blob, type, passphrase, commentp)))
- return k;
-@@ -1213,7 +1217,9 @@ key_load_private_cert(int type, const ch
- case KEY_RSA:
+--- old/authfile.c
++++ new/authfile.c
+@@ -449,7 +449,9 @@ sshkey_load_private_cert(int type, const
case KEY_DSA:
case KEY_ECDSA:
+ #endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
+#endif /* WITHOUT_ED25519 */
+ case KEY_UNSPEC:
break;
default:
- error("%s: unsupported key type", __func__);
-diff -pur old/crypto_api.h new/crypto_api.h
---- old/crypto_api.h 2014-01-16 17:31:34.000000000 -0800
-+++ new/crypto_api.h 2015-04-10 02:43:51.158673341 -0700
-@@ -26,7 +26,7 @@ int crypto_hashblocks_sha512(unsigned ch
-
- #define crypto_hash_sha512_BYTES 64U
+diff -pur old/dns.c new/dns.c
+--- old/dns.c
++++ new/dns.c
+@@ -100,11 +100,13 @@ dns_read_key(u_int8_t *algorithm, u_int8
+ if (!*digest_type)
+ *digest_type = SSHFP_HASH_SHA256;
+ break;
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ *algorithm = SSHFP_KEY_ED25519;
+ if (!*digest_type)
+ *digest_type = SSHFP_HASH_SHA256;
+ break;
++#endif /* WITHOUT_ED25519 */
+ default:
+ *algorithm = SSHFP_KEY_RESERVED; /* 0 */
+ *digest_type = SSHFP_HASH_RESERVED; /* 0 */
+diff -pur old/dns.h new/dns.h
+--- old/dns.h
++++ new/dns.h
+@@ -33,7 +33,9 @@ enum sshfp_types {
+ SSHFP_KEY_RSA = 1,
+ SSHFP_KEY_DSA = 2,
+ SSHFP_KEY_ECDSA = 3,
+- SSHFP_KEY_ED25519 = 4
++#ifndef WITHOUT_ED25519
++ SSHFP_KEY_ED25519 = 4
++#endif /* WITHOUT_ED25519 */
+ };
--int crypto_hash_sha512(unsigned char *, const unsigned char *,
-+extern int crypto_hash_sha512(unsigned char *, const unsigned char *,
- unsigned long long);
-
- int crypto_verify_32(const unsigned char *, const unsigned char *);
+ enum sshfp_hashes {
diff -pur old/ed25519.c new/ed25519.c
---- old/ed25519.c 2013-12-17 22:48:11.000000000 -0800
-+++ new/ed25519.c 2015-04-10 02:43:51.158974499 -0700
-@@ -6,6 +6,8 @@
- * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c
+--- old/ed25519.c
++++ new/ed25519.c
+@@ -7,6 +7,7 @@
*/
+ #include "includes.h"
+#ifndef WITHOUT_ED25519
-+
- #include "includes.h"
#include "crypto_api.h"
-@@ -142,3 +144,4 @@ int crypto_sign_ed25519_open(
+ #include "ge25519.h"
+@@ -142,3 +143,4 @@ int crypto_sign_ed25519_open(
}
return ret;
}
+#endif /* WITHOUT_ED25519 */
diff -pur old/fe25519.c new/fe25519.c
---- old/fe25519.c 2014-01-16 17:43:44.000000000 -0800
-+++ new/fe25519.c 2015-04-10 02:43:51.159348136 -0700
-@@ -6,6 +6,8 @@
- * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c
- */
+--- old/fe25519.c
++++ new/fe25519.c
+@@ -8,6 +8,7 @@
+
+ #include "includes.h"
+#ifndef WITHOUT_ED25519
-+
- #include "includes.h"
+ #define WINDOWSIZE 1 /* Should be 1,2, or 4 */
+ #define WINDOWMASK ((1<<WINDOWSIZE)-1)
- #define WINDOWSIZE 1 /* Should be 1,2, or 4 */
-@@ -335,3 +337,5 @@ void fe25519_pow2523(fe25519 *r, const f
+@@ -335,3 +336,4 @@ void fe25519_pow2523(fe25519 *r, const f
/* 2^252 - 2^2 */ fe25519_square(&t,&t);
/* 2^252 - 3 */ fe25519_mul(r,&t,x);
}
-+
+#endif /* WITHOUT_ED25519 */
diff -pur old/fe25519.h new/fe25519.h
---- old/fe25519.h 2013-12-17 22:48:11.000000000 -0800
-+++ new/fe25519.h 2015-04-10 02:43:51.159633614 -0700
-@@ -9,6 +9,8 @@
+--- old/fe25519.h
++++ new/fe25519.h
+@@ -8,6 +8,7 @@
+
#ifndef FE25519_H
#define FE25519_H
++#ifndef WITHOUT_ED25519
-+#ifndef WITHOUT_ED25519
-+
#include "crypto_api.h"
- #define fe25519 crypto_sign_ed25519_ref_fe25519
-@@ -67,4 +69,5 @@ void fe25519_invert(fe25519 *r, const fe
+@@ -67,4 +68,5 @@ void fe25519_invert(fe25519 *r, const fe
void fe25519_pow2523(fe25519 *r, const fe25519 *x);
+#endif /* WITHOUT_ED25519 */
#endif
diff -pur old/ge25519.c new/ge25519.c
---- old/ge25519.c 2014-01-16 17:43:44.000000000 -0800
-+++ new/ge25519.c 2015-04-10 02:43:51.160002884 -0700
-@@ -6,6 +6,8 @@
- * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c
+--- old/ge25519.c
++++ new/ge25519.c
+@@ -7,6 +7,7 @@
*/
+ #include "includes.h"
+#ifndef WITHOUT_ED25519
-+
- #include "includes.h"
#include "fe25519.h"
-@@ -319,3 +321,5 @@ void ge25519_scalarmult_base(ge25519_p3
+ #include "sc25519.h"
+@@ -319,3 +320,4 @@ void ge25519_scalarmult_base(ge25519_p3
ge25519_mixadd2(r, &t);
}
}
-+
+#endif /* WITHOUT_ED25519 */
diff -pur old/ge25519.h new/ge25519.h
---- old/ge25519.h 2013-12-17 22:48:11.000000000 -0800
-+++ new/ge25519.h 2015-04-10 02:43:51.160283095 -0700
+--- old/ge25519.h
++++ new/ge25519.h
@@ -8,6 +8,7 @@
#ifndef GE25519_H
@@ -162,22 +158,24 @@
+#endif /* WITHOUT_ED25519 */
#endif
diff -pur old/kex.c new/kex.c
---- old/kex.c 2014-01-25 14:38:04.000000000 -0800
-+++ new/kex.c 2015-04-10 02:43:51.160754653 -0700
-@@ -87,7 +87,7 @@ static const struct kexalg kexalgs[] = {
- # endif
- #endif
- { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
--#ifdef HAVE_EVP_SHA256
-+#if defined(HAVE_EVP_SHA256) && !defined(WITHOUT_ED25519)
+--- old/kex.c
++++ new/kex.c
+@@ -96,9 +96,11 @@ static const struct kexalg kexalgs[] = {
+ # endif /* OPENSSL_HAS_NISTP521 */
+ #endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
- #endif
- { NULL, -1, -1, -1},
-Only in new: kex.c.orig
+ #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
++#endif /* WITHOUT_ED25519 */
+ #ifdef GSSAPI
+ { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
+ { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
diff -pur old/kex.h new/kex.h
---- old/kex.h 2014-01-25 14:37:26.000000000 -0800
-+++ new/kex.h 2015-04-10 02:47:29.726358404 -0700
-@@ -43,7 +43,9 @@
+--- old/kex.h
++++ new/kex.h
+@@ -58,13 +58,17 @@
#define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
#define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
@@ -187,584 +185,190 @@
#define COMP_NONE 0
#define COMP_ZLIB 1
-@@ -75,7 +77,9 @@ enum kex_exchange {
+ #define COMP_DELAYED 2
+
++#ifndef WITHOUT_ED25519
+ #define CURVE25519_SIZE 32
++#endif /* WITHOUT_ED25519 */
+
+ enum kex_init_proposals {
+ PROPOSAL_KEX_ALGS,
+@@ -92,7 +96,9 @@ enum kex_exchange {
KEX_DH_GEX_SHA1,
KEX_DH_GEX_SHA256,
KEX_ECDH_SHA2,
+#ifndef WITHOUT_ED25519
KEX_C25519_SHA256,
+#endif /* WITHOUT_ED25519 */
- KEX_MAX
+ KEX_GSS_GRP1_SHA1,
+ KEX_GSS_GRP14_SHA1,
+ KEX_GSS_GEX_SHA1,
+@@ -161,8 +167,10 @@ struct kex {
+ u_int min, max, nbits; /* GEX */
+ EC_KEY *ec_client_key; /* ECDH */
+ const EC_GROUP *ec_group; /* ECDH */
++#ifndef WITHOUT_ED25519
+ u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
+ u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
++#endif /* WITHOUT_ED25519 */
};
-@@ -165,8 +169,10 @@ void kexgex_client(Kex *);
- void kexgex_server(Kex *);
- void kexecdh_client(Kex *);
- void kexecdh_server(Kex *);
+ int kex_names_valid(const char *);
+@@ -191,8 +199,10 @@ int kexgex_client(struct ssh *);
+ int kexgex_server(struct ssh *);
+ int kexecdh_client(struct ssh *);
+ int kexecdh_server(struct ssh *);
+#ifndef WITHOUT_ED25519
- void kexc25519_client(Kex *);
- void kexc25519_server(Kex *);
+ int kexc25519_client(struct ssh *);
+ int kexc25519_server(struct ssh *);
+#endif /* WITHOUT_ED25519 */
+ #ifdef GSSAPI
+ int kexgss_client(struct ssh *);
+ int kexgss_server(struct ssh *);
+@@ -213,6 +223,7 @@ int kex_ecdh_hash(int, const EC_GROUP *,
+ const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+ const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
- void
- kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
-@@ -181,6 +187,7 @@ kex_ecdh_hash(int, const EC_GROUP *, cha
- char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
- const BIGNUM *, u_char **, u_int *);
- #endif
+#ifndef WITHOUT_ED25519
- void
- kex_c25519_hash(int, char *, char *, char *, int,
- char *, int, u_char *, int, const u_char *, const u_char *,
-@@ -194,6 +201,7 @@ void kexc25519_shared_key(const u_char k
- const u_char pub[CURVE25519_SIZE], Buffer *out)
+ int kex_c25519_hash(int, const char *, const char *, const char *, size_t,
+ const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,
+ const u_char *, size_t, u_char *, size_t *);
+@@ -224,6 +235,7 @@ int kexc25519_shared_key(const u_char ke
+ const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
+#endif /* WITHOUT_ED25519 */
- void
+ int
derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
-Only in new: kex.h.orig
-Only in new: kex.h.rej
diff -pur old/kexc25519.c new/kexc25519.c
---- old/kexc25519.c 2014-01-12 00:21:23.000000000 -0800
-+++ new/kexc25519.c 2015-04-10 02:43:51.161993727 -0700
-@@ -25,6 +25,8 @@
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
+--- old/kexc25519.c
++++ new/kexc25519.c
+@@ -27,6 +27,7 @@
+
+ #include "includes.h"
+#ifndef WITHOUT_ED25519
-+
- #include "includes.h"
+ #include <sys/types.h>
- #include <sys/types.h>
-@@ -120,3 +122,5 @@ kex_c25519_hash(
- *hash = digest;
- *hashlen = ssh_digest_bytes(hash_alg);
+ #include <signal.h>
+@@ -131,3 +132,4 @@ kex_c25519_hash(
+ #endif
+ return 0;
}
-+
+#endif /* WITHOUT_ED25519 */
diff -pur old/kexc25519c.c new/kexc25519c.c
---- old/kexc25519c.c 2014-01-12 00:21:23.000000000 -0800
-+++ new/kexc25519c.c 2015-04-10 02:43:51.162319004 -0700
-@@ -25,6 +25,8 @@
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
+--- old/kexc25519c.c
++++ new/kexc25519c.c
+@@ -27,6 +27,7 @@
-+#ifndef WITHOUT_ED25519
-+
#include "includes.h"
++#ifndef WITHOUT_ED25519
#include <sys/types.h>
-@@ -127,3 +129,5 @@ kexc25519_client(Kex *kex)
- buffer_free(&shared_secret);
- kex_finish(kex);
+
+ #include <stdio.h>
+@@ -168,3 +169,4 @@ out:
+ sshbuf_free(shared_secret);
+ return r;
}
-+
+#endif /* WITHOUT_ED25519 */
diff -pur old/kexc25519s.c new/kexc25519s.c
---- old/kexc25519s.c 2014-01-12 00:21:23.000000000 -0800
-+++ new/kexc25519s.c 2015-04-10 02:43:51.162628310 -0700
-@@ -24,6 +24,8 @@
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
+--- old/kexc25519s.c
++++ new/kexc25519s.c
+@@ -26,6 +26,8 @@
+
+ #include "includes.h"
+#ifndef WITHOUT_ED25519
+
- #include "includes.h"
-
#include <sys/types.h>
-@@ -124,3 +126,5 @@ kexc25519_server(Kex *kex)
- buffer_free(&shared_secret);
- kex_finish(kex);
+ #include <stdio.h>
+ #include <string.h>
+@@ -157,3 +159,4 @@ out:
+ sshbuf_free(shared_secret);
+ return r;
}
-+
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/key.c new/key.c
---- old/key.c 2014-01-09 15:58:53.000000000 -0800
-+++ new/key.c 2015-04-10 02:48:40.602200617 -0700
-@@ -89,8 +89,10 @@ key_new(int type)
- k->dsa = NULL;
- k->rsa = NULL;
- k->cert = NULL;
-+#ifndef WITHOUT_ED25519
- k->ed25519_sk = NULL;
- k->ed25519_pk = NULL;
-+#endif /* WITHOUT_ED25519 */
- switch (k->type) {
- case KEY_RSA1:
- case KEY_RSA:
-@@ -125,10 +127,12 @@ key_new(int type)
- /* Cannot do anything until we know the group */
- break;
- #endif
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- /* no need to prealloc */
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-@@ -173,10 +177,12 @@ key_add_private(Key *k)
- case KEY_ECDSA_CERT:
- /* Cannot do anything until we know the group */
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- /* no need to prealloc */
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-@@ -239,6 +245,7 @@ key_free(Key *k)
- k->ecdsa = NULL;
- break;
- #endif
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- if (k->ed25519_pk) {
-@@ -252,6 +259,7 @@ key_free(Key *k)
- k->ed25519_sk = NULL;
- }
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-@@ -333,10 +341,12 @@ key_equal_public(const Key *a, const Key
- BN_CTX_free(bnctx);
- return 1;
- #endif /* OPENSSL_HAS_ECC */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
- memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
-+#endif /* WITHOUT_ED25519 */
- default:
- fatal("key_equal: bad key type %d", a->type);
- }
-@@ -392,7 +402,9 @@ key_fingerprint_raw(const Key *k, enum f
- case KEY_DSA:
- case KEY_ECDSA:
- case KEY_RSA:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- key_to_blob(k, &blob, &len);
- break;
- case KEY_DSA_CERT_V00:
-@@ -400,7 +412,9 @@ key_fingerprint_raw(const Key *k, enum f
- case KEY_DSA_CERT:
- case KEY_ECDSA_CERT:
- case KEY_RSA_CERT:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- /* We want a fingerprint of the _key_ not of the cert */
- to_blob(k, &blob, &len, 1);
- break;
-@@ -728,13 +742,17 @@ key_read(Key *ret, char **cpp)
- case KEY_RSA:
- case KEY_DSA:
- case KEY_ECDSA:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- case KEY_DSA_CERT_V00:
- case KEY_RSA_CERT_V00:
- case KEY_DSA_CERT:
- case KEY_ECDSA_CERT:
- case KEY_RSA_CERT:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- space = strchr(cp, ' ');
- if (space == NULL) {
- debug3("key_read: missing whitespace");
-@@ -836,6 +854,7 @@ key_read(Key *ret, char **cpp)
- #endif
- }
- #endif
-+#ifndef WITHOUT_ED25519
- if (key_type_plain(ret->type) == KEY_ED25519) {
- free(ret->ed25519_pk);
- ret->ed25519_pk = k->ed25519_pk;
-@@ -844,6 +863,7 @@ key_read(Key *ret, char **cpp)
- /* XXX */
- #endif
- }
-+#endif /* WITHOUT_ED25519 */
- success = 1;
- /*XXXX*/
- key_free(k);
-@@ -907,11 +927,13 @@ key_write(const Key *key, FILE *f)
- return 0;
- break;
- #endif
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- if (key->ed25519_pk == NULL)
- return 0;
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_RSA:
- case KEY_RSA_CERT_V00:
- case KEY_RSA_CERT:
-@@ -959,7 +981,9 @@ static const struct keytype keytypes[] =
- { NULL, "RSA1", KEY_RSA1, 0, 0 },
- { "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
- { "ssh-dss", "DSA", KEY_DSA, 0, 0 },
-+#ifndef WITHOUT_ED25519
- { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },
-+#endif /* WITHOUT_ED25519 */
- #ifdef OPENSSL_HAS_ECC
- { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },
- { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },
-@@ -983,8 +1007,10 @@ static const struct keytype keytypes[] =
- KEY_RSA_CERT_V00, 0, 1 },
- { "[email protected]", "DSA-CERT-V00",
- KEY_DSA_CERT_V00, 0, 1 },
-+#ifndef WITHOUT_ED25519
- { "[email protected]", "ED25519-CERT",
- KEY_ED25519_CERT, 0, 1 },
-+#endif /* WITHOUT_ED25519 */
- { NULL, NULL, -1, -1, 0 }
- };
-
-@@ -1096,7 +1122,9 @@ key_type_is_valid_ca(int type)
- case KEY_RSA:
- case KEY_DSA:
- case KEY_ECDSA:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- return 1;
- default:
- return 0;
-@@ -1116,8 +1144,10 @@ key_size(const Key *k)
- case KEY_DSA_CERT_V00:
- case KEY_DSA_CERT:
- return BN_num_bits(k->dsa->p);
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- return 256; /* XXX */
-+#endif /* WITHOUT_ED25519 */
- #ifdef OPENSSL_HAS_ECC
- case KEY_ECDSA:
- case KEY_ECDSA_CERT:
-@@ -1261,11 +1291,13 @@ key_generate(int type, u_int bits)
- case KEY_RSA1:
- k->rsa = rsa_generate_private_key(bits);
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- k->ed25519_pk = xmalloc(ED25519_PK_SZ);
- k->ed25519_sk = xmalloc(ED25519_SK_SZ);
- crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
- break;
+#endif /* WITHOUT_ED25519 */
- case KEY_RSA_CERT_V00:
- case KEY_DSA_CERT_V00:
- case KEY_RSA_CERT:
-@@ -1359,6 +1391,7 @@ key_from_private(const Key *k)
- (BN_copy(n->rsa->e, k->rsa->e) == NULL))
- fatal("key_from_private: BN_copy failed");
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- n = key_new(k->type);
-@@ -1367,6 +1400,7 @@ key_from_private(const Key *k)
- memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
- }
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- fatal("key_from_private: unknown type %d", k->type);
- break;
-@@ -1628,6 +1662,7 @@ key_from_blob2(const u_char *blob, u_int
- #endif
- break;
- #endif /* OPENSSL_HAS_ECC */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- (void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */
- /* FALLTHROUGH */
-@@ -1645,6 +1680,7 @@ key_from_blob2(const u_char *blob, u_int
- key->ed25519_pk = pk;
- pk = NULL;
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- key = key_new(type);
- break;
-@@ -1699,7 +1735,9 @@ to_blob(const Key *key, u_char **blobp,
- case KEY_DSA_CERT:
- case KEY_ECDSA_CERT:
- case KEY_RSA_CERT:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- /* Use the existing blob */
- buffer_append(&b, buffer_ptr(&key->cert->certblob),
- buffer_len(&key->cert->certblob));
-@@ -1727,11 +1765,13 @@ to_blob(const Key *key, u_char **blobp,
- buffer_put_bignum2(&b, key->rsa->e);
- buffer_put_bignum2(&b, key->rsa->n);
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- buffer_put_cstring(&b,
- key_ssh_name_from_type_nid(type, key->ecdsa_nid));
- buffer_put_string(&b, key->ed25519_pk, ED25519_PK_SZ);
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- error("key_to_blob: unsupported key type %d", key->type);
- buffer_free(&b);
-@@ -1775,9 +1815,11 @@ key_sign(
- case KEY_RSA_CERT:
- case KEY_RSA:
- return ssh_rsa_sign(key, sigp, lenp, data, datalen);
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- return ssh_ed25519_sign(key, sigp, lenp, data, datalen);
-+#endif /* WITHOUT_ED25519 */
- default:
- error("key_sign: invalid key type %d", key->type);
- return -1;
-@@ -1811,9 +1853,11 @@ key_verify(
- case KEY_RSA_CERT:
- case KEY_RSA:
- return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- return ssh_ed25519_verify(key, signature, signaturelen, data, datalen);
-+#endif /* WITHOUT_ED25519 */
- default:
- error("key_verify: invalid key type %d", key->type);
- return -1;
-@@ -1833,8 +1877,10 @@ key_demote(const Key *k)
- pk->dsa = NULL;
- pk->ecdsa = NULL;
- pk->rsa = NULL;
-+#ifndef WITHOUT_ED25519
- pk->ed25519_pk = NULL;
- pk->ed25519_sk = NULL;
-+#endif /* WITHOUT_ED25519 */
-
- switch (k->type) {
- case KEY_RSA_CERT_V00:
-@@ -1878,6 +1924,7 @@ key_demote(const Key *k)
- fatal("key_demote: EC_KEY_set_public_key failed");
- break;
- #endif
+diff -pur old/monitor.c new/monitor.c
+--- old/monitor.c
++++ new/monitor.c
+@@ -1941,7 +1941,9 @@ monitor_apply_keystate(struct monitor *p
+ kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ # endif
+ #endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- key_cert_copy(k, pk);
- /* FALLTHROUGH */
-@@ -1887,6 +1934,7 @@ key_demote(const Key *k)
- memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
- }
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- fatal("key_demote: bad key type %d", k->type);
- break;
-@@ -1916,8 +1964,10 @@ key_type_plain(int type)
- return KEY_DSA;
- case KEY_ECDSA_CERT:
- return KEY_ECDSA;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- return KEY_ED25519;
-+#endif /* WITHOUT_ED25519 */
- default:
- return type;
- }
-@@ -1943,6 +1993,7 @@ key_to_certified(Key *k, int legacy)
- k->cert = cert_new();
- k->type = KEY_ECDSA_CERT;
- return 0;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- if (legacy)
- fatal("%s: legacy ED25519 certificates are not "
-@@ -1950,6 +2001,7 @@ key_to_certified(Key *k, int legacy)
- k->cert = cert_new();
- k->type = KEY_ED25519_CERT;
- return 0;
-+#endif /* WITHOUT_ED25519 */
- default:
- error("%s: key has incorrect type %s", __func__, key_type(k));
- return -1;
-@@ -2028,10 +2080,12 @@ key_certify(Key *k, Key *ca)
- buffer_put_bignum2(&k->cert->certblob, k->rsa->e);
- buffer_put_bignum2(&k->cert->certblob, k->rsa->n);
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- buffer_put_string(&k->cert->certblob,
- k->ed25519_pk, ED25519_PK_SZ);
- break;
+ kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+#endif /* WITHOUT_ED25519 */
- default:
- error("%s: key has incorrect type %s", __func__, key_type(k));
- buffer_clear(&k->cert->certblob);
-@@ -2449,6 +2503,7 @@ key_private_serialize(const Key *key, Bu
- buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));
- break;
- #endif /* OPENSSL_HAS_ECC */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
- buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
-@@ -2461,6 +2516,7 @@ key_private_serialize(const Key *key, Bu
- buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
- buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
- break;
-+#endif /* WITHOUT_ED25519 */
- }
- }
-
-@@ -2575,6 +2631,7 @@ key_private_deserialize(Buffer *blob)
- buffer_get_bignum2(blob, k->rsa->p);
- buffer_get_bignum2(blob, k->rsa->q);
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- k = key_new_private(type);
- k->ed25519_pk = buffer_get_string(blob, &pklen);
-@@ -2601,6 +2658,7 @@ key_private_deserialize(Buffer *blob)
- fatal("%s: ed25519 sklen %d != %d",
- __func__, sklen, ED25519_SK_SZ);
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- free(type_name);
- buffer_clear(blob);
-Only in new: key.c.orig
-Only in new: key.c.rej
-diff -pur old/key.h new/key.h
---- old/key.h 2014-01-09 15:58:53.000000000 -0800
-+++ new/key.h 2015-04-10 02:43:51.166553603 -0700
-@@ -39,11 +39,15 @@ enum types {
- KEY_RSA,
- KEY_DSA,
- KEY_ECDSA,
-+#ifndef WITHOUT_ED25519
- KEY_ED25519,
-+#endif /* WITHOUT_ED25519 */
- KEY_RSA_CERT,
- KEY_DSA_CERT,
- KEY_ECDSA_CERT,
-+#ifndef WITHOUT_ED25519
- KEY_ED25519_CERT,
-+#endif /* WITHOUT_ED25519 */
- KEY_RSA_CERT_V00,
- KEY_DSA_CERT_V00,
- KEY_UNSPEC
-@@ -88,12 +92,16 @@ struct Key {
- void *ecdsa;
+ #ifdef GSSAPI
+ if (options.gss_keyex) {
+ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+diff -pur old/myproposal.h new/myproposal.h
+--- old/myproposal.h
++++ new/myproposal.h
+@@ -59,6 +59,20 @@
+ # define HOSTKEY_ECDSA_METHODS
#endif
- struct KeyCert *cert;
-+#ifndef WITHOUT_ED25519
- u_char *ed25519_sk;
- u_char *ed25519_pk;
-+#endif /* WITHOUT_ED25519 */
- };
+#ifndef WITHOUT_ED25519
- #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
- #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
-+#endif /* WITHOUT_ED25519 */
-
- Key *key_new(int);
- void key_add_private(Key *);
-@@ -152,8 +160,10 @@ int ssh_ecdsa_sign(const Key *, u_char
- int ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
- int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
- int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
-+#ifndef WITHOUT_ED25519
- int ssh_ed25519_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
- int ssh_ed25519_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
++# if defined(WITH_OPENSSL) && defined(HAVE_EVP_SHA256)
++# define KEX_CURVE25519_METHODS "[email protected],"
++# else
++# define KEX_CURVE25519_METHODS
++# endif
++# define HOSTKEY_CURVE25519_CERT_METHODS "[email protected],"
++# define HOSTKEY_CURVE25519_METHODS "ssh-ed25519,"
++#else
++# define KEX_CURVE25519_METHODS
++# define HOSTKEY_CURVE25519_CERT_METHODS
++# define HOSTKEY_CURVE25519_METHODS
+#endif /* WITHOUT_ED25519 */
-
- #if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK))
- void key_dump_ec_point(const EC_GROUP *, const EC_POINT *);
-Only in new: key.h.orig
-diff -pur old/monitor.c new/monitor.c
---- old/monitor.c 2015-04-10 02:43:51.067342317 -0700
-+++ new/monitor.c 2015-04-10 02:49:10.399820034 -0700
-@@ -1887,7 +1887,9 @@ mm_get_kex(Buffer *m)
- kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
- kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
- kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
-+#ifndef WITHOUT_ED25519
- kex->kex[KEX_C25519_SHA256] = kexc25519_server;
-+#endif /* WITHOUT_ED25519 */
- kex->server = 1;
- kex->hostkey_type = buffer_get_int(m);
- kex->kex_type = buffer_get_int(m);
-Only in new: monitor.c.orig
-Only in new: monitor.c.rej
-diff -pur old/myproposal.h new/myproposal.h
---- old/myproposal.h 2013-12-06 16:24:02.000000000 -0800
-+++ new/myproposal.h 2015-04-10 02:43:51.168744484 -0700
-@@ -80,6 +80,24 @@
- # define SHA2_HMAC_MODES
++
+ #ifdef OPENSSL_HAVE_EVPGCM
+ # define AESGCM_CIPHER_MODES \
+ ",[email protected],[email protected]"
+@@ -78,11 +92,6 @@
#endif
-+#ifdef WITHOUT_ED25519
-+# define KEX_DEFAULT_KEX \
-+ KEX_ECDH_METHODS \
-+ KEX_SHA256_METHODS \
-+ "diffie-hellman-group-exchange-sha1," \
-+ "diffie-hellman-group14-sha1," \
-+ "diffie-hellman-group1-sha1"
-+
-+#define KEX_DEFAULT_PK_ALG \
-+ HOSTKEY_ECDSA_CERT_METHODS \
-+ "[email protected]," \
-+ "[email protected]," \
-+ "[email protected]," \
-+ "[email protected]," \
-+ HOSTKEY_ECDSA_METHODS \
-+ "ssh-rsa," \
-+ "ssh-dss"
-+#else /* WITHOUT_ED25519 */
- # define KEX_DEFAULT_KEX \
+ #ifdef WITH_OPENSSL
+-# ifdef HAVE_EVP_SHA256
+-# define KEX_CURVE25519_METHODS "[email protected],"
+-# else
+-# define KEX_CURVE25519_METHODS ""
+-# endif
+ #define KEX_COMMON_KEX \
KEX_CURVE25519_METHODS \
KEX_ECDH_METHODS \
-@@ -99,6 +117,7 @@
- "ssh-ed25519," \
- "ssh-rsa," \
- "ssh-dss"
-+#endif /* WITHOUT_ED25519 */
+@@ -97,10 +106,10 @@
+
+ #define KEX_DEFAULT_PK_ALG \
+ HOSTKEY_ECDSA_CERT_METHODS \
+- "[email protected]," \
++ HOSTKEY_CURVE25519_CERT_METHODS \
+ "[email protected]," \
+ HOSTKEY_ECDSA_METHODS \
+- "ssh-ed25519," \
++ HOSTKEY_CURVE25519_METHODS \
+ "ssh-rsa" \
/* the actual algorithms */
-
-diff -pur old/openbsd-compat/Makefile.in new/openbsd-compat/Makefile.in
---- old/openbsd-compat/Makefile.in 2013-12-06 17:37:54.000000000 -0800
-+++ new/openbsd-compat/Makefile.in 2015-04-10 02:43:51.169041778 -0700
-@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
+@@ -141,10 +150,10 @@
+ #else
- OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o
-
--COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
-+COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
-
- PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
-
+ #define KEX_SERVER_KEX \
+- "[email protected]"
++ KEX_CURVE25519_METHODS
+ #define KEX_DEFAULT_PK_ALG \
+- "[email protected]," \
+- "ssh-ed25519"
++ HOSTKEY_CURVE25519_CERT_METHODS \
++ HOSTKEY_CURVE25519_METHODS
+ #define KEX_SERVER_ENCRYPT \
+ "[email protected]," \
+ "aes128-ctr,aes192-ctr,aes256-ctr"
+diff -pur old/openbsd-compat/Makefile.in new/openbsd-compat/Makefile.in
+--- old/openbsd-compat/Makefile.in
++++ new/openbsd-compat/Makefile.in
@@ -32,7 +32,7 @@ $(OPENBSD): ../config.h
$(PORTS): ../config.h
@@ -775,8 +379,8 @@
clean:
diff -pur old/pathnames.h new/pathnames.h
---- old/pathnames.h 2013-12-06 16:24:02.000000000 -0800
-+++ new/pathnames.h 2015-04-10 02:43:51.169362243 -0700
+--- old/pathnames.h
++++ new/pathnames.h
@@ -39,7 +39,9 @@
#define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key"
#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key"
@@ -798,9 +402,9 @@
/*
* Configuration file in user's home directory. This file need not be
diff -pur old/readconf.c new/readconf.c
---- old/readconf.c 2015-04-10 02:43:51.075573457 -0700
-+++ new/readconf.c 2015-04-10 02:43:51.170150446 -0700
-@@ -1702,8 +1702,10 @@ fill_default_options(Options * options)
+--- old/readconf.c
++++ new/readconf.c
+@@ -1846,8 +1846,10 @@ fill_default_options(Options * options)
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_ECDSA, 0);
#endif
@@ -811,46 +415,10 @@
}
}
if (options->escape_char == -1)
-Only in new: readconf.c.orig
-diff -pur old/sc25519.c new/sc25519.c
---- old/sc25519.c 2014-01-16 17:43:44.000000000 -0800
-+++ new/sc25519.c 2015-04-10 02:43:51.170631841 -0700
-@@ -6,6 +6,8 @@
- * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c
- */
-
-+#ifndef WITHOUT_ED25519
-+
- #include "includes.h"
-
- #include "sc25519.h"
-@@ -306,3 +308,5 @@ void sc25519_2interleave2(unsigned char
- r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2);
- r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2);
- }
-+
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/sc25519.h new/sc25519.h
---- old/sc25519.h 2013-12-17 22:48:11.000000000 -0800
-+++ new/sc25519.h 2015-04-10 02:43:51.170901036 -0700
-@@ -8,6 +8,7 @@
-
- #ifndef SC25519_H
- #define SC25519_H
-+#ifndef WITHOUT_ED25519
-
- #include "crypto_api.h"
-
-@@ -77,4 +78,5 @@ void sc25519_window5(signed char r[51],
-
- void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
-
-+#endif /* WITHOUT_ED25519 */
- #endif
diff -pur old/servconf.c new/servconf.c
---- old/servconf.c 2015-04-10 02:43:51.086374994 -0700
-+++ new/servconf.c 2015-04-10 02:43:51.171761969 -0700
-@@ -189,8 +189,10 @@ fill_default_server_options(ServerOption
+--- old/servconf.c
++++ new/servconf.c
+@@ -222,8 +222,10 @@ fill_default_server_options(ServerOption
options->host_key_files[options->num_host_key_files++] =
_PATH_HOST_ECDSA_KEY_FILE;
#endif
@@ -861,10 +429,9 @@
}
}
/* No certificates by default */
-Only in new: servconf.c.orig
diff -pur old/smult_curve25519_ref.c new/smult_curve25519_ref.c
---- old/smult_curve25519_ref.c 2013-11-03 13:26:53.000000000 -0800
-+++ new/smult_curve25519_ref.c 2015-04-10 02:43:51.172253244 -0700
+--- old/smult_curve25519_ref.c
++++ new/smult_curve25519_ref.c
@@ -6,6 +6,8 @@ Public domain.
Derived from public domain code by D. J. Bernstein.
*/
@@ -874,98 +441,23 @@
int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *);
static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
-@@ -263,3 +265,5 @@ int crypto_scalarmult_curve25519(unsigne
+@@ -263,3 +265,4 @@ int crypto_scalarmult_curve25519(unsigne
for (i = 0;i < 32;++i) q[i] = work[64 + i];
return 0;
}
-+
+#endif /* WITHOUT_ED25519 */
diff -pur old/ssh-add.0 new/ssh-add.0
---- old/ssh-add.0 2014-01-29 17:52:47.000000000 -0800
-+++ new/ssh-add.0 2015-04-10 02:43:51.172577448 -0700
+--- old/ssh-add.0
++++ new/ssh-add.0
@@ -11,7 +11,7 @@ SYNOPSIS
DESCRIPTION
ssh-add adds private key identities to the authentication agent,
ssh-agent(1). When run without arguments, it adds the files
- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
-+ ~/.ssh/id_rsa, ~/.ssh/id_dsa and
++ ~/.ssh/id_rsa, ~/.ssh/id_dsa, and
~/.ssh/identity. After loading a private key, ssh-add will try to load
corresponding certificate information from the filename obtained by
appending -cert.pub to the name of the private key file. Alternative
-@@ -91,14 +91,6 @@ FILES
- Contains the protocol version 2 DSA authentication identity of
- the user.
-
-- ~/.ssh/id_ecdsa
-- Contains the protocol version 2 ECDSA authentication identity of
-- the user.
--
-- ~/.ssh/id_ed25519
-- Contains the protocol version 2 ED25519 authentication identity
-- of the user.
--
- ~/.ssh/id_rsa
- Contains the protocol version 2 RSA authentication identity of
- the user.
-diff -pur old/ssh-add.1 new/ssh-add.1
---- old/ssh-add.1 2013-12-17 22:46:28.000000000 -0800
-+++ new/ssh-add.1 2015-04-10 02:43:51.172897417 -0700
-@@ -57,8 +57,6 @@ adds private key identities to the authe
- When run without arguments, it adds the files
- .Pa ~/.ssh/id_rsa ,
- .Pa ~/.ssh/id_dsa ,
--.Pa ~/.ssh/id_ecdsa ,
--.Pa ~/.ssh/id_ed25519
- and
- .Pa ~/.ssh/identity .
- After loading a private key,
-@@ -168,10 +166,6 @@ socket used to communicate with the agen
- Contains the protocol version 1 RSA authentication identity of the user.
- .It Pa ~/.ssh/id_dsa
- Contains the protocol version 2 DSA authentication identity of the user.
--.It Pa ~/.ssh/id_ecdsa
--Contains the protocol version 2 ECDSA authentication identity of the user.
--.It Pa ~/.ssh/id_ed25519
--Contains the protocol version 2 ED25519 authentication identity of the user.
- .It Pa ~/.ssh/id_rsa
- Contains the protocol version 2 RSA authentication identity of the user.
- .El
-diff -pur old/ssh-add.c new/ssh-add.c
---- old/ssh-add.c 2013-12-28 22:44:07.000000000 -0800
-+++ new/ssh-add.c 2015-04-10 02:43:51.173249822 -0700
-@@ -73,7 +73,9 @@ static char *default_files[] = {
- #ifdef OPENSSL_HAS_ECC
- _PATH_SSH_CLIENT_ID_ECDSA,
- #endif
-+#ifndef WITHOUT_ED25519
- _PATH_SSH_CLIENT_ID_ED25519,
-+#endif /* WITHOUT_ED25519 */
- _PATH_SSH_CLIENT_IDENTITY,
- NULL
- };
-diff -pur old/ssh-agent.0 new/ssh-agent.0
---- old/ssh-agent.0 2014-01-29 17:52:47.000000000 -0800
-+++ new/ssh-agent.0 2015-04-10 02:43:51.173618938 -0700
-@@ -9,7 +9,7 @@ SYNOPSIS
-
- DESCRIPTION
- ssh-agent is a program to hold private keys used for public key
-- authentication (RSA, DSA, ECDSA, ED25519). The idea is that ssh-agent is
-+ authentication (RSA, DSA). The idea is that ssh-agent is
- started in the beginning of an X-session or a login session, and all
- other windows or programs are started as clients to the ssh-agent
- program. Through use of environment variables the agent can be located
-@@ -46,8 +46,8 @@ DESCRIPTION
-
- The agent initially does not have any private keys. Keys are added using
- ssh-add(1). When executed without arguments, ssh-add(1) adds the files
-- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
-- ~/.ssh/identity. If the identity has a passphrase, ssh-add(1) asks for
-+ ~/.ssh/id_rsa, ~/.ssh/id_dsa ~/.ssh/identity.
-+ If the identity has a passphrase, ssh-add(1) asks for
- the passphrase on the terminal if it has one or from a small X11 program
- if running under X11. If neither of these is the case then the
- authentication will fail. It then sends the identity to the agent.
@@ -97,14 +97,6 @@ FILES
Contains the protocol version 2 DSA authentication identity of
the user.
@@ -975,72 +467,107 @@
- the user.
-
- ~/.ssh/id_ed25519
-- Contains the protocol version 2 ED25519 authentication identity
+- Contains the protocol version 2 Ed25519 authentication identity
- of the user.
-
~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of
the user.
-diff -pur old/ssh-agent.1 new/ssh-agent.1
---- old/ssh-agent.1 2013-12-17 22:46:28.000000000 -0800
-+++ new/ssh-agent.1 2015-04-10 02:43:51.173976932 -0700
-@@ -53,7 +53,7 @@
- .Sh DESCRIPTION
- .Nm
- is a program to hold private keys used for public key authentication
--(RSA, DSA, ECDSA, ED25519).
-+(RSA, DSA).
- The idea is that
- .Nm
- is started in the beginning of an X-session or a login session, and
-@@ -114,9 +114,7 @@ When executed without arguments,
- .Xr ssh-add 1
- adds the files
+diff -pur old/ssh-add.1 new/ssh-add.1
+--- old/ssh-add.1
++++ new/ssh-add.1
+@@ -58,8 +58,6 @@ adds private key identities to the authe
+ When run without arguments, it adds the files
.Pa ~/.ssh/id_rsa ,
--.Pa ~/.ssh/id_dsa ,
+ .Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ed25519
-+.Pa ~/.ssh/id_dsa
and
.Pa ~/.ssh/identity .
- If the identity has a passphrase,
-@@ -189,10 +187,6 @@ line terminates.
+ After loading a private key,
+@@ -178,10 +176,6 @@ socket used to communicate with the agen
Contains the protocol version 1 RSA authentication identity of the user.
.It Pa ~/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
-.It Pa ~/.ssh/id_ecdsa
-Contains the protocol version 2 ECDSA authentication identity of the user.
-.It Pa ~/.ssh/id_ed25519
--Contains the protocol version 2 ED25519 authentication identity of the user.
+-Contains the protocol version 2 Ed25519 authentication identity of the user.
.It Pa ~/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
- .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt
+ .El
+diff -pur old/ssh-add.c new/ssh-add.c
+--- old/ssh-add.c
++++ new/ssh-add.c
+@@ -78,7 +78,9 @@ static char *default_files[] = {
+ _PATH_SSH_CLIENT_ID_ECDSA,
+ #endif
+ #endif /* WITH_OPENSSL */
+- _PATH_SSH_CLIENT_ID_ED25519,
++#ifndef WITHOUT_ED25519
++ _PATH_SSH_CLIENT_ID_ED25519,
++#endif /* WITHOUT_ED25519 */
+ #ifdef WITH_SSH1
+ _PATH_SSH_CLIENT_IDENTITY,
+ #endif
+diff -pur old/ssh-agent.0 new/ssh-agent.0
+--- old/ssh-agent.0
++++ new/ssh-agent.0
+@@ -10,7 +10,7 @@ SYNOPSIS
+
+ DESCRIPTION
+ ssh-agent is a program to hold private keys used for public key
+- authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started
++ authentication (RSA, DSA). ssh-agent is usually started
+ in the beginning of an X-session or a login session, and all other
+ windows or programs are started as clients to the ssh-agent program.
+ Through use of environment variables the agent can be located and
+diff -pur old/ssh-agent.1 new/ssh-agent.1
+--- old/ssh-agent.1
++++ new/ssh-agent.1
+@@ -54,7 +54,7 @@
+ .Sh DESCRIPTION
+ .Nm
+ is a program to hold private keys used for public key authentication
+-(RSA, DSA, ECDSA, Ed25519).
++(RSA, DSA).
+ .Nm
+ is usually started in the beginning of an X-session or a login session, and
+ all other windows or programs are started as clients to the ssh-agent
diff -pur old/ssh-ed25519.c new/ssh-ed25519.c
---- old/ssh-ed25519.c 2013-12-06 17:37:54.000000000 -0800
-+++ new/ssh-ed25519.c 2015-04-10 02:43:51.174245635 -0700
-@@ -15,6 +15,8 @@
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
+--- old/ssh-ed25519.c
++++ new/ssh-ed25519.c
+@@ -17,6 +17,8 @@
+
+ #include "includes.h"
+#ifndef WITHOUT_ED25519
+
- #include "includes.h"
+ #include <sys/types.h>
+ #include <limits.h>
- #include <sys/types.h>
-@@ -141,3 +143,5 @@ ssh_ed25519_verify(const Key *key, const
- /* translate return code carefully */
- return (ret == 0) ? 1 : -1;
+@@ -164,3 +166,4 @@ ssh_ed25519_verify(const struct sshkey *
+ free(ktype);
+ return r;
}
-+
+#endif /* WITHOUT_ED25519 */
diff -pur old/ssh-keygen.0 new/ssh-keygen.0
---- old/ssh-keygen.0 2014-01-29 17:52:47.000000000 -0800
-+++ new/ssh-keygen.0 2015-04-10 02:43:51.175019524 -0700
+--- old/ssh-keygen.0
++++ new/ssh-keygen.0
+@@ -4,7 +4,7 @@ NAME
+ ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
+
+ SYNOPSIS
+- ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
++ ssh-keygen [-q] [-b bits] [-t dsa | rsa | rsa1]
+ [-N new_passphrase] [-C comment] [-f output_keyfile]
+ ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
+ ssh-keygen -i [-m key_format] [-f input_keyfile]
@@ -32,7 +32,7 @@ SYNOPSIS
DESCRIPTION
ssh-keygen generates, manages and converts authentication keys for
ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
-- and DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
+- and DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
+ and DSA or RSA keys for use by SSH protocol version 2.
The type of key to be generated is specified with the -t option. If
invoked without any arguments, ssh-keygen will generate an RSA key for
@@ -1059,7 +586,7 @@
The options are as follows:
- -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
-+ -A For each of the key types (rsa1, rsa, and dsa) for
++ -A For each of the key types (rsa1, rsa and dsa) for
which host keys do not exist, generate the host keys with the
default key file path, an empty passphrase, default bits for the
key type, and default comment. This is used by /etc/rc to
@@ -1067,25 +594,25 @@
-a rounds
- When saving a new-format private key (i.e. an ed25519 key or any
-+ When saving a new-format private key (i.e. any
++ When saving a new-format private key (i.e.
SSH protocol 2 key when the -o flag is set), this option
specifies the number of KDF (key derivation function) rounds
used. Higher numbers result in slower passphrase verification
@@ -103,12 +103,7 @@ DESCRIPTION
Specifies the number of bits in the key to create. For RSA keys,
- the minimum size is 768 bits and the default is 2048 bits.
+ the minimum size is 1024 bits and the default is 2048 bits.
Generally, 2048 bits is considered sufficient. DSA keys must be
- exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
- the -b flag determines the key length by selecting from one of
- three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
- use bit lengths other than these three values for ECDSA keys will
-- fail. ED25519 keys have a fixed length and the -b flag will be
+- fail. Ed25519 keys have a fixed length and the -b flag will be
- ignored.
+ exactly 1024 bits as specified by FIPS 186-2.
-C comment
Provides a new comment.
-@@ -274,7 +269,7 @@ DESCRIPTION
+@@ -279,7 +274,7 @@ DESCRIPTION
new OpenSSH format rather than the more compatible PEM format.
The new format has increased resistance to brute-force password
cracking but is not supported by versions of OpenSSH prior to
@@ -1094,54 +621,64 @@
-P passphrase
Provides the (old) passphrase.
-@@ -315,8 +310,8 @@ DESCRIPTION
+@@ -318,9 +313,9 @@ DESCRIPTION
+ Test DH group exchange candidate primes (generated using the -G
+ option) for safety.
- -t type
+- -t dsa | ecdsa | ed25519 | rsa | rsa1
++ -t dsa | rsa | rsa1
Specifies the type of key to create. The possible values are
-- ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'',
-- ``ed25519'', or ``rsa'' for protocol version 2.
-+ ``rsa1'' for protocol version 1 and ``dsa'' or ``rsa'' for
-+ protocol version 2.
+- M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or
++ M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], or
+ M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.
-u Update a KRL. When specified with -k, keys listed via the
- command line are added to the existing KRL rather than a new KRL
-@@ -521,10 +516,8 @@ FILES
+@@ -525,10 +520,8 @@ FILES
contents of this file secret.
~/.ssh/id_dsa
- ~/.ssh/id_ecdsa
- ~/.ssh/id_ed25519
~/.ssh/id_rsa
-- Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+- Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
+ Contains the protocol version 2 DSA or RSA
authentication identity of the user. This file should not be
readable by anyone but the user. It is possible to specify a
passphrase when generating the key; that passphrase will be used
-@@ -534,10 +527,8 @@ FILES
+@@ -538,10 +531,8 @@ FILES
read this file when a login attempt is made.
~/.ssh/id_dsa.pub
- ~/.ssh/id_ecdsa.pub
- ~/.ssh/id_ed25519.pub
~/.ssh/id_rsa.pub
-- Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA public
+- Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public
+ Contains the protocol version 2 DSA or RSA public
key for authentication. The contents of this file should be
added to ~/.ssh/authorized_keys on all machines where the user
wishes to log in using public key authentication. There is no
diff -pur old/ssh-keygen.1 new/ssh-keygen.1
---- old/ssh-keygen.1 2013-12-28 22:47:14.000000000 -0800
-+++ new/ssh-keygen.1 2015-04-10 02:43:51.175831546 -0700
-@@ -140,7 +140,7 @@ generates, manages and converts authenti
+--- old/ssh-keygen.1
++++ new/ssh-keygen.1
+@@ -46,7 +46,7 @@
+ .Nm ssh-keygen
+ .Op Fl q
+ .Op Fl b Ar bits
+-.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
++.Op Fl t Cm dsa | rsa | rsa1
+ .Op Fl N Ar new_passphrase
+ .Op Fl C Ar comment
+ .Op Fl f Ar output_keyfile
+@@ -142,7 +142,7 @@ generates, manages and converts authenti
.Xr ssh 1 .
.Nm
can create RSA keys for use by SSH protocol version 1 and
--DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
+-DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
+DSA or RSA keys for use by SSH protocol version 2.
The type of key to be generated is specified with the
.Fl t
option.
-@@ -168,8 +168,6 @@ with public key authentication runs this
+@@ -170,8 +170,6 @@ with public key authentication runs this
key in
.Pa ~/.ssh/identity ,
.Pa ~/.ssh/id_dsa ,
@@ -1150,27 +687,26 @@
or
.Pa ~/.ssh/id_rsa .
Additionally, the system administrator may use this to generate host keys,
-@@ -217,7 +215,7 @@ should be placed to be activated.
+@@ -219,7 +217,7 @@ should be placed to be activated.
The options are as follows:
.Bl -tag -width Ds
.It Fl A
-For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
-+For each of the key types (rsa1, rsa, dsa)
++For each of the key types (rsa1, rsa and dsa)
for which host keys
do not exist, generate the host keys with the default key file path,
an empty passphrase, default bits for the key type, and default comment.
-@@ -225,8 +223,7 @@ This is used by
+@@ -227,7 +225,7 @@ This is used by
.Pa /etc/rc
to generate new host keys.
.It Fl a Ar rounds
-When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
--2 key when the
-+When saving a new-format private key (i.e. any SSH protocol 2 key when the
++When saving a new-format private key (i.e. SSH protocol
+ 2 key when the
.Fl o
flag is set), this option specifies the number of KDF (key derivation function)
- rounds used.
-@@ -245,15 +242,6 @@ Specifies the number of bits in the key
- For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
+@@ -247,15 +245,6 @@ Specifies the number of bits in the key
+ For RSA keys, the minimum size is 1024 bits and the default is 2048 bits.
Generally, 2048 bits is considered sufficient.
DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
-For ECDSA keys, the
@@ -1179,13 +715,13 @@
-curve sizes: 256, 384 or 521 bits.
-Attempting to use bit lengths other than these three values for ECDSA keys
-will fail.
--ED25519 keys have a fixed length and the
+-Ed25519 keys have a fixed length and the
-.Fl b
-flag will be ignored.
.It Fl C Ar comment
Provides a new comment.
.It Fl c
-@@ -468,7 +456,6 @@ to save SSH protocol 2 private keys usin
+@@ -478,7 +467,6 @@ to save SSH protocol 2 private keys usin
the more compatible PEM format.
The new format has increased resistance to brute-force password cracking
but is not supported by versions of OpenSSH prior to 6.5.
@@ -1193,7 +729,14 @@
.It Fl P Ar passphrase
Provides the (old) passphrase.
.It Fl p
-@@ -520,8 +507,6 @@ The possible values are
+@@ -524,14 +512,12 @@ section for details.
+ Test DH group exchange candidate primes (generated using the
+ .Fl G
+ option) for safety.
+-.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
++.It Fl t Cm dsa | rsa | rsa1
+ Specifies the type of key to create.
+ The possible values are
.Dq rsa1
for protocol version 1 and
.Dq dsa ,
@@ -1202,46 +745,47 @@
or
.Dq rsa
for protocol version 2.
-@@ -800,10 +785,8 @@ where the user wishes to log in using RS
+@@ -810,10 +796,8 @@ where the user wishes to log in using RS
There is no need to keep the contents of this file secret.
.Pp
.It Pa ~/.ssh/id_dsa
-.It Pa ~/.ssh/id_ecdsa
-.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_rsa
--Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+-Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
+Contains the protocol version 2 DSA or RSA
authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
-@@ -816,10 +799,8 @@ but it is offered as the default file fo
+@@ -826,10 +810,8 @@ but it is offered as the default file fo
will read this file when a login attempt is made.
.Pp
.It Pa ~/.ssh/id_dsa.pub
-.It Pa ~/.ssh/id_ecdsa.pub
-.It Pa ~/.ssh/id_ed25519.pub
.It Pa ~/.ssh/id_rsa.pub
--Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+-Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
+Contains the protocol version 2 DSA or RSA
public key for authentication.
The contents of this file should be added to
.Pa ~/.ssh/authorized_keys
diff -pur old/ssh-keygen.c new/ssh-keygen.c
---- old/ssh-keygen.c 2013-12-06 16:24:02.000000000 -0800
-+++ new/ssh-keygen.c 2015-04-10 02:43:51.176894394 -0700
-@@ -197,7 +197,11 @@ type_bits_valid(int type, u_int32_t *bit
- }
+--- old/ssh-keygen.c
++++ new/ssh-keygen.c
+@@ -217,7 +217,11 @@ type_bits_valid(int type, const char *na
+ fatal("key bits exceeds maximum %d", maxbits);
if (type == KEY_DSA && *bitsp != 1024)
fatal("DSA keys must be 1024 bits");
-+#ifdef WITHOUT_ED25519
-+ else if (type != KEY_ECDSA && *bitsp < 768)
-+#else /* WITHOUT_ED25519 */
- else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
+- else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024)
++ else if (type != KEY_ECDSA &&
++#ifndef WITHOUT_ED25519
++ type != KEY_ED25519 &&
+#endif /* WITHOUT_ED25519 */
- fatal("Key must at least be 768 bits");
- else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1)
++ *bitsp < 1024)
+ fatal("Key must at least be 1024 bits");
+ else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
fatal("Invalid ECDSA key length - valid lengths are "
-@@ -233,10 +237,12 @@ ask_filename(struct passwd *pw, const ch
+@@ -252,10 +256,12 @@ ask_filename(struct passwd *pw, const ch
case KEY_RSA:
name = _PATH_SSH_CLIENT_ID_RSA;
break;
@@ -1252,42 +796,54 @@
break;
+#endif /* WITHOUT_ED25519 */
default:
- fprintf(stderr, "bad key type\n");
- exit(1);
-@@ -900,7 +906,9 @@ do_gen_all_hostkeys(struct passwd *pw)
- #ifdef OPENSSL_HAS_ECC
+ fatal("bad key type");
+ }
+@@ -939,7 +945,9 @@ do_gen_all_hostkeys(struct passwd *pw)
{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
- #endif
+ #endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
+- { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
+#ifndef WITHOUT_ED25519
- { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
++ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
+#endif /* WITHOUT_ED25519 */
{ NULL, NULL, NULL }
};
-@@ -1616,7 +1624,10 @@ do_ca_sign(struct passwd *pw, int argc,
- if ((public = key_load_public(tmp, &comment)) == NULL)
- fatal("%s: unable to open \"%s\"", __func__, tmp);
+@@ -1605,7 +1613,10 @@ do_ca_sign(struct passwd *pw, int argc,
+ fatal("%s: unable to open \"%s\": %s",
+ __func__, tmp, ssh_err(r));
if (public->type != KEY_RSA && public->type != KEY_DSA &&
- public->type != KEY_ECDSA && public->type != KEY_ED25519)
+#ifndef WITHOUT_ED25519
-+ public->type != KEY_ED25519 &&
++ public->type != KEY_ED25519 &&
+#endif /* WITHOUT_ED25519 */
+ public->type != KEY_ECDSA)
fatal("%s: key \"%s\" type %s cannot be certified",
- __func__, tmp, key_type(public));
+ __func__, tmp, sshkey_type(public));
+@@ -2502,8 +2513,10 @@ main(int argc, char **argv)
+ _PATH_HOST_DSA_KEY_FILE, rr_hostname);
+ n += do_print_resource_record(pw,
+ _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
++#ifndef WITHOUT_ED25519
+ n += do_print_resource_record(pw,
+ _PATH_HOST_ED25519_KEY_FILE, rr_hostname);
++#endif /* WITHOUT_ED25519 */
+ if (n == 0)
+ fatal("no keys found.");
+ exit(0);
diff -pur old/ssh-keyscan.0 new/ssh-keyscan.0
---- old/ssh-keyscan.0 2014-01-29 17:52:47.000000000 -0800
-+++ new/ssh-keyscan.0 2015-04-10 02:43:51.177179968 -0700
+--- old/ssh-keyscan.0
++++ new/ssh-keyscan.0
@@ -48,9 +48,9 @@ DESCRIPTION
-t type
Specifies the type of the key to fetch from the scanned hosts.
- The possible values are ``rsa1'' for protocol version 1 and
-- ``dsa'', ``ecdsa'', ``ed25519'', or ``rsa'' for protocol version
-+ ``dsa'' or ``rsa'' for protocol version
- 2. Multiple values may be specified by separating them with
-- commas. The default is to fetch ``rsa'' and ``ecdsa'' keys.
-+ commas. The default is to fetch ``rsa'' keys.
+ The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^],
+- M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple
++ or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple
+ values may be specified by separating them with commas. The
+- default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys.
++ default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^] keys.
-v Verbose mode. Causes ssh-keyscan to print debugging messages
about its progress.
@@ -1295,14 +851,14 @@
host-or-namelist bits exponent modulus
-- Output format for rsa, dsa and ecdsa keys:
-+ Output format for rsa and dsa keys:
+- Output format for RSA, DSA, ECDSA, and Ed25519 keys:
++ Output format for RSA, and DSA keys:
host-or-namelist keytype base64-encoded-key
-- Where keytype is either ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'',
-- ``ecdsa-sha2-nistp521'', ``ssh-ed25519'', ``ssh-dss'' or ``ssh-rsa''.
-+ Where keytype is either ``ssh-dss'' or ``ssh-rsa''.
+- Where keytype is either M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^],
+- M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
++ Where keytype is either M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
/etc/ssh/ssh_known_hosts
@@ -1310,43 +866,47 @@
Find all hosts from the file ssh_hosts which have new or different keys
from those in the sorted file ssh_known_hosts:
-- $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \
+- $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \
+ $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \
sort -u - ssh_known_hosts | diff ssh_known_hosts -
SEE ALSO
diff -pur old/ssh-keyscan.1 new/ssh-keyscan.1
---- old/ssh-keyscan.1 2013-12-17 22:46:28.000000000 -0800
-+++ new/ssh-keyscan.1 2015-04-10 02:43:51.177539875 -0700
-@@ -89,16 +89,12 @@ The possible values are
+--- old/ssh-keyscan.1
++++ new/ssh-keyscan.1
+@@ -90,18 +90,13 @@ Specifies the type of the key to fetch f
+ The possible values are
.Dq rsa1
for protocol version 1 and
- .Dq dsa ,
+-.Dq dsa ,
-.Dq ecdsa ,
-.Dq ed25519 ,
++.Dq dsa
or
.Dq rsa
for protocol version 2.
Multiple values may be specified by separating them with commas.
The default is to fetch
- .Dq rsa
+-.Dq rsa ,
+-.Dq ecdsa ,
-and
--.Dq ecdsa
+-.Dq ed25519
++.Dq rsa
keys.
.It Fl v
Verbose mode.
-@@ -127,7 +123,7 @@ attacks which have begun after the ssh_k
+@@ -130,7 +125,7 @@ Output format for RSA1 keys:
host-or-namelist bits exponent modulus
.Ed
.Pp
--.Pa Output format for rsa, dsa and ecdsa keys:
-+.Pa Output format for rsa and dsa keys:
+-Output format for RSA, DSA, ECDSA, and Ed25519 keys:
++Output format for RSA and DSA keys:
.Bd -literal
host-or-namelist keytype base64-encoded-key
.Ed
-@@ -135,10 +131,6 @@ host-or-namelist keytype base64-encoded-
+@@ -138,10 +133,6 @@ host-or-namelist keytype base64-encoded-
Where
- .Pa keytype
+ .Ar keytype
is either
-.Dq ecdsa-sha2-nistp256 ,
-.Dq ecdsa-sha2-nistp384 ,
@@ -1355,61 +915,37 @@
.Dq ssh-dss
or
.Dq ssh-rsa .
-@@ -158,7 +150,7 @@ Find all hosts from the file
+@@ -159,7 +150,7 @@ Find all hosts from the file
which have new or different keys from those in the sorted file
.Pa ssh_known_hosts :
.Bd -literal
--$ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \e
+-$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
+$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
sort -u - ssh_known_hosts | diff ssh_known_hosts -
.Ed
.Sh SEE ALSO
diff -pur old/ssh-keyscan.c new/ssh-keyscan.c
---- old/ssh-keyscan.c 2013-12-06 16:24:02.000000000 -0800
-+++ new/ssh-keyscan.c 2015-04-10 02:43:51.178102053 -0700
-@@ -56,7 +56,9 @@ int ssh_port = SSH_DEFAULT_PORT;
- #define KT_DSA 2
- #define KT_RSA 4
- #define KT_ECDSA 8
-+#ifndef WITHOUT_ED25519
- #define KT_ED25519 16
-+#endif /* WITHOUT_ED25519 */
-
- int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */
-
-@@ -247,9 +249,11 @@ keygrab_ssh2(con *c)
- packet_set_connection(c->c_fd, c->c_fd);
- enable_compat20();
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
-- c->c_keytype == KT_DSA ? "ssh-dss" :
+--- old/ssh-keyscan.c
++++ new/ssh-keyscan.c
+@@ -286,7 +286,9 @@ keygrab_ssh2(con *c)
+ c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+ # endif
+ #endif
+#ifndef WITHOUT_ED25519
-+ c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
+ c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+#endif /* WITHOUT_ED25519 */
- (c->c_keytype == KT_RSA ? "ssh-rsa" :
-- (c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
-+ (c->c_keytype == KT_DSA ? "ssh-dss" :
- "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"));
- c->c_kex = kex_setup(myproposal);
- c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
-@@ -257,7 +261,9 @@ keygrab_ssh2(con *c)
- c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
- c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
- c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
-+#ifndef WITHOUT_ED25519
- c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client;
-+#endif /* WITHOUT_ED25519 */
- c->c_kex->verify_host_key = hostjump;
-
- if (!(j = setjmp(kexjmp))) {
-@@ -575,10 +581,15 @@ do_host(char *host)
+ ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
+ /*
+ * do the key-exchange until an error occurs or until
+@@ -612,10 +614,15 @@ do_host(char *host)
{
char *name = strnnsep(&host, " \t\n");
int j;
-+#ifdef WITHOUT_ED25519
-+ int max_kt = KT_ECDSA;
++#ifndef WITHOUT_ED25519
++ int max_kt = KT_ED25519;
+#else
-+ int max_kt = KT_ED25519;
-+#endif
++ int max_kt = KT_ECDSA;
++#endif /* WITHOUT_ED25519 */
if (name == NULL)
return;
@@ -1418,7 +954,7 @@
if (get_keytypes & j) {
while (ncon >= MAXCON)
conloop();
-@@ -685,9 +696,11 @@ main(int argc, char **argv)
+@@ -719,9 +726,11 @@ main(int argc, char **argv)
case KEY_RSA:
get_keytypes |= KT_RSA;
break;
@@ -1431,8 +967,8 @@
fatal("unknown key type %s", tname);
}
diff -pur old/ssh-keysign.0 new/ssh-keysign.0
---- old/ssh-keysign.0 2014-01-29 17:52:48.000000000 -0800
-+++ new/ssh-keysign.0 2015-04-10 02:43:51.178360839 -0700
+--- old/ssh-keysign.0
++++ new/ssh-keysign.0
@@ -24,8 +24,6 @@ FILES
Controls whether ssh-keysign is enabled.
@@ -1452,8 +988,8 @@
If these files exist they are assumed to contain public
certificate information corresponding with the private keys
diff -pur old/ssh-keysign.8 new/ssh-keysign.8
---- old/ssh-keysign.8 2015-04-10 02:43:51.009217654 -0700
-+++ new/ssh-keysign.8 2015-04-10 02:43:51.178615438 -0700
+--- old/ssh-keysign.8
++++ new/ssh-keysign.8
@@ -62,8 +62,6 @@ Controls whether
is enabled.
.Pp
@@ -1473,22 +1009,19 @@
If these files exist they are assumed to contain public certificate
information corresponding with the private keys above.
diff -pur old/ssh-keysign.c new/ssh-keysign.c
---- old/ssh-keysign.c 2013-12-06 16:24:02.000000000 -0800
-+++ new/ssh-keysign.c 2015-04-10 02:43:51.178924008 -0700
-@@ -150,7 +150,11 @@ main(int argc, char **argv)
+--- old/ssh-keysign.c
++++ new/ssh-keysign.c
+@@ -168,7 +168,7 @@ main(int argc, char **argv)
{
- Buffer b;
+ struct sshbuf *b;
Options options;
-+#ifdef WITHOUT_ED25519
+-#define NUM_KEYTYPES 4
+#define NUM_KEYTYPES 3
-+#else
- #define NUM_KEYTYPES 4
-+#endif
- Key *keys[NUM_KEYTYPES], *key = NULL;
+ struct sshkey *keys[NUM_KEYTYPES], *key = NULL;
struct passwd *pw;
- int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
-@@ -169,7 +173,9 @@ main(int argc, char **argv)
- i = 0;
+ int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
+@@ -190,7 +190,9 @@ main(int argc, char **argv)
+ /* XXX This really needs to read sshd_config for the paths */
key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
+#ifndef WITHOUT_ED25519
@@ -1498,53 +1031,53 @@
original_real_uid = getuid(); /* XXX readconf.c needs this */
diff -pur old/ssh.0 new/ssh.0
---- old/ssh.0 2014-01-29 17:52:47.000000000 -0800
-+++ new/ssh.0 2015-04-10 02:43:51.179753862 -0700
-@@ -142,8 +142,8 @@ DESCRIPTION
+--- old/ssh.0
++++ new/ssh.0
+@@ -140,8 +140,8 @@ DESCRIPTION
-i identity_file
Selects a file from which the identity (private key) for public
key authentication is read. The default is ~/.ssh/identity for
- protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
- ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
-+ protocol version 1, and ~/.ssh/id_dsa, and ~/.ssh/id_rsa for
-+ protocol version 2.
++ protocol version 1, and ~/.ssh/id_dsa
++ and ~/.ssh/id_rsa for protocol version 2.
Identity files may also be specified on a per-host basis in the
configuration file. It is possible to have multiple -i options
(and multiple identities specified in configuration files). ssh
-@@ -446,7 +446,7 @@ AUTHENTICATION
+@@ -463,7 +463,7 @@ AUTHENTICATION
creates a public/private key pair for authentication purposes. The
server knows the public key, and only the user knows the private key.
ssh implements public key authentication protocol automatically, using
-- one of the DSA, ECDSA, ED25519 or RSA algorithms. Protocol 1 is
+- one of the DSA, ECDSA, Ed25519 or RSA algorithms. Protocol 1 is
+ one of the DSA or RSA algorithms. Protocol 1 is
restricted to using only RSA keys, but protocol 2 may use any. The
HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA
algorithms.
-@@ -459,11 +459,9 @@ AUTHENTICATION
+@@ -476,11 +476,9 @@ AUTHENTICATION
The user creates his/her key pair by running ssh-keygen(1). This stores
the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
- 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2
-- ED25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
+- Ed25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
- ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA),
- ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2
-- ED25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
+- Ed25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
+ 2 DSA) or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
+ ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA)
+ or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
directory. The user should then copy the public key to
~/.ssh/authorized_keys in his/her home directory on the remote machine.
The authorized_keys file corresponds to the conventional ~/.rhosts file,
-@@ -799,7 +797,7 @@ FILES
+@@ -825,7 +823,7 @@ FILES
for the user, and not accessible by others.
~/.ssh/authorized_keys
-- Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used
+- Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
+ Lists the public keys (DSA, RSA) that can be used
for logging in as this user. The format of this file is
described in the sshd(8) manual page. This file is not highly
sensitive, but the recommended permissions are read/write for the
-@@ -817,8 +815,6 @@ FILES
+@@ -843,8 +841,6 @@ FILES
~/.ssh/identity
~/.ssh/id_dsa
@@ -1553,7 +1086,7 @@
~/.ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not
-@@ -830,8 +826,6 @@ FILES
+@@ -856,8 +852,6 @@ FILES
~/.ssh/identity.pub
~/.ssh/id_dsa.pub
@@ -1562,7 +1095,7 @@
~/.ssh/id_rsa.pub
Contains the public key for authentication. These files are not
sensitive and can (but need not) be readable by anyone.
-@@ -862,8 +856,6 @@ FILES
+@@ -888,8 +882,6 @@ FILES
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_dsa_key
@@ -1572,58 +1105,60 @@
These files contain the private parts of the host keys and are
used for host-based authentication. If protocol version 1 is
diff -pur old/ssh.1 new/ssh.1
---- old/ssh.1 2013-12-17 22:46:28.000000000 -0800
-+++ new/ssh.1 2015-04-10 02:43:51.180632097 -0700
-@@ -279,8 +279,6 @@ The default is
+--- old/ssh.1
++++ new/ssh.1
+@@ -292,9 +292,7 @@ public key authentication is read.
+ The default is
.Pa ~/.ssh/identity
for protocol version 1, and
- .Pa ~/.ssh/id_dsa ,
+-.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ed25519
++.Pa ~/.ssh/id_dsa
and
.Pa ~/.ssh/id_rsa
for protocol version 2.
-@@ -758,7 +756,7 @@ key pair for authentication purposes.
+@@ -848,7 +846,7 @@ key pair for authentication purposes.
The server knows the public key, and only the user knows the private key.
.Nm
implements public key authentication protocol automatically,
--using one of the DSA, ECDSA, ED25519 or RSA algorithms.
+-using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
+using one of the DSA or RSA algorithms.
Protocol 1 is restricted to using only RSA keys,
but protocol 2 may use any.
The HISTORY section of
-@@ -783,10 +781,6 @@ This stores the private key in
+@@ -873,10 +871,6 @@ This stores the private key in
(protocol 1),
.Pa ~/.ssh/id_dsa
(protocol 2 DSA),
-.Pa ~/.ssh/id_ecdsa
-(protocol 2 ECDSA),
-.Pa ~/.ssh/id_ed25519
--(protocol 2 ED25519),
+-(protocol 2 Ed25519),
or
.Pa ~/.ssh/id_rsa
(protocol 2 RSA)
-@@ -795,10 +789,6 @@ and stores the public key in
+@@ -885,10 +879,6 @@ and stores the public key in
(protocol 1),
.Pa ~/.ssh/id_dsa.pub
(protocol 2 DSA),
-.Pa ~/.ssh/id_ecdsa.pub
-(protocol 2 ECDSA),
-.Pa ~/.ssh/id_ed25519.pub
--(protocol 2 ED25519),
+-(protocol 2 Ed25519),
or
.Pa ~/.ssh/id_rsa.pub
(protocol 2 RSA)
-@@ -1338,7 +1328,7 @@ secret, but the recommended permissions
+@@ -1444,7 +1434,7 @@ secret, but the recommended permissions
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
--Lists the public keys (DSA, ECDSA, ED25519, RSA)
+-Lists the public keys (DSA, ECDSA, Ed25519, RSA)
+Lists the public keys (DSA, RSA)
that can be used for logging in as this user.
The format of this file is described in the
.Xr sshd 8
-@@ -1360,8 +1350,6 @@ above.
+@@ -1466,8 +1456,6 @@ above.
.Pp
.It Pa ~/.ssh/identity
.It Pa ~/.ssh/id_dsa
@@ -1632,7 +1167,7 @@
.It Pa ~/.ssh/id_rsa
Contains the private key for authentication.
These files
-@@ -1375,8 +1363,6 @@ sensitive part of this file using 3DES.
+@@ -1481,8 +1469,6 @@ sensitive part of this file using 3DES.
.Pp
.It Pa ~/.ssh/identity.pub
.It Pa ~/.ssh/id_dsa.pub
@@ -1641,7 +1176,7 @@
.It Pa ~/.ssh/id_rsa.pub
Contains the public key for authentication.
These files are not
-@@ -1415,8 +1401,6 @@ The file format and configuration option
+@@ -1521,8 +1507,6 @@ The file format and configuration option
.Pp
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
@@ -1651,118 +1186,183 @@
These files contain the private parts of the host keys
and are used for host-based authentication.
diff -pur old/ssh.c new/ssh.c
---- old/ssh.c 2013-12-28 22:53:40.000000000 -0800
-+++ new/ssh.c 2015-04-10 02:43:51.181446718 -0700
-@@ -1010,8 +1010,10 @@ main(int ac, char **av)
+--- old/ssh.c
++++ new/ssh.c
+@@ -1233,8 +1233,10 @@ main(int ac, char **av)
+ sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
+ _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
#endif
- sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
- _PATH_HOST_RSA_KEY_FILE, "", NULL);
+#ifndef WITHOUT_ED25519
- sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519,
+ sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519,
_PATH_HOST_ED25519_KEY_FILE, "", NULL);
+#endif /* WITHOUT_ED25519 */
- sensitive_data.keys[5] = key_load_private_type(KEY_DSA,
- _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
- #ifdef OPENSSL_HAS_ECC
-@@ -1020,8 +1022,10 @@ main(int ac, char **av)
+ sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
+ _PATH_HOST_RSA_KEY_FILE, "", NULL);
+ sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
+@@ -1243,8 +1245,10 @@ main(int ac, char **av)
+ sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
+ _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
#endif
- sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
- _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
+#ifndef WITHOUT_ED25519
- sensitive_data.keys[8] = key_load_private_type(KEY_ED25519,
+ sensitive_data.keys[6] = key_load_private_type(KEY_ED25519,
_PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
+#endif /* WITHOUT_ED25519 */
- PRIV_END;
-
- if (options.hostbased_authentication == 1 &&
-@@ -1038,8 +1042,10 @@ main(int ac, char **av)
+ sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
+ _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
+ sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
+@@ -1261,8 +1265,10 @@ main(int ac, char **av)
+ sensitive_data.keys[1] = key_load_cert(
+ _PATH_HOST_ECDSA_KEY_FILE);
#endif
- sensitive_data.keys[3] = key_load_cert(
- _PATH_HOST_RSA_KEY_FILE);
+#ifndef WITHOUT_ED25519
- sensitive_data.keys[4] = key_load_cert(
+ sensitive_data.keys[2] = key_load_cert(
_PATH_HOST_ED25519_KEY_FILE);
+#endif /* WITHOUT_ED25519 */
+ sensitive_data.keys[3] = key_load_cert(
+ _PATH_HOST_RSA_KEY_FILE);
+ sensitive_data.keys[4] = key_load_cert(
+@@ -1271,8 +1277,10 @@ main(int ac, char **av)
sensitive_data.keys[5] = key_load_public(
- _PATH_HOST_DSA_KEY_FILE, NULL);
- #ifdef OPENSSL_HAS_ECC
-@@ -1048,8 +1054,10 @@ main(int ac, char **av)
+ _PATH_HOST_ECDSA_KEY_FILE, NULL);
#endif
++#ifndef WITHOUT_ED25519
+ sensitive_data.keys[6] = key_load_public(
+ _PATH_HOST_ED25519_KEY_FILE, NULL);
++#endif /* WITHOUT_ED25519 */
sensitive_data.keys[7] = key_load_public(
_PATH_HOST_RSA_KEY_FILE, NULL);
+ sensitive_data.keys[8] = key_load_public(
+diff -pur old/ssh_api.c new/ssh_api.c
+--- old/ssh_api.c
++++ new/ssh_api.c
+@@ -109,7 +109,9 @@ ssh_init(struct ssh **sshp, int is_serve
+ ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ # endif
+ #endif /* WITH_OPENSSL */
+#ifndef WITHOUT_ED25519
- sensitive_data.keys[8] = key_load_public(
- _PATH_HOST_ED25519_KEY_FILE, NULL);
+ ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+#endif /* WITHOUT_ED25519 */
- sensitive_data.external_keysign = 1;
- }
+ ssh->kex->load_host_public_key=&_ssh_host_public_key;
+ ssh->kex->load_host_private_key=&_ssh_host_private_key;
+ ssh->kex->sign=&_ssh_host_key_sign;
+@@ -123,7 +125,9 @@ ssh_init(struct ssh **sshp, int is_serve
+ ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+ # endif
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
++#endif /* WITHOUT_ED25519 */
+ ssh->kex->verify_host_key =&_ssh_verify_host_key;
}
+ *sshp = ssh;
diff -pur old/ssh_config.0 new/ssh_config.0
---- old/ssh_config.0 2014-01-29 17:52:48.000000000 -0800
-+++ new/ssh_config.0 2015-04-10 02:43:51.182117645 -0700
-@@ -409,14 +409,9 @@ DESCRIPTION
- client wants to use in order of preference. The default for this
- option is:
+--- old/ssh_config.0
++++ new/ssh_config.0
+@@ -444,13 +444,8 @@ DESCRIPTION
+ specified key types will be appended to the default set instead
+ of replacing them. The default for this option is:
- [email protected],
- [email protected],
- [email protected],
- [email protected],
- [email protected],[email protected],
- [email protected],[email protected],
+ [email protected],
- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa,ssh-dss
-+ ssh-rsa,ssh-dss
+- ssh-ed25519,ssh-rsa
++ ssh-rsa
+
+ The -Q option of ssh(1) may be used to list supported key types.
+
+@@ -461,13 +456,8 @@ DESCRIPTION
+ key types will be appended to the default set instead of
+ replacing them. The default for this option is:
+
+- [email protected],
+- [email protected],
+- [email protected],
+- [email protected],
+ [email protected],
+- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+- ssh-ed25519,ssh-rsa
++ ssh-rsa
If hostkeys are known for the destination host then this default
is modified to prefer their algorithms.
-@@ -446,10 +441,10 @@ DESCRIPTION
- default is ``no''.
+@@ -503,10 +493,10 @@ DESCRIPTION
+ default is M-bM-^@M-^\noM-bM-^@M-^].
IdentityFile
-- Specifies a file from which the user's DSA, ECDSA, ED25519 or RSA
+- Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA
+ Specifies a file from which the user's DSA or RSA
authentication identity is read. The default is ~/.ssh/identity
- for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
- ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
-+ for protocol version 1, and ~/.ssh/id_dsa and ~/.ssh/id_rsa for
-+ protocol version 2.
++ for protocol version 1, and ~/.ssh/id_dsa
++ and ~/.ssh/id_rsa for protocol version 2.
Additionally, any identities represented by the authentication
agent will be used for authentication unless IdentitiesOnly is
set. ssh(1) will try to load certificate information from the
-@@ -509,8 +504,6 @@ DESCRIPTION
- Specifies the available KEX (Key Exchange) algorithms. Multiple
- algorithms must be comma-separated. The default is:
+@@ -569,7 +559,6 @@ DESCRIPTION
+ will be appended to the default set instead of replacing them.
+ The default is:
- [email protected],
-- ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group-exchange-sha1,
- diffie-hellman-group14-sha1,
+@@ -727,13 +716,8 @@ DESCRIPTION
+ types after it will be appended to the default instead of
+ replacing it. The default for this option is:
+
+- [email protected],
+- [email protected],
+- [email protected],
+- [email protected],
+ [email protected],
+- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+- ssh-ed25519,ssh-rsa
++ ssh-rsa
+
+ The -Q option of ssh(1) may be used to list supported key types.
+
diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5 2015-04-10 02:43:51.077725535 -0700
-+++ new/ssh_config.5 2015-04-10 02:43:51.182862658 -0700
-@@ -723,14 +723,9 @@ Specifies the protocol version 2 host ke
- that the client wants to use in order of preference.
+--- old/ssh_config.5
++++ new/ssh_config.5
+@@ -806,13 +806,8 @@ character, then the specified key types
+ instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
- [email protected],[email protected],
- [email protected],[email protected],
+ [email protected],
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
--ssh-ed25519,ssh-rsa,ssh-dss
-+ssh-rsa,ssh-dss
+-ssh-ed25519,ssh-rsa
++ssh-rsa
+ .Ed
+ .Pp
+ The
+@@ -829,13 +824,8 @@ character, then the specified key types
+ instead of replacing them.
+ The default for this option is:
+ .Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
+ [email protected],
+-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,ssh-rsa
++ssh-rsa
.Ed
.Pp
If hostkeys are known for the destination host then this default is modified
-@@ -772,14 +767,12 @@ offers many different identities.
+@@ -890,14 +880,12 @@ offers many different identities.
The default is
.Dq no .
.It Cm IdentityFile
--Specifies a file from which the user's DSA, ECDSA, ED25519 or RSA authentication
+-Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
+Specifies a file from which the user's DSA or RSA authentication
identity is read.
The default is
@@ -1774,20 +1374,33 @@
and
.Pa ~/.ssh/id_rsa
for protocol version 2.
-@@ -892,8 +885,6 @@ Specifies the available KEX (Key Exchang
- Multiple algorithms must be comma-separated.
+@@ -1014,7 +1002,6 @@ character, then the specified methods wi
+ instead of replacing them.
The default is:
.Bd -literal -offset indent
[email protected],
--ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diffie-hellman-group-exchange-sha1,
- diffie-hellman-group14-sha1,
-Only in new: ssh_config.5.orig
+@@ -1259,13 +1246,8 @@ character, then the key types after it w
+ instead of replacing it.
+ The default for this option is:
+ .Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
+ [email protected],
+-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,ssh-rsa
++ssh-rsa
+ .Ed
+ .Pp
+ The
diff -pur old/sshconnect.c new/sshconnect.c
---- old/sshconnect.c 2015-04-10 02:43:51.092987117 -0700
-+++ new/sshconnect.c 2015-04-10 02:43:51.183586425 -0700
-@@ -1325,7 +1325,9 @@ show_other_keys(struct hostkeys *hostkey
+--- old/sshconnect.c
++++ new/sshconnect.c
+@@ -1392,7 +1392,9 @@ show_other_keys(struct hostkeys *hostkey
KEY_RSA,
KEY_DSA,
KEY_ECDSA,
@@ -1797,26 +1410,23 @@
-1
};
int i, ret = 0;
-Only in new: sshconnect.c.orig
diff -pur old/sshconnect2.c new/sshconnect2.c
---- old/sshconnect2.c 2015-04-10 02:43:51.055621784 -0700
-+++ new/sshconnect2.c 2015-04-10 02:49:31.451117756 -0700
-@@ -213,7 +213,9 @@ ssh_kex2(char *host, struct sockaddr *ho
- kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
- kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
+--- old/sshconnect2.c
++++ new/sshconnect2.c
+@@ -247,7 +247,9 @@ ssh_kex2(char *host, struct sockaddr *ho
kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+ # endif
+ #endif
+#ifndef WITHOUT_ED25519
kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+#endif /* WITHOUT_ED25519 */
- kex->client_version_string=client_version_string;
- kex->server_version_string=server_version_string;
- kex->verify_host_key=&verify_host_key_callback;
-Only in new: sshconnect2.c.orig
-Only in new: sshconnect2.c.rej
+ #ifdef GSSAPI
+ if (options.gss_keyex) {
+ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
diff -pur old/sshd.0 new/sshd.0
---- old/sshd.0 2014-01-29 17:52:47.000000000 -0800
-+++ new/sshd.0 2015-04-10 02:43:51.185708016 -0700
-@@ -82,8 +82,7 @@ DESCRIPTION
+--- old/sshd.0
++++ new/sshd.0
+@@ -81,8 +81,7 @@ DESCRIPTION
be given if sshd is not run as root (as the normal host key files
are normally not readable by anyone but root). The default is
/etc/ssh/ssh_host_key for protocol version 1, and
@@ -1826,23 +1436,23 @@
protocol version 2. It is possible to have multiple host key
files for the different protocol versions and host key
algorithms.
-@@ -148,7 +147,7 @@ DESCRIPTION
+@@ -146,7 +145,7 @@ DESCRIPTION
AUTHENTICATION
The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to
use protocol 2 only, though this can be changed via the Protocol option
-- in sshd_config(5). Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
+- in sshd_config(5). Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
+ in sshd_config(5). Protocol 2 supports DSA and RSA keys;
protocol 1 only supports RSA keys. For both protocols, each host has a
host-specific key, normally 2048 bits, used to identify the host.
-@@ -278,15 +277,13 @@ AUTHORIZED_KEYS FILE FORMAT
+@@ -279,15 +278,13 @@ AUTHORIZED_KEYS FILE FORMAT
starts with a number). The bits, exponent, modulus, and comment fields
give the RSA key for protocol version 1; the comment field is not used
for anything (but may be convenient for the user to identify the key).
-- For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'',
-- ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'',
-- ``ssh-dss'' or ``ssh-rsa''.
-+ For protocol version 2 the keytype is ``ssh-dss'' or ``ssh-rsa''.
+- For protocol version 2 the keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^],
+- M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or
+- M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
++ For protocol version 2 the keytype is M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
Note that lines in this file are usually several hundred bytes long
(because of the size of the public key encoding) up to a limit of 8
@@ -1853,16 +1463,16 @@
file and edit it.
sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
-@@ -513,7 +510,7 @@ FILES
+@@ -514,7 +511,7 @@ FILES
for the user, and not accessible by others.
~/.ssh/authorized_keys
-- Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used
+- Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
+ Lists the public keys (DSA, RSA) that can be used
for logging in as this user. The format of this file is
described above. The content of the file is not highly
sensitive, but the recommended permissions are read/write for the
-@@ -574,8 +571,6 @@ FILES
+@@ -570,8 +567,6 @@ FILES
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_dsa_key
@@ -1871,7 +1481,7 @@
/etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys. These
files should only be owned by root, readable only by root, and
-@@ -584,8 +579,6 @@ FILES
+@@ -580,8 +575,6 @@ FILES
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_dsa_key.pub
@@ -1881,9 +1491,9 @@
These files contain the public parts of the host keys. These
files should be world-readable but writable only by root. Their
diff -pur old/sshd.8 new/sshd.8
---- old/sshd.8 2015-04-10 02:43:51.068793178 -0700
-+++ new/sshd.8 2015-04-10 02:43:51.186397825 -0700
-@@ -175,8 +175,6 @@ The default is
+--- old/sshd.8 2015-12-10 12:36:52.040393250 -0800
++++ new/sshd.8 2015-12-10 12:40:30.706984900 -0800
+@@ -172,8 +172,6 @@ The default is
.Pa /etc/ssh/ssh_host_key
for protocol version 1, and
.Pa /etc/ssh/ssh_host_dsa_key ,
@@ -1892,16 +1502,16 @@
and
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
-@@ -281,7 +279,7 @@ though this can be changed via the
+@@ -275,7 +273,7 @@ though this can be changed via the
.Cm Protocol
option in
.Xr sshd_config 4 .
--Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
+-Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
+Protocol 2 supports DSA and RSA keys;
protocol 1 only supports RSA keys.
For both protocols,
each host has a host-specific key,
-@@ -492,10 +490,6 @@ protocol version 1; the
+@@ -491,10 +489,6 @@ protocol version 1; the
comment field is not used for anything (but may be convenient for the
user to identify the key).
For protocol version 2 the keytype is
@@ -1912,7 +1522,7 @@
.Dq ssh-dss
or
.Dq ssh-rsa .
-@@ -507,8 +501,6 @@ keys up to 16 kilobits.
+@@ -506,8 +500,6 @@ keys up to 16 kilobits.
You don't want to type them in; instead, copy the
.Pa identity.pub ,
.Pa id_dsa.pub ,
@@ -1921,16 +1531,16 @@
or the
.Pa id_rsa.pub
file and edit it.
-@@ -808,7 +800,7 @@ secret, but the recommended permissions
+@@ -807,7 +799,7 @@ secret, but the recommended permissions
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
--Lists the public keys (DSA, ECDSA, ED25519, RSA)
+-Lists the public keys (DSA, ECDSA, Ed25519, RSA)
+Lists the public keys (DSA, RSA)
that can be used for logging in as this user.
The format of this file is described above.
The content of the file is not highly sensitive, but the recommended
-@@ -888,8 +880,6 @@ rlogin/rsh.
+@@ -881,8 +873,6 @@ rlogin/rsh.
.Pp
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
@@ -1939,7 +1549,7 @@
.It Pa /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys.
These files should only be owned by root, readable only by root, and not
-@@ -900,8 +890,6 @@ does not start if these files are group/
+@@ -893,8 +883,6 @@ does not start if these files are group/
.Pp
.It Pa /etc/ssh/ssh_host_key.pub
.It Pa /etc/ssh/ssh_host_dsa_key.pub
@@ -1949,9 +1559,9 @@
These files contain the public parts of the host keys.
These files should be world-readable but writable only by
diff -pur old/sshd.c new/sshd.c
---- old/sshd.c 2015-04-10 02:43:51.101980137 -0700
-+++ new/sshd.c 2015-04-10 02:49:46.274593753 -0700
-@@ -797,7 +797,9 @@ list_hostkey_types(void)
+--- old/sshd.c
++++ new/sshd.c
+@@ -811,7 +811,9 @@ list_hostkey_types(void)
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
@@ -1961,7 +1571,7 @@
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
p = key_ssh_name(key);
-@@ -814,7 +816,9 @@ list_hostkey_types(void)
+@@ -826,7 +828,9 @@ list_hostkey_types(void)
case KEY_RSA_CERT:
case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
@@ -1971,7 +1581,7 @@
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
p = key_ssh_name(key);
-@@ -842,7 +846,9 @@ get_hostkey_by_type(int type, int need_p
+@@ -852,7 +856,9 @@ get_hostkey_by_type(int type, int nid, i
case KEY_RSA_CERT:
case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
@@ -1981,59 +1591,113 @@
key = sensitive_data.host_certificates[i];
break;
default:
-@@ -1719,7 +1725,9 @@ main(int ac, char **av)
+@@ -1810,7 +1816,9 @@ main(int ac, char **av)
case KEY_RSA:
case KEY_DSA:
case KEY_ECDSA:
+#ifndef WITHOUT_ED25519
case KEY_ED25519:
+#endif /* WITHOUT_ED25519 */
- sensitive_data.have_ssh2_key = 1;
+ if (have_agent || key != NULL)
+ sensitive_data.have_ssh2_key = 1;
break;
- }
-@@ -2501,7 +2509,9 @@ do_ssh2_kex(void)
- kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
- kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+@@ -2646,7 +2654,9 @@ do_ssh2_kex(void)
kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ # endif
+ #endif
+#ifndef WITHOUT_ED25519
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+#endif /* WITHOUT_ED25519 */
- kex->server = 1;
- kex->client_version_string=client_version_string;
- kex->server_version_string=server_version_string;
-Only in new: sshd.c.orig
-Only in new: sshd.c.rej
+ #ifdef GSSAPI
+ if (options.gss_keyex) {
+ kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
diff -pur old/sshd_config.0 new/sshd_config.0
---- old/sshd_config.0 2014-01-29 17:52:48.000000000 -0800
-+++ new/sshd_config.0 2015-04-10 02:43:51.188313577 -0700
-@@ -332,12 +332,11 @@ DESCRIPTION
+--- old/sshd_config.0
++++ new/sshd_config.0
+@@ -403,13 +403,8 @@ DESCRIPTION
+ specified key types will be appended to the default set instead
+ of replacing them. The default for this option is:
+
+- [email protected],
+- [email protected],
+- [email protected],
+- [email protected],
+ [email protected],
+- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+- ssh-ed25519,ssh-rsa
++ ssh-rsa
+
+ The -Q option of ssh(1) may be used to list supported key types.
+
+@@ -438,8 +433,7 @@ DESCRIPTION
HostKey
Specifies a file containing a private host key used by SSH. The
default is /etc/ssh/ssh_host_key for protocol version 1, and
- /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
- /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
-+ /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key for
- protocol version 2. Note that sshd(8) will refuse to use a file
- if it is group/world-accessible. It is possible to have multiple
- host key files. ``rsa1'' keys are used for version 1 and
-- ``dsa'', ``ecdsa'', ``ed25519'' or ``rsa'' are used for version 2
-+ ``dsa'' or ``rsa'' are used for version 2
- of the SSH protocol. It is also possible to specify public host
- key files instead. In this case operations on the private key
- will be delegated to an ssh-agent(1).
-@@ -399,8 +398,6 @@ DESCRIPTION
- Specifies the available KEX (Key Exchange) algorithms. Multiple
- algorithms must be comma-separated. The default is
++ /etc/ssh/ssh_host_dsa_key, and /etc/ssh/ssh_host_rsa_key for
+ protocol version 2.
+
+ Note that sshd(8) will refuse to use a file if it is group/world-
+@@ -447,7 +441,7 @@ DESCRIPTION
+ of the keys are actually used by sshd(8).
+
+ It is possible to have multiple host key files. M-bM-^@M-^\rsa1M-bM-^@M-^] keys are
+- used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^] are
++ used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] are
+ used for version 2 of the SSH protocol. It is also possible to
+ specify public host key files instead. In this case operations
+ on the private key will be delegated to an ssh-agent(1).
+@@ -462,13 +456,8 @@ DESCRIPTION
+ Specifies the protocol version 2 host key algorithms that the
+ server offers. The default for this option is:
+
+- [email protected],
+- [email protected],
+- [email protected],
+- [email protected],
+ [email protected],
+- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+- ssh-ed25519,ssh-rsa
++ ssh-rsa
+
+ The list of available key types may also be obtained using the -Q
+ option of ssh(1) with an argument of M-bM-^@M-^\keyM-bM-^@M-^].
+@@ -532,7 +521,6 @@ DESCRIPTION
+ will be appended to the default set instead of replacing them.
+ The supported algorithms are:
+
+- [email protected]
+ diffie-hellman-group1-sha1
+ diffie-hellman-group14-sha1
+ diffie-hellman-group-exchange-sha1
+@@ -543,7 +531,6 @@ DESCRIPTION
+
+ The default is:
- [email protected],
-- ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
- diffie-hellman-group-exchange-sha1,
- diffie-hellman-group14-sha1,
+ diffie-hellman-group14-sha1
+@@ -787,13 +774,8 @@ DESCRIPTION
+ specified key types will be appended to the default set instead
+ of replacing them. The default for this option is:
+
+- [email protected],
+- [email protected],
+- [email protected],
+- [email protected],
+ [email protected],
+- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+- ssh-ed25519,ssh-rsa
++ ssh-rsa
+
+ The -Q option of ssh(1) may be used to list supported key types.
+
diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5 2015-04-10 02:43:51.078482159 -0700
-+++ new/sshd_config.5 2015-04-10 02:43:51.189013912 -0700
-@@ -540,8 +540,6 @@ The default is
+--- old/sshd_config.5
++++ new/sshd_config.5
+@@ -712,8 +712,6 @@ The default is
.Pa /etc/ssh/ssh_host_key
for protocol version 1, and
.Pa /etc/ssh/ssh_host_dsa_key ,
@@ -2042,7 +1706,7 @@
and
.Pa /etc/ssh/ssh_host_rsa_key
for protocol version 2.
-@@ -552,8 +550,6 @@ It is possible to have multiple host key
+@@ -730,8 +728,6 @@ It is possible to have multiple host key
.Dq rsa1
keys are used for version 1 and
.Dq dsa ,
@@ -2051,30 +1715,426 @@
or
.Dq rsa
are used for version 2 of the SSH protocol.
-@@ -663,8 +659,6 @@ Specifies the available KEX (Key Exchang
- Multiple algorithms must be comma-separated.
- The default is
+@@ -878,8 +874,6 @@ The supported algorithms are:
+ .Pp
+ .Bl -item -compact -offset indent
+ .It
[email protected]
+-.It
+ diffie-hellman-group1-sha1
+ .It
+ diffie-hellman-group14-sha1
+@@ -897,7 +891,6 @@ ecdh-sha2-nistp521
+ .Pp
+ The default is:
.Bd -literal -offset indent
[email protected],
--ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
- diffie-hellman-group-exchange-sha1,
- diffie-hellman-group14-sha1,
-Only in new: sshd_config.5.orig
-diff -pur old/verify.c new/verify.c
---- old/verify.c 2014-01-16 17:43:44.000000000 -0800
-+++ new/verify.c 2015-04-10 02:43:51.189372783 -0700
-@@ -9,6 +9,8 @@
+ diffie-hellman-group14-sha1
+diff -pur old/sshkey.c new/sshkey.c
+--- old/sshkey.c
++++ new/sshkey.c
+@@ -85,9 +85,11 @@ struct keytype {
+ int cert;
+ };
+ static const struct keytype keytypes[] = {
++#ifndef WITHOUT_ED25519
+ { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },
+ { "[email protected]", "ED25519-CERT",
+ KEY_ED25519_CERT, 0, 1 },
++#endif /* WITHOUT_ED25519 */
+ #ifdef WITH_OPENSSL
+ { NULL, "RSA1", KEY_RSA1, 0, 0 },
+ { "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
+@@ -278,8 +280,10 @@ sshkey_size(const struct sshkey *k)
+ case KEY_ECDSA_CERT:
+ return sshkey_curve_nid_to_bits(k->ecdsa_nid);
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
++#endif /* WITHOUT_ED25519 */
+ return 256; /* XXX */
+ }
+ return 0;
+@@ -292,7 +296,9 @@ sshkey_type_is_valid_ca(int type)
+ case KEY_RSA:
+ case KEY_DSA:
+ case KEY_ECDSA:
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
++#endif /* WITHOUT_ED25519 */
+ return 1;
+ default:
+ return 0;
+@@ -318,8 +324,10 @@ sshkey_type_plain(int type)
+ return KEY_DSA;
+ case KEY_ECDSA_CERT:
+ return KEY_ECDSA;
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519_CERT:
+ return KEY_ED25519;
++#endif /* WITHOUT_ED25519 */
+ default:
+ return type;
+ }
+@@ -472,8 +480,10 @@ sshkey_new(int type)
+ k->dsa = NULL;
+ k->rsa = NULL;
+ k->cert = NULL;
++#ifndef WITHOUT_ED25519
+ k->ed25519_sk = NULL;
+ k->ed25519_pk = NULL;
++#endif /* WITHOUT_ED25519 */
+ switch (k->type) {
+ #ifdef WITH_OPENSSL
+ case KEY_RSA1:
+@@ -508,10 +518,12 @@ sshkey_new(int type)
+ /* Cannot do anything until we know the group */
+ break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ /* no need to prealloc */
+ break;
++#endif /* WITHOUT_ED25519 */
+ case KEY_UNSPEC:
+ break;
+ default:
+@@ -558,10 +570,12 @@ sshkey_add_private(struct sshkey *k)
+ /* Cannot do anything until we know the group */
+ break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ /* no need to prealloc */
+ break;
++#endif /* WITHOUT_ED25519 */
+ case KEY_UNSPEC:
+ break;
+ default:
+@@ -613,6 +627,7 @@ sshkey_free(struct sshkey *k)
+ break;
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ if (k->ed25519_pk) {
+@@ -626,6 +641,7 @@ sshkey_free(struct sshkey *k)
+ k->ed25519_sk = NULL;
+ }
+ break;
++#endif /* WITHOUT_ED25519 */
+ case KEY_UNSPEC:
+ break;
+ default:
+@@ -703,10 +719,12 @@ sshkey_equal_public(const struct sshkey
+ return 1;
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
+ memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
++#endif /* WITHOUT_ED25519 */
+ default:
+ return 0;
+ }
+@@ -749,7 +767,9 @@ to_blob_buf(const struct sshkey *key, st
+ case KEY_ECDSA_CERT:
+ case KEY_RSA_CERT:
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519_CERT:
++#endif /* WITHOUT_ED25519 */
+ /* Use the existing blob */
+ /* XXX modified flag? */
+ if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
+@@ -786,6 +806,7 @@ to_blob_buf(const struct sshkey *key, st
+ return ret;
+ break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ if (key->ed25519_pk == NULL)
+ return SSH_ERR_INVALID_ARGUMENT;
+@@ -794,6 +815,7 @@ to_blob_buf(const struct sshkey *key, st
+ key->ed25519_pk, ED25519_PK_SZ)) != 0)
+ return ret;
+ break;
++#endif /* WITHOUT_ED25519 */
+ default:
+ return SSH_ERR_KEY_TYPE_UNKNOWN;
+ }
+@@ -1267,11 +1289,13 @@ sshkey_read(struct sshkey *ret, char **c
+ case KEY_RSA:
+ case KEY_DSA:
+ case KEY_ECDSA:
+- case KEY_ED25519:
++#ifndef WITHOUT_ED25519
++ case KEY_ED25519:
++ case KEY_ED25519_CERT:
++#endif /* WITHOUT_ED25519 */
+ case KEY_DSA_CERT:
+ case KEY_ECDSA_CERT:
+ case KEY_RSA_CERT:
+- case KEY_ED25519_CERT:
+ space = strchr(cp, ' ');
+ if (space == NULL)
+ return SSH_ERR_INVALID_FORMAT;
+@@ -1363,6 +1387,7 @@ sshkey_read(struct sshkey *ret, char **c
+ }
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ if (sshkey_type_plain(ret->type) == KEY_ED25519) {
+ free(ret->ed25519_pk);
+ ret->ed25519_pk = k->ed25519_pk;
+@@ -1371,6 +1396,7 @@ sshkey_read(struct sshkey *ret, char **c
+ /* XXX */
+ #endif
+ }
++#endif /* WITHOUT_ED25519 */
+ retval = 0;
+ /*XXXX*/
+ sshkey_free(k);
+@@ -1662,7 +1688,8 @@ sshkey_generate(int type, u_int bits, st
+ if ((k = sshkey_new(KEY_UNSPEC)) == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+ switch (type) {
+- case KEY_ED25519:
++#ifndef WITHOUT_ED25519
++ case KEY_ED25519:
+ if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL ||
+ (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) {
+ ret = SSH_ERR_ALLOC_FAIL;
+@@ -1671,6 +1698,7 @@ sshkey_generate(int type, u_int bits, st
+ crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
+ ret = 0;
+ break;
++#endif /* WITHOUT_ED25519 */
+ #ifdef WITH_OPENSSL
+ case KEY_DSA:
+ ret = dsa_generate_private_key(bits, &k->dsa);
+@@ -1806,6 +1834,7 @@ sshkey_from_private(const struct sshkey
+ }
+ break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ if ((n = sshkey_new(k->type)) == NULL)
+@@ -1818,6 +1847,7 @@ sshkey_from_private(const struct sshkey
+ memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
+ }
+ break;
++#endif /* WITHOUT_ED25519 */
+ default:
+ return SSH_ERR_KEY_TYPE_UNKNOWN;
+ }
+@@ -2084,6 +2114,7 @@ sshkey_from_blob_internal(struct sshbuf
+ break;
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519_CERT:
+ /* Skip nonce */
+ if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {
+@@ -2105,6 +2136,7 @@ sshkey_from_blob_internal(struct sshbuf
+ key->ed25519_pk = pk;
+ pk = NULL;
+ break;
++#endif /* WITHOUT_ED25519 */
+ case KEY_UNSPEC:
+ if ((key = sshkey_new(type)) == NULL) {
+ ret = SSH_ERR_ALLOC_FAIL;
+@@ -2197,9 +2229,11 @@ sshkey_sign(const struct sshkey *key,
+ case KEY_RSA:
+ return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat);
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);
++#endif /* WITHOUT_ED25519 */
+ default:
+ return SSH_ERR_KEY_TYPE_UNKNOWN;
+ }
+@@ -2229,9 +2263,11 @@ sshkey_verify(const struct sshkey *key,
+ case KEY_RSA:
+ return ssh_rsa_verify(key, sig, siglen, data, dlen, compat);
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ case KEY_ED25519_CERT:
+ return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat);
++#endif /* WITHOUT_ED25519 */
+ default:
+ return SSH_ERR_KEY_TYPE_UNKNOWN;
+ }
+@@ -2255,8 +2291,10 @@ sshkey_demote(const struct sshkey *k, st
+ pk->dsa = NULL;
+ pk->ecdsa = NULL;
+ pk->rsa = NULL;
++#ifndef WITHOUT_ED25519
+ pk->ed25519_pk = NULL;
+ pk->ed25519_sk = NULL;
++#endif /* WITHOUT_ED25519 */
- #include "crypto_api.h"
+ switch (k->type) {
+ #ifdef WITH_OPENSSL
+@@ -2306,6 +2344,7 @@ sshkey_demote(const struct sshkey *k, st
+ break;
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519_CERT:
+ if ((ret = sshkey_cert_copy(k, pk)) != 0)
+ goto fail;
+@@ -2319,6 +2358,7 @@ sshkey_demote(const struct sshkey *k, st
+ memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
+ }
+ break;
++#endif /* WITHOUT_ED25519 */
+ default:
+ ret = SSH_ERR_KEY_TYPE_UNKNOWN;
+ fail:
+@@ -2347,9 +2387,11 @@ sshkey_to_certified(struct sshkey *k)
+ newtype = KEY_ECDSA_CERT;
+ break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ newtype = KEY_ED25519_CERT;
+ break;
++#endif /* WITHOUT_ED25519 */
+ default:
+ return SSH_ERR_INVALID_ARGUMENT;
+ }
+@@ -2428,11 +2470,13 @@ sshkey_certify(struct sshkey *k, struct
+ goto out;
+ break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519_CERT:
+ if ((ret = sshbuf_put_string(cert,
+ k->ed25519_pk, ED25519_PK_SZ)) != 0)
+ goto out;
+ break;
++#endif /* WITHOUT_ED25519 */
+ default:
+ ret = SSH_ERR_INVALID_ARGUMENT;
+ goto out;
+@@ -2607,6 +2651,7 @@ sshkey_private_serialize(const struct ss
+ break;
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ if ((r = sshbuf_put_string(b, key->ed25519_pk,
+ ED25519_PK_SZ)) != 0 ||
+@@ -2626,6 +2671,7 @@ sshkey_private_serialize(const struct ss
+ ED25519_SK_SZ)) != 0)
+ goto out;
+ break;
++#endif /* WITHOUT_ED25519 */
+ default:
+ r = SSH_ERR_INVALID_ARGUMENT;
+ goto out;
+@@ -2750,6 +2796,7 @@ sshkey_private_deserialize(struct sshbuf
+ goto out;
+ break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ if ((k = sshkey_new_private(type)) == NULL) {
+ r = SSH_ERR_ALLOC_FAIL;
+@@ -2780,6 +2827,7 @@ sshkey_private_deserialize(struct sshbuf
+ k->ed25519_sk = ed25519_sk;
+ ed25519_pk = ed25519_sk = NULL;
+ break;
++#endif /* WITHOUT_ED25519 */
+ default:
+ r = SSH_ERR_KEY_TYPE_UNKNOWN;
+ goto out;
+@@ -3545,9 +3593,11 @@ sshkey_private_to_fileblob(struct sshkey
+ return sshkey_private_pem_to_blob(key, blob,
+ passphrase, comment);
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ return sshkey_private_to_blob2(key, blob, passphrase,
+ comment, new_format_cipher, new_format_rounds);
++#endif /* WITHOUT_ED25519 */
+ default:
+ return SSH_ERR_KEY_TYPE_UNKNOWN;
+ }
+@@ -3853,9 +3903,11 @@ sshkey_parse_private_fileblob_type(struc
+ return sshkey_parse_private_pem_fileblob(blob, type,
+ passphrase, keyp);
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ case KEY_ED25519:
+ return sshkey_parse_private2(blob, type, passphrase,
+ keyp, commentp);
++#endif /* WITHOUT_ED25519 */
+ case KEY_UNSPEC:
+ if ((r = sshkey_parse_private2(blob, type, passphrase, keyp,
+ commentp)) == 0)
+diff -pur old/sshkey.h new/sshkey.h
+--- old/sshkey.h
++++ new/sshkey.h
+@@ -57,11 +57,15 @@ enum sshkey_types {
+ KEY_RSA,
+ KEY_DSA,
+ KEY_ECDSA,
+- KEY_ED25519,
++#ifndef WITHOUT_ED25519
++ KEY_ED25519,
++#endif /* WITHOUT_ED25519 */
+ KEY_RSA_CERT,
+ KEY_DSA_CERT,
+ KEY_ECDSA_CERT,
++#ifndef WITHOUT_ED25519
+ KEY_ED25519_CERT,
++#endif /* WITHOUT_ED25519 */
+ KEY_NULL,
+ KEY_UNSPEC
+ };
+@@ -104,13 +108,17 @@ struct sshkey {
+ DSA *dsa;
+ int ecdsa_nid; /* NID of curve */
+ EC_KEY *ecdsa;
++#ifndef WITHOUT_ED25519
+ u_char *ed25519_sk;
+ u_char *ed25519_pk;
++#endif /* WITHOUT_ED25519 */
+ struct sshkey_cert *cert;
+ };
+#ifndef WITHOUT_ED25519
-+
- int crypto_verify_32(const unsigned char *x,const unsigned char *y)
- {
- unsigned int differentbits = 0;
-@@ -47,3 +49,4 @@ int crypto_verify_32(const unsigned char
- F(31)
- return (1 & ((differentbits - 1) >> 8)) - 1;
- }
+ #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
+ #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
+#endif /* WITHOUT_ED25519 */
+
+ struct sshkey *sshkey_new(int);
+ int sshkey_add_private(struct sshkey *);
+@@ -208,11 +216,13 @@ int ssh_ecdsa_sign(const struct sshkey *
+ int ssh_ecdsa_verify(const struct sshkey *key,
+ const u_char *signature, size_t signaturelen,
+ const u_char *data, size_t datalen, u_int compat);
++#ifndef WITHOUT_ED25519
+ int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+ const u_char *data, size_t datalen, u_int compat);
+ int ssh_ed25519_verify(const struct sshkey *key,
+ const u_char *signature, size_t signaturelen,
+ const u_char *data, size_t datalen, u_int compat);
++#endif /* WITHOUT_ED25519 */
+ #endif
+
+ #if !defined(WITH_OPENSSL)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/025-login_to_a_role.patch Mon Jan 25 10:57:40 2016 -0800
@@ -0,0 +1,185 @@
+#
+# Enable login to a role for hostbased authentication if allowed by PAM.
+#
+# Sets PAM_AUSER item to user who is asserting a new identity before
+# calling do_pam_account(). Implemented using existing static variable
+# hostbased_cuser. The change is protected by new HAVE_PAM_AUSER ifdef-guard,
+# which is set to defined on Solaris.
+#
+# Patch offered upstream:
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2378
+#
+diff -pur old/auth-pam.c new/auth-pam.c
+--- old/auth-pam.c 2015-05-21 04:08:41.910932322 -0700
++++ new/auth-pam.c 2015-05-21 04:08:42.024831668 -0700
+@@ -1038,6 +1038,20 @@ do_pam_account(void)
+ return (sshpam_account_status);
+ }
+
++#ifdef HAVE_PAM_AUSER
++void
++do_pam_set_auser(const char* auser)
++{
++ if (auser != NULL) {
++ debug("PAM: setting PAM_AUSER to \"%s\"", auser);
++ sshpam_err = pam_set_item(sshpam_handle, PAM_AUSER, auser);
++ if (sshpam_err != PAM_SUCCESS)
++ error("PAM: failed to set PAM_AUSER: %s",
++ pam_strerror(sshpam_handle, sshpam_err));
++ }
++}
++#endif
++
+ void
+ do_pam_set_tty(const char *tty)
+ {
+diff -pur old/auth-pam.h new/auth-pam.h
+--- old/auth-pam.h 2015-03-16 22:49:20.000000000 -0700
++++ new/auth-pam.h 2015-05-21 04:08:42.025160216 -0700
+@@ -35,6 +35,9 @@ void start_pam(Authctxt *);
+ void finish_pam(void);
+ u_int do_pam_account(void);
+ void do_pam_session(void);
++#ifdef HAVE_PAM_AUSER
++void do_pam_set_auser(const char *);
++#endif
+ void do_pam_set_tty(const char *);
+ void do_pam_setcred(int );
+ void do_pam_chauthtok(void);
+diff -pur old/auth.h new/auth.h
+--- old/auth.h 2015-05-21 04:08:41.911346027 -0700
++++ new/auth.h 2015-05-21 04:08:42.025504068 -0700
+@@ -84,6 +84,9 @@ struct Authctxt {
+ #ifdef PAM_ENHANCEMENT
+ char *authmethod_name;
+ #endif
++#ifdef HAVE_PAM_AUSER
++ char *auser;
++#endif
+ };
+ /*
+ * Every authentication method has to handle authentication requests for
+diff -pur old/auth2-hostbased.c new/auth2-hostbased.c
+--- old/auth2-hostbased.c 2015-03-16 22:49:20.000000000 -0700
++++ new/auth2-hostbased.c 2015-05-21 04:08:42.026208843 -0700
+@@ -85,6 +85,9 @@ userauth_hostbased(Authctxt *authctxt)
+ buffer_dump(&b);
+ buffer_free(&b);
+ #endif
++#ifdef HAVE_PAM_AUSER
++ authctxt->auser = NULL;
++#endif
+ pktype = key_type_from_name(pkalg);
+ if (pktype == KEY_UNSPEC) {
+ /* this is perfectly legal */
+@@ -143,6 +146,13 @@ userauth_hostbased(Authctxt *authctxt)
+ buffer_len(&b))) == 1)
+ authenticated = 1;
+
++#ifdef HAVE_PAM_AUSER
++ if (authenticated) {
++ authctxt->auser = cuser;
++ cuser = NULL;
++ }
++#endif
++
+ buffer_free(&b);
+ done:
+ debug2("userauth_hostbased: authenticated %d", authenticated);
+diff -pur old/auth2.c new/auth2.c
+--- old/auth2.c 2015-05-21 04:08:41.947286493 -0700
++++ new/auth2.c 2015-05-21 04:08:42.026846014 -0700
+@@ -339,6 +339,14 @@ userauth_finish(Authctxt *authctxt, int
+ #endif
+ }
+
++#ifdef HAVE_PAM_AUSER
++ if (!use_privsep) {
++ do_pam_set_auser(authctxt->auser);
++ free(authctxt->auser);
++ authctxt->auser = NULL;
++ }
++#endif
++
+ if (authenticated && options.num_auth_methods != 0) {
+
+ #if defined(USE_PAM) && defined(PAM_ENHANCEMENT)
+diff -pur old/config.h.in new/config.h.in
+--- old/config.h.in 2015-05-21 04:08:41.938119429 -0700
++++ new/config.h.in 2015-05-21 04:08:42.027796887 -0700
+@@ -827,6 +827,9 @@
+ /* Define if you have Digital Unix Security Integration Architecture */
+ #undef HAVE_OSF_SIA
+
++/* Define if you have PAM_AUSER PAM item */
++#undef HAVE_PAM_AUSER
++
+ /* Define to 1 if you have the `pam_getenvlist' function. */
+ #undef HAVE_PAM_GETENVLIST
+
+diff -pur old/configure new/configure
+--- old/configure 2015-05-21 04:08:41.952127851 -0700
++++ new/configure 2015-05-21 04:09:34.214165539 -0700
+@@ -10872,6 +10872,7 @@ fi
+ cat >>confdefs.h <<\_ACEOF
+ #define USE_GSS_STORE_CRED 1
+ #define GSSAPI_STORECREDS_NEEDS_RUID 1
++#define HAVE_PAM_AUSER 1
+ _ACEOF
+
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+diff -pur old/configure.ac new/configure.ac
+--- old/configure.ac 2015-05-21 04:08:41.886514252 -0700
++++ new/configure.ac 2015-05-21 04:08:42.052981088 -0700
+@@ -904,6 +904,7 @@ mips-sony-bsd|mips-sony-newsos4)
+ TEST_SHELL=$SHELL # let configure find us a capable shell
+ AC_DEFINE([USE_GSS_STORE_CRED])
+ AC_DEFINE([GSSAPI_STORECREDS_NEEDS_RUID])
++ AC_DEFINE([HAVE_PAM_AUSER])
+ ;;
+ *-*-sunos4*)
+ CPPFLAGS="$CPPFLAGS -DSUNOS4"
+diff -pur old/monitor.c new/monitor.c
+--- old/monitor.c 2015-05-21 04:08:41.964048305 -0700
++++ new/monitor.c 2015-05-21 04:08:42.054374639 -0700
+@@ -461,6 +461,12 @@ monitor_child_preauth(Authctxt *_authctx
+ }
+ }
+
++#if defined(HAVE_PAM_AUSER) && defined(USE_PAM)
++ if (hostbased_cuser != NULL) {
++ free(hostbased_cuser);
++ hostbased_cuser = NULL;
++ }
++#endif
+ if (!authctxt->valid)
+ fatal("%s: authenticated invalid user", __func__);
+ if (strcmp(auth_method, "unknown") == 0)
+@@ -694,12 +700,14 @@ monitor_reset_key_state(void)
+ {
+ /* reset state */
+ free(key_blob);
++#if !defined(HAVE_PAM_AUSER) || !defined(USE_PAM)
+ free(hostbased_cuser);
++ hostbased_cuser = NULL;
++#endif
+ free(hostbased_chost);
+ key_blob = NULL;
+ key_bloblen = 0;
+ key_blobtype = MM_NOKEY;
+- hostbased_cuser = NULL;
+ hostbased_chost = NULL;
+ }
+
+@@ -1146,6 +1154,11 @@ mm_answer_pam_account(int sock, Buffer *
+ if (!options.use_pam)
+ fatal("UsePAM not set, but ended up in %s anyway", __func__);
+
++#ifdef HAVE_PAM_AUSER
++ if (hostbased_cuser != NULL)
++ do_pam_set_auser(hostbased_cuser);
++#endif
++
+ ret = do_pam_account();
+
+ buffer_put_int(m, ret);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/029-disable-redundant-pam_setcred.patch Mon Jan 25 10:57:40 2016 -0800
@@ -0,0 +1,34 @@
+# This issue has been raised with the upstream OpenSSH community:
+#
+# 2426 OpenSSH doesn't need the second call to do_pam_setcred() on non-Linux
+# platforms
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2426
+#
+# The OpenSSH maintainers added a call to do_pam_setcred() in
+# platform_setusercontext_post_groups() with no corresponding bugID along with
+# a befuddling comment that initgroups(3C) wipes out supplementary groups:
+#
+#https://anongit.mindrot.org/openssh.git/commit/platform.c?id=cc12418e18242ce1f61d7035da4956274ba13a96
+#
+# This only applies in the Linux world if the LinuxPAM pam_group(8) module
+# has been installed and configured which allows one to assign additional
+# secondary groups to a user using /etc/security/group.conf in addition to
+# /etc/group. To confuse things a bit more, there is an OpenPAM PAM module
+# of the same name, pam_group(8), which has different functionality, it
+# performs access control based on group membership.
+#
+# In short, this additional call to do_pam_setcred() is Linux-specific and
+# shouldn't be called on Solaris.
+#
+diff -pur old/platform.c new/platform.c
+--- old/platform.c 2015-07-02 04:21:38.155790601 -0700
++++ new/platform.c 2015-07-02 05:11:06.302125686 -0700
+@@ -145,7 +145,7 @@ platform_setusercontext(struct passwd *p
+ void
+ platform_setusercontext_post_groups(struct passwd *pw)
+ {
+-#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM)
++#if !defined(HAVE_LOGIN_CAP) && defined(USE_PAM) && !defined(PAM_SUN_CODEBASE)
+ /*
+ * PAM credentials may take the form of supplementary groups.
+ * These will have been wiped by the above initgroups() call.
--- a/components/openssh/patches/030-auth_limits_bypass_fix.patch Thu Jan 14 09:14:14 2016 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-#
-# This is to fix a keyboard-interactive authentication brute force
-# vulnerability (MaxAuthTries bypass). A CVE number (CVE-2015-5600) has been
-# reserved for this problem, but not officially issued yet. This fix came from
-# OpenSSH upstream, which will be included in the future OpenSSH 7.0p1 release.
-# When we upgrade OpenSSH to 7.0 in the future, we will remove this patch.
-#
---- a/auth2-chall.c Mon Aug 3 15:25:43 2015
-+++ b/auth2-chall.c Mon Aug 3 15:28:17 2015
-@@ -82,6 +82,7 @@
- void *ctxt;
- KbdintDevice *device;
- u_int nreq;
-+ u_int devices_done;
- };
-
- #ifdef USE_PAM
-@@ -168,11 +169,15 @@
- if (len == 0)
- break;
- for (i = 0; devices[i]; i++) {
-- if (!auth2_method_allowed(authctxt,
-+ if ((kbdintctxt->devices_done & (1 << i)) != 0 ||
-+ !auth2_method_allowed(authctxt,
- "keyboard-interactive", devices[i]->name))
- continue;
-- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0)
-+ if (strncmp(kbdintctxt->devices, devices[i]->name,
-+ len) == 0) {
- kbdintctxt->device = devices[i];
-+ kbdintctxt->devices_done |= 1 << i;
-+ }
- }
- t = kbdintctxt->devices;
- kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/031-per_session_xauthfile.patch Mon Jan 25 10:57:40 2016 -0800
@@ -0,0 +1,191 @@
+#
+# This patch is to fix a X11 connection failure when a user's home directory
+# is read-only.
+#
+# We have contributed back this fix to the OpenSSH upstream community. For
+# more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2440
+# In the future, if this fix is accepted by the upsteam in a later release, we
+# will remove this patch when we upgrade to that release.
+#
+--- orig/session.c Thu Jul 30 10:35:15 2015
++++ new/session.c Tue Aug 4 11:29:22 2015
+@@ -62,6 +62,10 @@
+ #include <unistd.h>
+ #include <limits.h>
+
++#ifdef PER_SESSION_XAUTHFILE
++#include <libgen.h>
++#endif
++
+ #include "openbsd-compat/sys-queue.h"
+ #include "xmalloc.h"
+ #include "ssh.h"
+@@ -132,6 +136,11 @@
+
+ static int session_pty_req(Session *);
+
++#ifdef PER_SESSION_XAUTHFILE
++void session_xauthfile_cleanup(Session *);
++void cleanup_all_session_xauthfile();
++#endif
++
+ /* import */
+ extern ServerOptions options;
+ extern char *__progname;
+@@ -1218,6 +1227,11 @@
+ if (getenv("TZ"))
+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+
++#ifdef PER_SESSION_XAUTHFILE
++ if (s->auth_file != NULL)
++ child_set_env(&env, &envsize, "XAUTHORITY", s->auth_file);
++#endif
++
+ /* Set custom environment options from RSA authentication. */
+ if (!options.use_login) {
+ while (custom_environment) {
+@@ -2170,6 +2184,11 @@
+ {
+ int success;
+
++#ifdef PER_SESSION_XAUTHFILE
++ int fd;
++ char xauthdir[] = "/tmp/ssh-xauth-XXXXXX";
++#endif
++
+ if (s->auth_proto != NULL || s->auth_data != NULL) {
+ error("session_x11_req: session %d: "
+ "x11 forwarding already active", s->self);
+@@ -2188,6 +2207,48 @@
+ s->auth_proto = NULL;
+ s->auth_data = NULL;
+ }
++
++#ifdef PER_SESSION_XAUTHFILE
++ /*
++ * Create per session X authority file in the /tmp directory.
++ *
++ * If mkdtemp() or open() fails then s->auth_file remains NULL which
++ * means that we won't set XAUTHORITY variable in child's environment
++ * and xauth(1) will use the default location for the authority file.
++ */
++ if (mkdtemp(xauthdir) != NULL) {
++ s->auth_file = xmalloc(MAXPATHLEN);
++ snprintf(s->auth_file, MAXPATHLEN, "%s/xauthfile",
++ xauthdir);
++ /*
++ * we don't want that "creating new authority file" message to
++ * be printed by xauth(1) so we must create that file
++ * beforehand.
++ */
++ if ((fd = open(s->auth_file, O_CREAT | O_EXCL | O_RDONLY,
++ S_IRUSR | S_IWUSR)) == -1) {
++ error("failed to create the temporary X authority "
++ "file %s: %.100s; will use the default one",
++ s->auth_file, strerror(errno));
++ free(s->auth_file);
++ s->auth_file = NULL;
++ if (rmdir(xauthdir) == -1) {
++ error("cannot remove xauth directory "
++ "%s: %.100s", xauthdir, strerror(errno));
++ }
++ } else {
++ close(fd);
++ debug("temporary X authority file %s created",
++ s->auth_file);
++ debug("session number = %d", s->self);
++ }
++ }
++ else {
++ error("failed to create a directory for the temporary X "
++ "authority file: %.100s; will use the default xauth file",
++ strerror(errno));
++ }
++#endif
+ return success;
+ }
+
+@@ -2378,6 +2439,50 @@
+ PRIVSEP(session_pty_cleanup2(s));
+ }
+
++#ifdef PER_SESSION_XAUTHFILE
++/*
++ * We use a different temporary X authority file per session so we should
++ * remove those files when cleanup_exit() is called.
++ */
++void
++session_xauthfile_cleanup(Session *s)
++{
++ if (s == NULL || s->auth_file == NULL) {
++ return;
++ }
++
++ debug("session_xauthfile_cleanup: session %d removing %s", s->self,
++ s->auth_file);
++
++ if (unlink(s->auth_file) == -1) {
++ error("session_xauthfile_cleanup: cannot remove xauth file: "
++ "%.100s", strerror(errno));
++ return;
++ }
++
++ /* dirname() will modify s->auth_file but that's ok */
++ if (rmdir(dirname(s->auth_file)) == -1) {
++ error("session_xauthfile_cleanup: "
++ "cannot remove xauth directory: %.100s", strerror(errno));
++ return;
++ }
++ free(s->auth_file);
++ s->auth_file = NULL;
++}
++
++/*
++ * This is called by do_cleanup() when cleanup_exit() is called.
++ */
++void
++cleanup_all_session_xauthfile()
++{
++ int i;
++ for (i = 0; i < sessions_nalloc; i++) {
++ session_xauthfile_cleanup(&sessions[i]);
++ }
++}
++#endif
++
+ static char *
+ sig2name(int sig)
+ {
+@@ -2512,6 +2617,9 @@
+ free(s->auth_display);
+ free(s->auth_data);
+ free(s->auth_proto);
++#ifdef PER_SESSION_XAUTHFILE
++ session_xauthfile_cleanup(s);
++#endif
+ free(s->subsys);
+ if (s->env != NULL) {
+ for (i = 0; i < s->num_env; i++) {
+@@ -2763,6 +2871,10 @@
+ /* remove agent socket */
+ auth_sock_cleanup_proc(authctxt->pw);
+
++#ifdef PER_SESSION_XAUTHFILE
++ cleanup_all_session_xauthfile();
++#endif
++
+ /*
+ * Cleanup ptys/utmp only if privsep is disabled,
+ * or if running in monitor.
+--- orig/session.h Thu Jul 30 10:35:12 2015
++++ new/session.h Tue Aug 4 11:30:04 2015
+@@ -49,6 +49,9 @@
+ char *auth_display;
+ char *auth_proto;
+ char *auth_data;
++#ifdef PER_SESSION_XAUTHFILE
++ char *auth_file; /* xauth(1) authority file */
++#endif
+ int single_connection;
+
+ /* proto 2 */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/032-hang_on_closed_output.patch Mon Jan 25 10:57:40 2016 -0800
@@ -0,0 +1,25 @@
+#
+# Fix possible hang on closed output.
+#
+# When there is a connectivity problem between the server and the client
+# (network outage, server crash or reboot), the client indefinitely hangs.
+#
+# This patch fixes the issue by checking ssh_packet_write_poll return value
+# in ssh_packet_write_wait and passing it through.
+#
+# The (updated) patch has been accepted upstream and will be part of 7.2
+# https://github.com/openssh/openssh-portable/commit/8408218
+#
+diff -pur old/packet.c new/packet.c
+--- old/packet.c
++++ new/packet.c
+@@ -2040,7 +2040,8 @@ ssh_packet_write_wait(struct ssh *ssh)
+ NFDBITS), sizeof(fd_mask));
+ if (setp == NULL)
+ return SSH_ERR_ALLOC_FAIL;
+- ssh_packet_write_poll(ssh);
++ if ((r = ssh_packet_write_poll(ssh)) != 0)
++ return r;
+ while (ssh_packet_have_data_to_write(ssh)) {
+ memset(setp, 0, howmany(state->connection_out + 1,
+ NFDBITS) * sizeof(fd_mask));
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/033-without_cast128.patch Mon Jan 25 10:57:40 2016 -0800
@@ -0,0 +1,108 @@
+#
+# Removes cast128-cbc support.
+#
+# At this moment this algorithm is not listed in Approved Security
+# Technologies: Standards Details at all. Eventually it will be added as
+# deprecated.
+#
+# SunSSH did not support cast128-cbc. In this respect removing cast128-cbc from
+# OpenSSH doesn't constitute a regression in functionality from SunSSH.
+#
+# Interoperability gain provided by cast128-cbc is negligible, because all
+# relevant ssh implementations also provide several more common encryption
+# algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc.
+#
+# This is a Solaris specific patch and it is not likely to be accepted upstream.
+#
+diff -pur old/cipher.c new/cipher.c
+--- old/cipher.c
++++ new/cipher.c
+@@ -88,8 +88,10 @@ static const struct sshcipher ciphers[]
+ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
+ { "blowfish-cbc",
+ SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
++#ifndef WITHOUT_CAST128
+ { "cast128-cbc",
+ SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
++#endif
+ { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
+ { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
+ { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
+diff -pur old/myproposal.h new/myproposal.h
+--- old/myproposal.h
++++ new/myproposal.h
+@@ -119,9 +119,16 @@
+ "aes128-ctr,aes192-ctr,aes256-ctr" \
+ AESGCM_CIPHER_MODES
+
++#ifdef WITHOUT_CAST128
++# define CAST128
++#else
++# define CAST128 "cast128-cbc"
++#endif
++
+ #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
+ "arcfour256,arcfour128," \
+- "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
++ "aes128-cbc,3des-cbc,blowfish-cbc," \
++ CAST128 \
+ "aes192-cbc,aes256-cbc,arcfour,[email protected]"
+
+ #define KEX_SERVER_MAC \
+diff -pur old/ssh.1 new/ssh.1
+--- old/ssh.1 2016-01-20 13:49:25.822403799 -0800
++++ new/ssh.1 2016-01-20 13:52:04.664954014 -0800
+@@ -788,7 +788,7 @@ options (see above).
+ Both protocols support similar authentication methods,
+ but protocol 2 is the default since
+ it provides additional mechanisms for confidentiality
+-(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
++(the traffic is encrypted using AES, 3DES, Blowfish, or Arcfour)
+ and integrity (hmac-md5, hmac-sha1,
+ hmac-sha2-256, hmac-sha2-512,
+ umac-64, umac-128, hmac-ripemd160).
+diff -pur old/ssh_config.5 new/ssh_config.5
+--- old/ssh_config.5 2016-01-20 13:49:33.670445077 -0800
++++ new/ssh_config.5 2016-01-20 13:53:00.137039489 -0800
+@@ -408,8 +408,6 @@ arcfour256
+ .It
+ blowfish-cbc
+ .It
+-cast128-cbc
+-.It
+ [email protected]
+ .El
+ .Pp
+@@ -419,7 +417,7 @@ [email protected],
+ aes128-ctr,aes192-ctr,aes256-ctr,
+ [email protected],[email protected],
+ arcfour256,arcfour128,
+-aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
++aes128-cbc,3des-cbc,blowfish-cbc,
+ aes192-cbc,aes256-cbc,arcfour
+ .Ed
+ .Pp
+diff -pur old/sshd.8 new/sshd.8
+--- old/sshd.8 2016-01-20 13:49:48.116460059 -0800
++++ new/sshd.8 2016-01-20 13:54:11.984168556 -0800
+@@ -307,7 +307,7 @@ For protocol 2,
+ forward security is provided through a Diffie-Hellman key agreement.
+ This key agreement results in a shared session key.
+ The rest of the session is encrypted using a symmetric cipher, currently
+-128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
++128-bit AES, Blowfish, 3DES, Arcfour, 192-bit AES, or 256-bit AES.
+ The client selects the encryption algorithm
+ to use from those offered by the server.
+ Additionally, session integrity is provided
+diff -pur old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5 2016-01-20 13:49:40.842997029 -0800
++++ new/sshd_config.5 2016-01-20 13:53:50.533090678 -0800
+@@ -469,8 +469,6 @@ arcfour256
+ .It
+ blowfish-cbc
+ .It
+-cast128-cbc
+-.It
+ [email protected]
+ .El
+ .Pp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/034-getaddrinfo_with_ai_addrconfig.patch Mon Jan 25 10:57:40 2016 -0800
@@ -0,0 +1,187 @@
+#
+# Use AI_ADDRCONFIG flag for getaddrinfo() hints where
+# the address family is AF_UNSPEC. See description of AI_ADDRCONFIG
+# in getaddrinfo(3C).
+#
+# We have contributed back this fix to the OpenSSH upstream community. For
+# more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2483
+# In the future, if this fix is accepted by the upsteam in a later release, we
+# will remove this patch when we upgrade to that release.
+#
+--- a/canohost.c Sun Oct 25 20:11:35 2015
++++ b/canohost.c Sun Oct 25 20:11:57 2015
+@@ -113,6 +113,10 @@
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = from.ss_family;
+ hints.ai_socktype = SOCK_STREAM;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags = AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
+ logit("reverse mapping checking getaddrinfo for %.700s "
+ "[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
+--- a/channels.c Sun Oct 25 19:30:33 2015
++++ b/channels.c Sun Oct 25 19:54:36 2015
+@@ -2853,8 +2853,12 @@
+ */
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = IPv4or6;
+- hints.ai_flags = wildcard ? AI_PASSIVE : 0;
+ hints.ai_socktype = SOCK_STREAM;
++ hints.ai_flags = wildcard ? AI_PASSIVE : 0;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ snprintf(strport, sizeof strport, "%d", fwd->listen_port);
+ if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
+ if (addr == NULL) {
+@@ -3736,6 +3740,10 @@
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = IPv4or6;
+ hints.ai_socktype = SOCK_STREAM;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags = AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ snprintf(strport, sizeof strport, "%d", port);
+ if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) {
+ error("connect_to %.100s: unknown host (%s)", name,
+@@ -3908,8 +3916,12 @@
+ port = 6000 + display_number;
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = IPv4or6;
+- hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
+ hints.ai_socktype = SOCK_STREAM;
++ hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ snprintf(strport, sizeof strport, "%d", port);
+ if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) {
+ error("getaddrinfo: %.100s", ssh_gai_strerror(gaierr));
+@@ -4090,6 +4102,10 @@
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = IPv4or6;
+ hints.ai_socktype = SOCK_STREAM;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags = AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ snprintf(strport, sizeof strport, "%u", 6000 + display_number);
+ if ((gaierr = getaddrinfo(buf, strport, &hints, &aitop)) != 0) {
+ error("%.100s: unknown host. (%s)", buf,
+--- a/servconf.c Sun Oct 25 19:39:38 2015
++++ b/servconf.c Sun Oct 25 19:45:16 2015
+@@ -722,6 +722,10 @@
+ hints.ai_family = options->address_family;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ snprintf(strport, sizeof strport, "%d", port);
+ if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0)
+ fatal("bad addr or host: %s (%s)",
+--- a/ssh-keyscan.c Sun Oct 25 19:46:28 2015
++++ b/ssh-keyscan.c Sun Oct 25 19:54:55 2015
+@@ -326,6 +326,10 @@
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = IPv4or6;
+ hints.ai_socktype = SOCK_STREAM;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags = AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) {
+ error("getaddrinfo %s: %s", host, ssh_gai_strerror(gaierr));
+ return -1;
+--- a/ssh.c Sun Oct 25 19:49:46 2015
++++ b/ssh.c Sun Oct 25 19:55:15 2015
+@@ -259,6 +259,10 @@
+ hints.ai_socktype = SOCK_STREAM;
+ if (cname != NULL)
+ hints.ai_flags = AI_CANONNAME;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
+ if (logerr || (gaierr != EAI_NONAME && gaierr != EAI_NODATA))
+ loglevel = SYSLOG_LEVEL_ERROR;
+@@ -298,6 +302,10 @@
+ AF_UNSPEC : options.address_family;
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
+ debug2("%s: could not resolve name %.100s as address: %s",
+ __func__, name, ssh_gai_strerror(gaierr));
+--- a/sshconnect.c Sun Oct 25 19:57:46 2015
++++ b/sshconnect.c Sun Oct 25 19:58:19 2015
+@@ -292,6 +292,10 @@
+ hints.ai_socktype = ai->ai_socktype;
+ hints.ai_protocol = ai->ai_protocol;
+ hints.ai_flags = AI_PASSIVE;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
+ if (gaierr) {
+ error("getaddrinfo: %s: %s", options.bind_address,
+--- a/regress/netcat.c Sun Oct 25 19:59:44 2015
++++ b/regress/netcat.c Sun Oct 25 20:07:05 2015
+@@ -371,6 +371,10 @@
+ hints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
+ if (nflag)
+ hints.ai_flags |= AI_NUMERICHOST;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ }
+
+ if (xflag) {
+@@ -399,6 +403,10 @@
+ proxyhints.ai_protocol = IPPROTO_TCP;
+ if (nflag)
+ proxyhints.ai_flags |= AI_NUMERICHOST;
++#ifdef AI_ADDRCONFIG
++ if (proxyhints.ai_family == AF_UNSPEC)
++ proxyhints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ }
+
+ if (lflag) {
+@@ -673,6 +681,10 @@
+ ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
+ ahints.ai_protocol = uflag ? IPPROTO_UDP : IPPROTO_TCP;
+ ahints.ai_flags = AI_PASSIVE;
++#ifdef AI_ADDRCONFIG
++ if (ahints.ai_family == AF_UNSPEC)
++ ahints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ if ((error = getaddrinfo(sflag, pflag, &ahints, &ares)))
+ errx(1, "getaddrinfo: %s", gai_strerror(error));
+
+@@ -1422,8 +1434,12 @@
+
+ bzero(&hints, sizeof(hints));
+ hints.ai_family = v4only ? PF_INET : PF_UNSPEC;
+- hints.ai_flags = numeric ? AI_NUMERICHOST : 0;
+ hints.ai_socktype = SOCK_STREAM;
++ hints.ai_flags = numeric ? AI_NUMERICHOST : 0;
++#ifdef AI_ADDRCONFIG
++ if (hints.ai_family == AF_UNSPEC)
++ hints.ai_flags |= AI_ADDRCONFIG;
++#endif /* AI_ADDRCONFIG */
+ r = getaddrinfo(h, p, &hints, &res);
+ /* Don't fatal when attempting to convert a numeric address */
+ if (r != 0) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/sources/kexgssc.c Mon Jan 25 10:57:40 2016 -0800
@@ -0,0 +1,347 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * May 22, 2015
+ * In version 6.8 a new packet interface has been introduced to OpenSSH,
+ * while the old packet API has been provided in opacket.c.
+ * At this moment we are not rewritting GSS-API key exchange code to the new
+ * API, just adjusting it to still work with new struct ssh.
+ * Rewritting to the new API can be considered in the future.
+ */
+
+#include "includes.h"
+
+#ifdef GSSAPI
+
+#include "includes.h"
+
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+
+#include <signal.h> /* for sig_atomic_t in kex.h */
+#include <string.h>
+
+#include "xmalloc.h"
+#include "buffer.h"
+#include "ssh2.h"
+#include "key.h"
+#include "cipher.h"
+#include "digest.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+
+#include "ssh-gss.h"
+
+int
+kexgss_client(struct ssh *ssh) {
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
+ Gssctxt *ctxt;
+ OM_uint32 maj_status, min_status, ret_flags;
+ uint_t klen, kout, slen = 0, strlen;
+ DH *dh;
+ BIGNUM *dh_server_pub = NULL;
+ BIGNUM *shared_secret = NULL;
+ BIGNUM *p = NULL;
+ BIGNUM *g = NULL;
+ uchar_t *kbuf;
+ uchar_t *serverhostkey = NULL;
+ uchar_t *empty = "";
+ char *msg;
+ char *lang;
+ int type = 0;
+ int first = 1;
+ int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
+ struct kex *kex = ssh->kex;
+ int r;
+ uchar_t hash[SSH_DIGEST_MAX_LENGTH];
+ size_t hashlen;
+
+ /* Initialise our GSSAPI world */
+ ssh_gssapi_build_ctx(&ctxt);
+ if (ssh_gssapi_id_kex(ctxt, kex->name, kex->kex_type)
+ == GSS_C_NO_OID)
+ fatal("Couldn't identify host exchange");
+
+ if (ssh_gssapi_import_name(ctxt, kex->gss_host))
+ fatal("Couldn't import hostname");
+
+ switch (kex->kex_type) {
+ case KEX_GSS_GRP1_SHA1:
+ kex->dh = dh_new_group1();
+ break;
+ case KEX_GSS_GRP14_SHA1:
+ kex->dh = dh_new_group14();
+ break;
+ case KEX_GSS_GEX_SHA1:
+ debug("Doing group exchange\n");
+ nbits = dh_estimate(kex->we_need * 8);
+ packet_start(SSH2_MSG_KEXGSS_GROUPREQ);
+ packet_put_int(min);
+ packet_put_int(nbits);
+ packet_put_int(max);
+
+ packet_send();
+
+ packet_read_expect(SSH2_MSG_KEXGSS_GROUP);
+
+ if ((p = BN_new()) == NULL)
+ fatal("BN_new() failed");
+ packet_get_bignum2(p);
+ if ((g = BN_new()) == NULL)
+ fatal("BN_new() failed");
+ packet_get_bignum2(g);
+ packet_check_eom();
+
+ if (BN_num_bits(p) < min || BN_num_bits(p) > max)
+ fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
+ min, BN_num_bits(p), max);
+
+ kex->dh = dh_new_group(g, p);
+ break;
+ default:
+ fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
+ }
+
+ /* Step 1 - e is dh->pub_key */
+ dh_gen_key(kex->dh, kex->we_need * 8);
+
+ /* This is f, we initialise it now to make life easier */
+ dh_server_pub = BN_new();
+ if (dh_server_pub == NULL)
+ fatal("dh_server_pub == NULL");
+
+ token_ptr = GSS_C_NO_BUFFER;
+
+ do {
+ debug("Calling gss_init_sec_context");
+
+ maj_status = ssh_gssapi_init_ctx(ctxt,
+ kex->gss_deleg_creds, token_ptr, &send_tok,
+ &ret_flags);
+
+ if (GSS_ERROR(maj_status)) {
+ if (send_tok.length != 0) {
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
+ packet_put_string(send_tok.value,
+ send_tok.length);
+ }
+ fatal("gss_init_context failed");
+ }
+
+ /* If we've got an old receive buffer get rid of it */
+ if (token_ptr != GSS_C_NO_BUFFER)
+ free(recv_tok.value);
+
+ if (maj_status == GSS_S_COMPLETE) {
+ /* If mutual state flag is not true, kex fails */
+ if (!(ret_flags & GSS_C_MUTUAL_FLAG))
+ fatal("Mutual authentication failed");
+
+ /* If integ avail flag is not true kex fails */
+ if (!(ret_flags & GSS_C_INTEG_FLAG))
+ fatal("Integrity check failed");
+ }
+
+ /*
+ * If we have data to send, then the last message that we
+ * received cannot have been a 'complete'.
+ */
+ if (send_tok.length != 0) {
+ if (first) {
+ packet_start(SSH2_MSG_KEXGSS_INIT);
+ packet_put_string(send_tok.value,
+ send_tok.length);
+ packet_put_bignum2(kex->dh->pub_key);
+ first = 0;
+ } else {
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
+ packet_put_string(send_tok.value,
+ send_tok.length);
+ }
+ packet_send();
+ gss_release_buffer(&min_status, &send_tok);
+
+ /* If we've sent them data, they should reply */
+ do {
+ type = packet_read();
+ if (type == SSH2_MSG_KEXGSS_HOSTKEY) {
+ debug("Received KEXGSS_HOSTKEY");
+ if (serverhostkey)
+ fatal("Server host key received"
+ "more than once");
+ serverhostkey =
+ packet_get_string(&slen);
+ }
+ } while (type == SSH2_MSG_KEXGSS_HOSTKEY);
+
+ switch (type) {
+ case SSH2_MSG_KEXGSS_CONTINUE:
+ debug("Received GSSAPI_CONTINUE");
+ if (maj_status == GSS_S_COMPLETE)
+ fatal("GSSAPI Continue received from"
+ "server when complete");
+ recv_tok.value = packet_get_string(&strlen);
+ recv_tok.length = strlen;
+ break;
+ case SSH2_MSG_KEXGSS_COMPLETE:
+ debug("Received GSSAPI_COMPLETE");
+ packet_get_bignum2(dh_server_pub);
+ msg_tok.value = packet_get_string(&strlen);
+ msg_tok.length = strlen;
+
+ /* Is there a token included? */
+ if (packet_get_char()) {
+ recv_tok.value=
+ packet_get_string(&strlen);
+ recv_tok.length = strlen;
+ /* If complete - protocol error */
+ if (maj_status == GSS_S_COMPLETE)
+ packet_disconnect("Protocol"
+ " error: received token"
+ " when complete");
+ } else {
+ /* No token included */
+ if (maj_status != GSS_S_COMPLETE)
+ packet_disconnect("Protocol"
+ " error: did not receive"
+ " final token");
+ }
+ break;
+ case SSH2_MSG_KEXGSS_ERROR:
+ debug("Received Error");
+ maj_status = packet_get_int();
+ min_status = packet_get_int();
+ msg = packet_get_string(NULL);
+ lang = packet_get_string(NULL);
+ fatal("GSSAPI Error: \n%.400s", msg);
+ default:
+ packet_disconnect("Protocol error: didn't"
+ " expect packet type %d", type);
+ }
+ token_ptr = &recv_tok;
+ } else {
+ /* No data, and not complete */
+ if (maj_status != GSS_S_COMPLETE)
+ fatal("Not complete, and no token output");
+ }
+ } while (maj_status & GSS_S_CONTINUE_NEEDED);
+
+ /*
+ * We _must_ have received a COMPLETE message in reply from the
+ * server, which will have set dh_server_pub and msg_tok
+ */
+
+ if (type != SSH2_MSG_KEXGSS_COMPLETE)
+ fatal("Didn't receive SSH2_MSG_KEXGSS_COMPLETE when expected");
+
+ /* Check f in range [1, p-1] */
+ if (!dh_pub_is_valid(kex->dh, dh_server_pub))
+ packet_disconnect("bad server public DH value");
+
+ /* compute K=f^x mod p */
+ klen = DH_size(kex->dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_server_pub, kex->dh);
+ if (kout < 0)
+ fatal("DH_compute_key: failed");
+
+ shared_secret = BN_new();
+ if (shared_secret == NULL)
+ fatal("kexgss_client: BN_new failed");
+
+ if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
+ fatal("kexdh_client: BN_bin2bn failed");
+
+ memset(kbuf, 0, klen);
+ free(kbuf);
+
+ hashlen = sizeof (hash);
+ switch (kex->kex_type) {
+ case KEX_GSS_GRP1_SHA1:
+ case KEX_GSS_GRP14_SHA1:
+ kex_dh_hash(kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(kex->my), buffer_len(kex->my),
+ buffer_ptr(kex->peer), buffer_len(kex->peer),
+ (serverhostkey ? serverhostkey : empty), slen,
+ kex->dh->pub_key, /* e */
+ dh_server_pub, /* f */
+ shared_secret, /* K */
+ hash, &hashlen);
+ break;
+ case KEX_GSS_GEX_SHA1:
+ kexgex_hash(
+ kex->hash_alg,
+ kex->client_version_string,
+ kex->server_version_string,
+ buffer_ptr(kex->my), buffer_len(kex->my),
+ buffer_ptr(kex->peer), buffer_len(kex->peer),
+ (serverhostkey ? serverhostkey : empty), slen,
+ min, nbits, max,
+ kex->dh->p, kex->dh->g,
+ kex->dh->pub_key,
+ dh_server_pub,
+ shared_secret,
+ hash, &hashlen);
+ break;
+ default:
+ fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
+ }
+
+ gssbuf.value = hash;
+ gssbuf.length = hashlen;
+
+ /* Verify that the hash matches the MIC we just got. */
+ if (GSS_ERROR(ssh_gssapi_checkmic(ctxt, &gssbuf, &msg_tok)))
+ packet_disconnect("Hash's MIC didn't verify");
+
+ free(msg_tok.value);
+
+ DH_free(kex->dh);
+ if (serverhostkey)
+ free(serverhostkey);
+ BN_clear_free(dh_server_pub);
+
+ /* save session id */
+ if (kex->session_id == NULL) {
+ kex->session_id_len = hashlen;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ if (gss_kex_context == NULL)
+ gss_kex_context = ctxt;
+ else
+ ssh_gssapi_delete_ctx(&ctxt);
+
+ if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
+ r = kex_send_newkeys(ssh);
+ return (r);
+}
+
+#endif /* GSSAPI */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/sources/kexgsss.c Mon Jan 25 10:57:40 2016 -0800
@@ -0,0 +1,297 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * May 22, 2015
+ * In version 6.8 a new packet interface has been introduced to OpenSSH,
+ * while the old packet API has been provided in opacket.c.
+ * At this moment we are not rewritting GSS-API key exchange code to the new
+ * API, just adjusting it to still work with new struct ssh.
+ * Rewritting to the new API can be considered in the future.
+ */
+
+#include "includes.h"
+
+#ifdef GSSAPI
+
+#include <signal.h> /* for sig_atomic_t in kex.h */
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+
+#include "xmalloc.h"
+#include "buffer.h"
+#include "ssh2.h"
+#include "key.h"
+#include "cipher.h"
+#include "digest.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "dh.h"
+#include "ssh-gss.h"
+#include "monitor_wrap.h"
+
+int
+kexgss_server(struct ssh *ssh)
+{
+ OM_uint32 maj_status, min_status;
+
+ /*
+ * Some GSSAPI implementations use the input value of ret_flags (an
+ * output variable) as a means of triggering mechanism specific
+ * features. Initializing it to zero avoids inadvertently
+ * activating this non-standard behaviour.
+ */
+
+ OM_uint32 ret_flags = 0;
+ gss_buffer_desc gssbuf, recv_tok, msg_tok;
+ gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
+ Gssctxt *ctxt = NULL;
+ uint_t slen, klen, kout;
+ uchar_t *kbuf;
+ DH *dh;
+ int min = -1, max = -1, nbits = -1;
+ BIGNUM *shared_secret = NULL;
+ BIGNUM *dh_client_pub = NULL;
+ int type = 0;
+ gss_OID oid;
+ char *mechs;
+ struct kex *kex = ssh->kex;
+ int r;
+ uchar_t hash[SSH_DIGEST_MAX_LENGTH];
+ size_t hashlen;
+
+ /* Initialise GSSAPI */
+
+ /*
+ * If we're rekeying, privsep means that some of the private structures
+ * in the GSSAPI code are no longer available. This kludges them back
+ * into life
+ */
+ if (!ssh_gssapi_oid_table_ok())
+ if ((mechs = ssh_gssapi_server_mechanisms()))
+ free(mechs);
+
+ debug2("%s: Identifying %s", __func__, kex->name);
+ oid = ssh_gssapi_id_kex(NULL, kex->name, kex->kex_type);
+ if (oid == GSS_C_NO_OID)
+ fatal("Unknown gssapi mechanism");
+
+ debug2("%s: Acquiring credentials", __func__);
+
+ if (GSS_ERROR(PRIVSEP(ssh_gssapi_server_ctx(&ctxt, oid))))
+ fatal("Unable to acquire credentials for the server");
+
+ switch (kex->kex_type) {
+ case KEX_GSS_GRP1_SHA1:
+ kex->dh = dh_new_group1();
+ break;
+ case KEX_GSS_GRP14_SHA1:
+ kex->dh = dh_new_group14();
+ break;
+ case KEX_GSS_GEX_SHA1:
+ debug("Doing group exchange");
+ packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ);
+ min = packet_get_int();
+ nbits = packet_get_int();
+ max = packet_get_int();
+ min = MAX(DH_GRP_MIN, min);
+ max = MIN(DH_GRP_MAX, max);
+ packet_check_eom();
+ if (max < min || nbits < min || max < nbits)
+ fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
+ min, nbits, max);
+ kex->dh = PRIVSEP(choose_dh(min, nbits, max));
+ if (kex->dh == NULL)
+ packet_disconnect("Protocol error:"
+ " no matching group found");
+
+ packet_start(SSH2_MSG_KEXGSS_GROUP);
+ packet_put_bignum2(kex->dh->p);
+ packet_put_bignum2(kex->dh->g);
+ packet_send();
+
+ packet_write_wait();
+ break;
+ default:
+ fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
+ }
+
+ dh_gen_key(kex->dh, kex->we_need * 8);
+
+ do {
+ debug("Wait SSH2_MSG_GSSAPI_INIT");
+ type = packet_read();
+ switch (type) {
+ case SSH2_MSG_KEXGSS_INIT:
+ if (dh_client_pub != NULL)
+ fatal("Received KEXGSS_INIT after"
+ " initialising");
+ recv_tok.value = packet_get_string(&slen);
+ recv_tok.length = slen;
+
+ if ((dh_client_pub = BN_new()) == NULL)
+ fatal("dh_client_pub == NULL");
+
+ packet_get_bignum2(dh_client_pub);
+
+ /* Send SSH_MSG_KEXGSS_HOSTKEY here, if we want */
+ break;
+ case SSH2_MSG_KEXGSS_CONTINUE:
+ recv_tok.value = packet_get_string(&slen);
+ recv_tok.length = slen;
+ break;
+ default:
+ packet_disconnect(
+ "Protocol error: didn't expect packet type %d",
+ type);
+ }
+
+ maj_status = PRIVSEP(ssh_gssapi_accept_ctx(ctxt, &recv_tok,
+ &send_tok, &ret_flags));
+
+ free(recv_tok.value);
+
+ if (maj_status != GSS_S_COMPLETE && send_tok.length == 0)
+ fatal("Zero length token output when incomplete");
+
+ if (dh_client_pub == NULL)
+ fatal("No client public key");
+
+ if (maj_status & GSS_S_CONTINUE_NEEDED) {
+ debug("Sending GSSAPI_CONTINUE");
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
+ packet_put_string(send_tok.value, send_tok.length);
+ packet_send();
+ gss_release_buffer(&min_status, &send_tok);
+ }
+ } while (maj_status & GSS_S_CONTINUE_NEEDED);
+
+ if (GSS_ERROR(maj_status)) {
+ if (send_tok.length > 0) {
+ packet_start(SSH2_MSG_KEXGSS_CONTINUE);
+ packet_put_string(send_tok.value, send_tok.length);
+ packet_send();
+ }
+ fatal("accept_ctx died");
+ }
+
+ if (!(ret_flags & GSS_C_MUTUAL_FLAG))
+ fatal("Mutual Authentication flag wasn't set");
+
+ if (!(ret_flags & GSS_C_INTEG_FLAG))
+ fatal("Integrity flag wasn't set");
+
+ if (!dh_pub_is_valid(kex->dh, dh_client_pub))
+ packet_disconnect("bad client public DH value");
+
+ klen = DH_size(kex->dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_client_pub, kex->dh);
+ if (kout < 0)
+ fatal("DH_compute_key: failed");
+
+ shared_secret = BN_new();
+ if (shared_secret == NULL)
+ fatal("kexgss_server: BN_new failed");
+
+ if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
+ fatal("kexgss_server: BN_bin2bn failed");
+
+ memset(kbuf, 0, klen);
+ free(kbuf);
+
+ hashlen = sizeof (hash);
+ switch (kex->kex_type) {
+ case KEX_GSS_GRP1_SHA1:
+ case KEX_GSS_GRP14_SHA1:
+ kex_dh_hash(
+ kex->client_version_string, kex->server_version_string,
+ buffer_ptr(kex->peer), buffer_len(kex->peer),
+ buffer_ptr(kex->my), buffer_len(kex->my),
+ NULL, 0, /* Change this if we start sending host keys */
+ dh_client_pub, kex->dh->pub_key, shared_secret,
+ hash, &hashlen);
+ break;
+ case KEX_GSS_GEX_SHA1:
+ kexgex_hash(
+ kex->hash_alg,
+ kex->client_version_string, kex->server_version_string,
+ buffer_ptr(kex->peer), buffer_len(kex->peer),
+ buffer_ptr(kex->my), buffer_len(kex->my),
+ NULL, 0,
+ min, nbits, max,
+ kex->dh->p, kex->dh->g,
+ dh_client_pub,
+ kex->dh->pub_key,
+ shared_secret,
+ hash, &hashlen);
+ break;
+ default:
+ fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
+ }
+
+ BN_clear_free(dh_client_pub);
+
+ if (kex->session_id == NULL) {
+ kex->session_id_len = hashlen;
+ kex->session_id = xmalloc(kex->session_id_len);
+ memcpy(kex->session_id, hash, kex->session_id_len);
+ }
+
+ gssbuf.value = hash;
+ gssbuf.length = hashlen;
+
+ if (GSS_ERROR(PRIVSEP(ssh_gssapi_sign(ctxt, &gssbuf, &msg_tok))))
+ fatal("Couldn't get MIC");
+
+ packet_start(SSH2_MSG_KEXGSS_COMPLETE);
+ packet_put_bignum2(kex->dh->pub_key);
+ packet_put_string(msg_tok.value, msg_tok.length);
+
+ if (send_tok.length != 0) {
+ packet_put_char(1); /* true */
+ packet_put_string(send_tok.value, send_tok.length);
+ } else {
+ packet_put_char(0); /* false */
+ }
+ packet_send();
+
+ gss_release_buffer(&min_status, &send_tok);
+ gss_release_buffer(&min_status, &msg_tok);
+
+ if (gss_kex_context == NULL)
+ gss_kex_context = ctxt;
+ else
+ ssh_gssapi_delete_ctx(&ctxt);
+
+ DH_free(kex->dh);
+
+ if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
+ r = kex_send_newkeys(ssh);
+ return (r);
+}
+#endif /* GSSAPI */