PSARC/2016/216 OpenSSH 7.2p2 upgrade. Host keys and moduli updates
22931214 upgrade OpenSSH to 7.2p2
22931349 problem in UTILITY/OPENSSH
20955968 remove servconf.c portion of 003-last_login.patch when upgrading to OpenSSH 7.2
22489925 Re-enable Curve25519 in OpenSSH
--- a/components/openssh/Makefile Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/Makefile Wed Apr 20 13:13:57 2016 -0700
@@ -27,16 +27,16 @@
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= openssh
-COMPONENT_VERSION= 7.1p2
+COMPONENT_VERSION= 7.2p2
HUMAN_VERSION= $(COMPONENT_VERSION)
# Version for IPS. The encoding rules are:
# OpenSSH <x>.<y>p<n> => IPS <x>.<y>.0.<n>
# OpenSSH <x>.<y>.<z>p<n> => IPS <x>.<y>.<z>.<n>
-IPS_COMPONENT_VERSION= 7.1.0.2
+IPS_COMPONENT_VERSION= 7.2.0.2
COMPONENT_PROJECT_URL= http://www.openssh.org/
-COMPONENT_ARCHIVE_HASH= sha256:dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd
+COMPONENT_ARCHIVE_HASH= sha256:a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c
COMPONENT_ARCHIVE_URL= http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/$(COMPONENT_ARCHIVE)
TPNO_OPENSSH= 26419
--- a/components/openssh/network-ssh.p5m Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/network-ssh.p5m Wed Apr 20 13:13:57 2016 -0700
@@ -32,7 +32,7 @@
value=org.opensolaris.category.2008:System/Security
set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
-set name=org.opensolaris.arc-caseid value=PSARC/2012/335
+set name=org.opensolaris.arc-caseid value=PSARC/2012/335 value=PSARC/2016/216
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
file path=etc/ssh/ssh_config group=sys mode=0644 \
original_name=SUNWssh:etc/ssh/ssh_config overlay=allow preserve=renamenew
--- a/components/openssh/patches/003-last_login.patch Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/patches/003-last_login.patch Wed Apr 20 13:13:57 2016 -0700
@@ -4,6 +4,9 @@
# their consideration:
# https://bugzilla.mindrot.org/show_bug.cgi?id=2278
#
+# Update - accepted upstream:
+# https://github.com/openssh/openssh-portable/commit/ac908c1eeacccfa
+#
# OpenSSH normally updates lastlog when users login and reads lastlog to
# determine the last login time of the user however on Solaris the
# pam_unix_session(5) module handles both of these tasks so we compile
@@ -12,31 +15,6 @@
# can't be changed so we update sshd's configuration parsing to flag
# this as unsupported and update the man page here.
#
-diff -pur old/servconf.c new/servconf.c
---- old/servconf.c
-+++ new/servconf.c
-@@ -504,7 +504,11 @@ static struct {
- { "listenaddress", sListenAddress, SSHCFG_GLOBAL },
- { "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
- { "printmotd", sPrintMotd, SSHCFG_GLOBAL },
-+#ifdef DISABLE_LASTLOG
-+ { "printlastlog", sUnsupported, SSHCFG_GLOBAL },
-+#else
- { "printlastlog", sPrintLastLog, SSHCFG_GLOBAL },
-+#endif
- { "ignorerhosts", sIgnoreRhosts, SSHCFG_GLOBAL },
- { "ignoreuserknownhosts", sIgnoreUserKnownHosts, SSHCFG_GLOBAL },
- { "x11forwarding", sX11Forwarding, SSHCFG_ALL },
-@@ -2268,7 +2272,9 @@ dump_config(ServerOptions *o)
- dump_cfg_fmtint(sChallengeResponseAuthentication,
- o->challenge_response_authentication);
- dump_cfg_fmtint(sPrintMotd, o->print_motd);
-+#ifndef DISABLE_LASTLOG
- dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
-+#endif /* !DISABLE_LASTLOG */
- dump_cfg_fmtint(sX11Forwarding, o->x11_forwarding);
- dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost);
- dump_cfg_fmtint(sPermitTTY, o->permit_tty);
diff -pur old/sshd_config.5 new/sshd_config.5
--- old/sshd_config.5
+++ new/sshd_config.5
--- a/components/openssh/patches/013-dtrace_sftp.patch Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/patches/013-dtrace_sftp.patch Wed Apr 20 13:13:57 2016 -0700
@@ -5,8 +5,8 @@
# contribute the changes to the upstream community.
#
diff -pur old/Makefile.in new/Makefile.in
---- old/Makefile.in 2015-03-28 14:10:39.426859283 +0100
-+++ new/Makefile.in 2015-03-28 14:16:12.472203388 +0100
+--- old/Makefile.in
++++ new/Makefile.in
@@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
@@ -23,18 +23,18 @@
ssh-pkcs11.o smult_curve25519_ref.o \
poly1305.o chacha.o cipher-chachapoly.o \
ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
-@@ -110,7 +112,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
- sftp-server.o sftp-common.o \
- roaming_common.o roaming_serv.o \
+@@ -107,7 +109,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+ monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o \
+ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+- sftp-server.o sftp-common.o \
++ sftp-server.o sftp-common.o sftp_provider.o \
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
-- sandbox-seccomp-filter.o sandbox-capsicum.o
-+ sandbox-seccomp-filter.o sandbox-capsicum.o sftp_provider.o
-
- MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
- MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
+ sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
+ sandbox-solaris.o
@@ -187,8 +189,8 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
- $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
-sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
- $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -63,18 +63,18 @@
rm -f regress/unittests/test_helper/*.a
rm -f regress/unittests/test_helper/*.o
rm -f regress/unittests/sshbuf/*.o
-@@ -340,6 +351,7 @@ install-files:
- ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
- ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+@@ -336,6 +347,7 @@ install-files:
+ $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+ $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+ $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+ mkdir -p $(ROOTDLIBDIR64) && cp $(srcdir)/sftp64.d $(ROOTDLIBDIR64)/sftp64.d
install-sysconf:
if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
diff -pur old/sftp-server.c new/sftp-server.c
---- old/sftp-server.c 2015-03-17 06:49:20.000000000 +0100
-+++ new/sftp-server.c 2015-03-28 14:27:55.661510029 +0100
-@@ -55,6 +55,9 @@
+--- old/sftp-server.c
++++ new/sftp-server.c
+@@ -54,6 +54,9 @@
#include "sftp.h"
#include "sftp-common.h"
@@ -84,7 +84,7 @@
/* Our verbosity */
static LogLevel log_level = SYSLOG_LEVEL_ERROR;
-@@ -741,14 +744,17 @@ process_read(u_int32_t id)
+@@ -740,14 +743,17 @@ process_read(u_int32_t id)
u_int32_t len;
int r, handle, fd, ret, status = SSH2_FX_FAILURE;
u_int64_t off;
@@ -104,7 +104,7 @@
if (len > sizeof buf) {
len = sizeof buf;
debug2("read change len %d", len);
-@@ -759,7 +765,13 @@ process_read(u_int32_t id)
+@@ -758,7 +764,13 @@ process_read(u_int32_t id)
error("process_read: seek failed");
status = errno_to_portable(errno);
} else {
@@ -118,7 +118,7 @@
if (ret < 0) {
status = errno_to_portable(errno);
} else if (ret == 0) {
-@@ -782,14 +794,16 @@ process_write(u_int32_t id)
+@@ -781,14 +793,16 @@ process_write(u_int32_t id)
size_t len;
int r, handle, fd, ret, status;
u_char *data;
@@ -136,7 +136,7 @@
fd = handle_to_fd(handle);
if (fd < 0)
-@@ -801,7 +815,14 @@ process_write(u_int32_t id)
+@@ -800,7 +814,14 @@ process_write(u_int32_t id)
error("process_write: seek failed");
} else {
/* XXX ATOMICIO ? */
--- a/components/openssh/patches/017-option_default_value.patch Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/patches/017-option_default_value.patch Wed Apr 20 13:13:57 2016 -0700
@@ -10,9 +10,10 @@
# This is for Solaris only, we will not contribute back these changes to the
# upstream.
#
---- orig/readconf.c Thu Sep 4 17:27:04 2014
-+++ new/readconf.c Tue Sep 9 17:33:50 2014
-@@ -1575,7 +1575,11 @@
+diff -pur old/readconf.c new/readconf.c
+--- old/readconf.c
++++ new/readconf.c
+@@ -1803,7 +1803,11 @@ fill_default_options(Options * options)
if (options->forward_x11 == -1)
options->forward_x11 = 0;
if (options->forward_x11_trusted == -1)
@@ -24,7 +25,7 @@
if (options->forward_x11_timeout == -1)
options->forward_x11_timeout = 1200;
if (options->exit_on_forward_failure == -1)
-@@ -1593,7 +1597,11 @@
+@@ -1825,7 +1829,11 @@ fill_default_options(Options * options)
if (options->challenge_response_authentication == -1)
options->challenge_response_authentication = 1;
if (options->gss_authentication == -1)
@@ -36,9 +37,10 @@
if (options->gss_deleg_creds == -1)
options->gss_deleg_creds = 0;
if (options->password_authentication == -1)
---- orig/servconf.c Thu Sep 4 17:17:58 2014
-+++ new/servconf.c Tue Sep 9 17:36:32 2014
-@@ -208,7 +208,11 @@
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c
++++ new/servconf.c
+@@ -265,7 +265,11 @@ fill_default_server_options(ServerOption
if (options->print_lastlog == -1)
options->print_lastlog = 1;
if (options->x11_forwarding == -1)
@@ -50,7 +52,7 @@
if (options->x11_display_offset == -1)
options->x11_display_offset = 10;
if (options->x11_use_localhost == -1)
-@@ -244,7 +248,11 @@
+@@ -303,7 +307,11 @@ fill_default_server_options(ServerOption
if (options->kerberos_get_afs_token == -1)
options->kerberos_get_afs_token = 0;
if (options->gss_authentication == -1)
@@ -61,10 +63,11 @@
+#endif
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
- if (options->password_authentication == -1)
---- orig/ssh_config.5 Thu Sep 4 17:58:05 2014
-+++ new/ssh_config.5 Tue Sep 9 17:48:39 2014
-@@ -643,8 +643,8 @@
+ if (options->gss_strict_acceptor == -1)
+diff -pur old/ssh_config.5 new/ssh_config.5
+--- old/ssh_config.5
++++ new/ssh_config.5
+@@ -802,8 +802,8 @@ Furthermore, the
token used for the session will be set to expire after 20 minutes.
Remote clients will be refused access after this time.
.Pp
@@ -75,7 +78,7 @@
.Pp
See the X11 SECURITY extension specification for full details on
the restrictions imposed on untrusted clients.
-@@ -673,8 +673,8 @@
+@@ -832,8 +832,8 @@ The default is
.Pa /etc/ssh/ssh_known_hosts2 .
.It Cm GSSAPIAuthentication
Specifies whether user authentication based on GSSAPI is allowed.
@@ -83,12 +86,13 @@
-.Dq no .
+The default on Solaris is
+.Dq yes .
- Note that this option applies to protocol version 2 only.
.It Cm GSSAPIDelegateCredentials
Forward (delegate) credentials to the server.
---- orig/sshd_config.5 Thu Sep 4 17:58:07 2014
-+++ new/sshd_config.5 Tue Sep 9 17:49:58 2014
-@@ -490,8 +490,8 @@
+ The default is
+diff -pur old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5
++++ new/sshd_config.5
+@@ -621,8 +621,8 @@ The default is
.Dq no .
.It Cm GSSAPIAuthentication
Specifies whether user authentication based on GSSAPI is allowed.
@@ -96,10 +100,10 @@
-.Dq no .
+The default on Solaris is
+.Dq yes .
- Note that this option applies to protocol version 2 only.
.It Cm GSSAPICleanupCredentials
Specifies whether to automatically destroy the user's credentials cache
-@@ -1239,8 +1239,8 @@
+ on logout.
+@@ -1637,8 +1637,8 @@ The argument must be
.Dq yes
or
.Dq no .
--- a/components/openssh/patches/019-no_uid_restoration_test.patch Wed Apr 20 13:13:57 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,70 +0,0 @@
-#
-# OpenSSH verifies, that changing [ug]id back to 0 fails, after it
-# was set to the values of the user logging in.
-# On Solaris, if that user was given PRIV_PROC_SETUID privilege,
-# set[gu]id(0) succeeds. But in this case this is not an error in
-# dropping privilege, such user is supposed to be able to do that.
-#
-# This fix removes this check entirely. Skipping the check only in
-# case PRIV_PROC_SETUID is asserted in the effective set was considered
-# but decided against. The check is redundant, because inability to
-# restore uid=0 can be inferred from successful run of setreuid(uid, uid).
-#
-# The fix is implemented by replacing an OS-related HAVE_CYGWIN guard
-# with a functional NO_UID_RESTORATION_TEST and by defining the new
-# symbol in the component Makefile.
-#
-# This patch was submitted upstream:
-#
-# https://bugzilla.mindrot.org/show_bug.cgi?id=2299
-#
-# See the above URL for details on if/when it might be accepted.
-#
-diff -ur old/uidswap.c new/uidswap.c
---- old/uidswap.c 2014-01-18 01:43:50.000000000 -0800
-+++ new/uidswap.c 2014-09-04 06:26:32.965065384 -0700
-@@ -134,7 +134,7 @@
- void
- permanently_drop_suid(uid_t uid)
- {
--#ifndef HAVE_CYGWIN
-+#ifndef NO_UID_RESTORATION_TEST
- uid_t old_uid = getuid();
- #endif
-
-@@ -142,7 +142,7 @@
- if (setresuid(uid, uid, uid) < 0)
- fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));
-
--#ifndef HAVE_CYGWIN
-+#ifndef NO_UID_RESTORATION_TEST
- /* Try restoration of UID if changed (test clearing of saved uid) */
- if (old_uid != uid &&
- (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
-@@ -199,7 +199,7 @@
- void
- permanently_set_uid(struct passwd *pw)
- {
--#ifndef HAVE_CYGWIN
-+#ifndef NO_UID_RESTORATION_TEST
- uid_t old_uid = getuid();
- gid_t old_gid = getgid();
- #endif
-@@ -227,7 +227,7 @@
- if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
- fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
-
--#ifndef HAVE_CYGWIN
-+#ifndef NO_UID_RESTORATION_TEST
- /* Try restoration of GID if changed (test clearing of saved gid) */
- if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
- (setgid(old_gid) != -1 || setegid(old_gid) != -1))
-@@ -241,7 +241,7 @@
- (u_int)pw->pw_gid);
- }
-
--#ifndef HAVE_CYGWIN
-+#ifndef NO_UID_RESTORATION_TEST
- /* Try restoration of UID if changed (test clearing of saved uid) */
- if (old_uid != pw->pw_uid &&
- (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
--- a/components/openssh/patches/023-gsskex.patch Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/patches/023-gsskex.patch Wed Apr 20 13:13:57 2016 -0700
@@ -26,8 +26,8 @@
- auth2-gss.o gss-serv.o gss-serv-krb5.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
- sftp-server.o sftp-common.o \
- roaming_common.o roaming_serv.o \
+ sftp-server.o sftp-common.o sftp_provider.o \
+ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
diff -pur old/auth2-gss.c new/auth2-gss.c
--- old/auth2-gss.c
+++ new/auth2-gss.c
@@ -420,7 +420,7 @@
diff -pur old/kex.c new/kex.c
--- old/kex.c
+++ new/kex.c
-@@ -55,6 +55,10 @@
+@@ -54,6 +54,10 @@
#include "sshbuf.h"
#include "digest.h"
@@ -431,7 +431,7 @@
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
# if defined(HAVE_EVP_SHA256)
# define evp_ssh_sha256 EVP_sha256
-@@ -95,6 +99,11 @@ static const struct kexalg kexalgs[] = {
+@@ -107,6 +111,11 @@ static const struct kexalg kexalgs[] = {
#if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
#endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
@@ -443,7 +443,7 @@
{ NULL, -1, -1, -1},
};
-@@ -126,7 +135,7 @@ kex_alg_by_name(const char *name)
+@@ -138,7 +147,7 @@ kex_alg_by_name(const char *name)
const struct kexalg *k;
for (k = kexalgs; k->name != NULL; k++) {
@@ -455,7 +455,7 @@
diff -pur old/kex.h new/kex.h
--- old/kex.h
+++ new/kex.h
-@@ -93,6 +93,9 @@ enum kex_exchange {
+@@ -92,6 +92,9 @@ enum kex_exchange {
KEX_DH_GEX_SHA256,
KEX_ECDH_SHA2,
KEX_C25519_SHA256,
@@ -465,7 +465,7 @@
KEX_MAX
};
-@@ -139,6 +142,10 @@ struct kex {
+@@ -140,6 +143,10 @@ struct kex {
u_int flags;
int hash_alg;
int ec_nid;
@@ -476,7 +476,7 @@
char *client_version_string;
char *server_version_string;
char *failed_choice;
-@@ -186,6 +193,10 @@ int kexecdh_client(struct ssh *);
+@@ -189,6 +196,10 @@ int kexecdh_client(struct ssh *);
int kexecdh_server(struct ssh *);
int kexc25519_client(struct ssh *);
int kexc25519_server(struct ssh *);
@@ -490,7 +490,7 @@
diff -pur old/monitor.c new/monitor.c
--- old/monitor.c
+++ new/monitor.c
-@@ -160,6 +160,7 @@ int mm_answer_gss_setup_ctx(int, Buffer
+@@ -159,6 +159,7 @@ int mm_answer_gss_setup_ctx(int, Buffer
int mm_answer_gss_accept_ctx(int, Buffer *);
int mm_answer_gss_userok(int, Buffer *);
int mm_answer_gss_checkmic(int, Buffer *);
@@ -498,7 +498,7 @@
#endif
#ifdef SSH_AUDIT_EVENTS
-@@ -244,11 +245,17 @@ struct mon_table mon_dispatch_proto20[]
+@@ -243,11 +244,17 @@ struct mon_table mon_dispatch_proto20[]
{MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
{MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
{MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
@@ -516,7 +516,7 @@
#ifdef WITH_OPENSSL
{MONITOR_REQ_MODULI, 0, mm_answer_moduli},
#endif
-@@ -363,6 +370,10 @@ monitor_child_preauth(Authctxt *_authctx
+@@ -362,6 +369,10 @@ monitor_child_preauth(Authctxt *_authctx
/* Permit requests for moduli and signatures */
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -527,7 +527,7 @@
} else {
mon_dispatch = mon_dispatch_proto15;
-@@ -502,6 +513,10 @@ monitor_child_postauth(struct monitor *p
+@@ -501,6 +512,10 @@ monitor_child_postauth(struct monitor *p
monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -538,7 +538,7 @@
} else {
mon_dispatch = mon_dispatch_postauth15;
monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
-@@ -1927,6 +1942,13 @@ monitor_apply_keystate(struct monitor *p
+@@ -1924,6 +1939,13 @@ monitor_apply_keystate(struct monitor *p
# endif
#endif /* WITH_OPENSSL */
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -552,7 +552,7 @@
kex->load_host_public_key=&get_hostkey_public_by_type;
kex->load_host_private_key=&get_hostkey_private_by_type;
kex->host_key_index=&get_hostkey_index;
-@@ -2026,6 +2048,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
+@@ -2023,6 +2045,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
OM_uint32 major;
u_int len;
@@ -562,7 +562,7 @@
goid.elements = buffer_get_string(m, &len);
goid.length = len;
-@@ -2053,6 +2078,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
+@@ -2050,6 +2075,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
OM_uint32 flags = 0; /* GSI needs this */
u_int len;
@@ -572,7 +572,7 @@
in.value = buffer_get_string(m, &len);
in.length = len;
major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
-@@ -2070,6 +2098,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
+@@ -2067,6 +2095,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -580,7 +580,7 @@
}
return (0);
}
-@@ -2081,6 +2110,9 @@ mm_answer_gss_checkmic(int sock, Buffer
+@@ -2078,6 +2107,9 @@ mm_answer_gss_checkmic(int sock, Buffer
OM_uint32 ret;
u_int len;
@@ -590,7 +590,7 @@
gssbuf.value = buffer_get_string(m, &len);
gssbuf.length = len;
mic.value = buffer_get_string(m, &len);
-@@ -2107,6 +2139,9 @@ mm_answer_gss_userok(int sock, Buffer *m
+@@ -2104,6 +2136,9 @@ mm_answer_gss_userok(int sock, Buffer *m
{
int authenticated;
@@ -600,7 +600,7 @@
authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
buffer_clear(m);
-@@ -2120,5 +2155,47 @@ mm_answer_gss_userok(int sock, Buffer *m
+@@ -2117,5 +2152,47 @@ mm_answer_gss_userok(int sock, Buffer *m
/* Monitor loop will terminate if authenticated */
return (authenticated);
}
@@ -707,7 +707,7 @@
diff -pur old/readconf.c new/readconf.c
--- old/readconf.c
+++ new/readconf.c
-@@ -147,6 +147,7 @@ typedef enum {
+@@ -148,6 +148,7 @@ typedef enum {
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -715,7 +715,7 @@
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
-@@ -198,11 +199,15 @@ static struct {
+@@ -199,11 +200,15 @@ static struct {
{ "gssauthentication", oGssAuthentication }, /* alias */
{ "gssapidelegatecredentials", oGssDelegateCreds },
{ "gssdelegatecreds", oGssDelegateCreds }, /* alias */
@@ -731,7 +731,7 @@
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
-@@ -933,6 +938,10 @@ parse_time:
+@@ -965,6 +970,10 @@ parse_time:
intptr = &options->gss_authentication;
goto parse_flag;
@@ -742,7 +742,7 @@
case oGssDelegateCreds:
intptr = &options->gss_deleg_creds;
goto parse_flag;
-@@ -1647,6 +1656,7 @@ initialize_options(Options * options)
+@@ -1694,6 +1703,7 @@ initialize_options(Options * options)
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
@@ -750,7 +750,7 @@
options->gss_deleg_creds = -1;
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
-@@ -1786,6 +1796,12 @@ fill_default_options(Options * options)
+@@ -1834,6 +1844,12 @@ fill_default_options(Options * options)
#else
options->gss_authentication = 0;
#endif
@@ -785,7 +785,7 @@
options->gss_cleanup_creds = -1;
options->gss_strict_acceptor = -1;
options->password_authentication = -1;
-@@ -300,6 +301,12 @@ fill_default_server_options(ServerOption
+@@ -312,6 +313,12 @@ fill_default_server_options(ServerOption
#else
options->gss_authentication = 0;
#endif
@@ -798,7 +798,7 @@
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
if (options->gss_strict_acceptor == -1)
-@@ -442,6 +449,7 @@ typedef enum {
+@@ -449,6 +456,7 @@ typedef enum {
sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
sHostKeyAlgorithms,
sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
@@ -806,7 +806,7 @@
sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
sAcceptEnv, sPermitTunnel,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
-@@ -519,6 +527,8 @@ static struct {
+@@ -526,6 +534,8 @@ static struct {
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssauthentication", sGssAuthentication, SSHCFG_ALL }, /* alias */
@@ -815,7 +815,7 @@
#ifdef USE_GSS_STORE_CRED
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
#else /* USE_GSS_STORE_CRED */
-@@ -528,6 +538,8 @@ static struct {
+@@ -535,6 +545,8 @@ static struct {
#else
{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
{ "gssauthentication", sUnsupported, SSHCFG_ALL }, /* alias */
@@ -824,7 +824,7 @@
{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
{ "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL },
#endif
-@@ -1311,6 +1323,10 @@ process_server_config_line(ServerOptions
+@@ -1319,6 +1331,10 @@ process_server_config_line(ServerOptions
intptr = &options->gss_authentication;
goto parse_flag;
@@ -835,7 +835,7 @@
case sGssCleanupCreds:
intptr = &options->gss_cleanup_creds;
goto parse_flag;
-@@ -2357,6 +2373,7 @@ dump_config(ServerOptions *o)
+@@ -2373,6 +2389,7 @@ dump_config(ServerOptions *o)
#endif
#ifdef GSSAPI
dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -907,10 +907,10 @@
diff -pur old/ssh_config.5 new/ssh_config.5
--- old/ssh_config.5
+++ new/ssh_config.5
-@@ -757,6 +757,12 @@ Specifies whether user authentication ba
+@@ -834,6 +834,12 @@ The default is
+ Specifies whether user authentication based on GSSAPI is allowed.
The default on Solaris is
.Dq yes .
- Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIKeyExchange
+Specifies whether key exchange based on GSSAPI may be used. When using
+GSSAPI key exchange the server need not have a host key.
@@ -923,19 +923,19 @@
diff -pur old/sshconnect2.c new/sshconnect2.c
--- old/sshconnect2.c
+++ new/sshconnect2.c
-@@ -163,12 +163,37 @@ ssh_kex2(char *host, struct sockaddr *ho
- char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
+@@ -164,11 +164,35 @@ ssh_kex2(char *host, struct sockaddr *ho
+ char *s;
struct kex *kex;
int r;
+#ifdef GSSAPI
+ char *orig = NULL, *gss = NULL;
+ char *gss_host = NULL;
+#endif
-+
xxx_host = host;
xxx_hostaddr = hostaddr;
+- if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
+ if (options.kex_algorithms != NULL)
+ myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
+
@@ -956,13 +956,11 @@
+ }
+#endif
+
- myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
-- options.kex_algorithms);
-+ myproposal[PROPOSAL_KEX_ALGS]);
++ if (!(s = kex_names_cat(myproposal[PROPOSAL_KEX_ALGS], "ext-info-c")))
+ fatal("%s: kex_names_cat", __func__);
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
- compat_cipher_proposal(options.ciphers);
- myproposal[PROPOSAL_ENC_ALGS_STOC] =
-@@ -197,6 +222,17 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -199,6 +223,17 @@ ssh_kex2(char *host, struct sockaddr *ho
order_hostkeyalgs(host, hostaddr, port));
}
@@ -980,7 +978,7 @@
if (options.rekey_limit || options.rekey_interval)
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
(time_t)options.rekey_interval);
-@@ -215,9 +251,22 @@ ssh_kex2(char *host, struct sockaddr *ho
+@@ -217,9 +252,22 @@ ssh_kex2(char *host, struct sockaddr *ho
# endif
#endif
kex->kex[KEX_C25519_SHA256] = kexc25519_client;
@@ -1003,7 +1001,7 @@
dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
-@@ -310,6 +359,7 @@ int input_gssapi_token(int type, u_int32
+@@ -315,6 +363,7 @@ int input_gssapi_token(int type, u_int32
int input_gssapi_hash(int type, u_int32_t, void *);
int input_gssapi_error(int, u_int32_t, void *);
int input_gssapi_errtok(int, u_int32_t, void *);
@@ -1011,7 +1009,7 @@
#endif
void userauth(Authctxt *, char *);
-@@ -325,6 +375,11 @@ static char *authmethods_get(void);
+@@ -330,6 +379,11 @@ static char *authmethods_get(void);
Authmethod authmethods[] = {
#ifdef GSSAPI
@@ -1023,7 +1021,7 @@
{"gssapi-with-mic",
userauth_gssapi,
NULL,
-@@ -649,7 +704,10 @@ userauth_gssapi(Authctxt *authctxt)
+@@ -678,7 +732,10 @@ userauth_gssapi(Authctxt *authctxt)
* once. */
if (gss_supported == NULL)
@@ -1035,7 +1033,7 @@
/* Check to see if the mechanism is usable before we offer it */
while (mech < gss_supported->count && !ok) {
-@@ -753,8 +811,8 @@ input_gssapi_response(int type, u_int32_
+@@ -782,8 +839,8 @@ input_gssapi_response(int type, u_int32_
{
Authctxt *authctxt = ctxt;
Gssctxt *gssctxt;
@@ -1046,7 +1044,7 @@
if (authctxt == NULL)
fatal("input_gssapi_response: no authentication context");
-@@ -867,6 +925,48 @@ input_gssapi_error(int type, u_int32_t p
+@@ -896,6 +953,48 @@ input_gssapi_error(int type, u_int32_t p
free(lang);
return 0;
}
@@ -1098,7 +1096,7 @@
diff -pur old/sshd.c new/sshd.c
--- old/sshd.c
+++ new/sshd.c
-@@ -1827,10 +1827,13 @@ main(int ac, char **av)
+@@ -1833,10 +1833,13 @@ main(int ac, char **av)
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
}
@@ -1112,7 +1110,7 @@
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
logit("sshd: no hostkeys available -- exiting.");
exit(1);
-@@ -2588,6 +2591,48 @@ do_ssh2_kex(void)
+@@ -2596,6 +2599,48 @@ do_ssh2_kex(void)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
list_hostkey_types());
@@ -1161,7 +1159,7 @@
/* start key exchange */
if ((r = kex_setup(active_state, myproposal)) != 0)
fatal("kex_setup: %s", ssh_err(r));
-@@ -2602,6 +2647,13 @@ do_ssh2_kex(void)
+@@ -2610,6 +2655,13 @@ do_ssh2_kex(void)
# endif
#endif
kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -1178,28 +1176,27 @@
diff -pur old/sshd_config.5 new/sshd_config.5
--- old/sshd_config.5
+++ new/sshd_config.5
-@@ -621,6 +621,12 @@ Specifies whether user authentication ba
+@@ -623,6 +623,11 @@ The default is
+ Specifies whether user authentication based on GSSAPI is allowed.
The default on Solaris is
.Dq yes .
- Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIKeyExchange
+Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
+doesn't rely on ssh keys to verify host identity.
+The default on Solaris is
+.Dq yes .
-+Note that this option applies to protocol version 2 only.
.It Cm GSSAPICleanupCredentials
Specifies whether to automatically destroy the user's credentials cache
on logout.
diff -pur old/sshkey.c new/sshkey.c
--- old/sshkey.c
+++ new/sshkey.c
-@@ -112,6 +112,7 @@ static const struct keytype keytypes[] =
+@@ -115,6 +115,7 @@ static const struct keytype keytypes[] =
# endif /* OPENSSL_HAS_NISTP521 */
# endif /* OPENSSL_HAS_ECC */
#endif /* WITH_OPENSSL */
+ { "null", "null", KEY_NULL, 0, 0 },
- { NULL, NULL, -1, -1, 0 }
+ { NULL, NULL, -1, -1, 0, 0 }
};
diff -pur old/sshkey.h new/sshkey.h
--- a/components/openssh/patches/024-disable_ed25519.patch Wed Apr 20 13:13:57 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2140 +0,0 @@
-#
-# Per Solaris crypto team recommendation, we need to remove support for
-# Curve25519 from OpenSSH.
-#
-# Patch offered upstream but rejected:
-# https://bugzilla.mindrot.org/show_bug.cgi?id=2376
-#
-diff -pur old/Makefile.in new/Makefile.in
---- old/Makefile.in
-+++ new/Makefile.in
-@@ -155,7 +155,7 @@ $(SSHDOBJS): Makefile.in config.h
- $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
-
- LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
--$(LIBCOMPAT): always
-+$(LIBCOMPAT): always libssh.a
- (cd openbsd-compat && $(MAKE))
- always:
-
-diff -pur old/authfd.c new/authfd.c
---- old/authfd.c
-+++ new/authfd.c
-@@ -565,8 +565,10 @@ ssh_add_identity_constrained(int sock, s
- case KEY_ECDSA:
- case KEY_ECDSA_CERT:
- #endif
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- type = constrained ?
- SSH2_AGENTC_ADD_ID_CONSTRAINED :
- SSH2_AGENTC_ADD_IDENTITY;
-diff -pur old/authfile.c new/authfile.c
---- old/authfile.c
-+++ new/authfile.c
-@@ -449,7 +449,9 @@ sshkey_load_private_cert(int type, const
- case KEY_DSA:
- case KEY_ECDSA:
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-diff -pur old/dns.c new/dns.c
---- old/dns.c
-+++ new/dns.c
-@@ -100,11 +100,13 @@ dns_read_key(u_int8_t *algorithm, u_int8
- if (!*digest_type)
- *digest_type = SSHFP_HASH_SHA256;
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- *algorithm = SSHFP_KEY_ED25519;
- if (!*digest_type)
- *digest_type = SSHFP_HASH_SHA256;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- *algorithm = SSHFP_KEY_RESERVED; /* 0 */
- *digest_type = SSHFP_HASH_RESERVED; /* 0 */
-diff -pur old/dns.h new/dns.h
---- old/dns.h
-+++ new/dns.h
-@@ -33,7 +33,9 @@ enum sshfp_types {
- SSHFP_KEY_RSA = 1,
- SSHFP_KEY_DSA = 2,
- SSHFP_KEY_ECDSA = 3,
-- SSHFP_KEY_ED25519 = 4
-+#ifndef WITHOUT_ED25519
-+ SSHFP_KEY_ED25519 = 4
-+#endif /* WITHOUT_ED25519 */
- };
-
- enum sshfp_hashes {
-diff -pur old/ed25519.c new/ed25519.c
---- old/ed25519.c
-+++ new/ed25519.c
-@@ -7,6 +7,7 @@
- */
-
- #include "includes.h"
-+#ifndef WITHOUT_ED25519
- #include "crypto_api.h"
-
- #include "ge25519.h"
-@@ -142,3 +143,4 @@ int crypto_sign_ed25519_open(
- }
- return ret;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/fe25519.c new/fe25519.c
---- old/fe25519.c
-+++ new/fe25519.c
-@@ -8,6 +8,7 @@
-
- #include "includes.h"
-
-+#ifndef WITHOUT_ED25519
- #define WINDOWSIZE 1 /* Should be 1,2, or 4 */
- #define WINDOWMASK ((1<<WINDOWSIZE)-1)
-
-@@ -335,3 +336,4 @@ void fe25519_pow2523(fe25519 *r, const f
- /* 2^252 - 2^2 */ fe25519_square(&t,&t);
- /* 2^252 - 3 */ fe25519_mul(r,&t,x);
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/fe25519.h new/fe25519.h
---- old/fe25519.h
-+++ new/fe25519.h
-@@ -8,6 +8,7 @@
-
- #ifndef FE25519_H
- #define FE25519_H
-+#ifndef WITHOUT_ED25519
-
- #include "crypto_api.h"
-
-@@ -67,4 +68,5 @@ void fe25519_invert(fe25519 *r, const fe
-
- void fe25519_pow2523(fe25519 *r, const fe25519 *x);
-
-+#endif /* WITHOUT_ED25519 */
- #endif
-diff -pur old/ge25519.c new/ge25519.c
---- old/ge25519.c
-+++ new/ge25519.c
-@@ -7,6 +7,7 @@
- */
-
- #include "includes.h"
-+#ifndef WITHOUT_ED25519
-
- #include "fe25519.h"
- #include "sc25519.h"
-@@ -319,3 +320,4 @@ void ge25519_scalarmult_base(ge25519_p3
- ge25519_mixadd2(r, &t);
- }
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/ge25519.h new/ge25519.h
---- old/ge25519.h
-+++ new/ge25519.h
-@@ -8,6 +8,7 @@
-
- #ifndef GE25519_H
- #define GE25519_H
-+#ifndef WITHOUT_ED25519
-
- #include "fe25519.h"
- #include "sc25519.h"
-@@ -40,4 +41,5 @@ void ge25519_double_scalarmult_vartime(g
-
- void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
-
-+#endif /* WITHOUT_ED25519 */
- #endif
-diff -pur old/kex.c new/kex.c
---- old/kex.c
-+++ new/kex.c
-@@ -96,9 +96,11 @@ static const struct kexalg kexalgs[] = {
- # endif /* OPENSSL_HAS_NISTP521 */
- #endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
- { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
- #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
- { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
-diff -pur old/kex.h new/kex.h
---- old/kex.h
-+++ new/kex.h
-@@ -58,13 +58,17 @@
- #define KEX_ECDH_SHA2_NISTP256 "ecdh-sha2-nistp256"
- #define KEX_ECDH_SHA2_NISTP384 "ecdh-sha2-nistp384"
- #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
-+#ifndef WITHOUT_ED25519
- #define KEX_CURVE25519_SHA256 "[email protected]"
-+#endif /* WITHOUT_ED25519 */
-
- #define COMP_NONE 0
- #define COMP_ZLIB 1
- #define COMP_DELAYED 2
-
-+#ifndef WITHOUT_ED25519
- #define CURVE25519_SIZE 32
-+#endif /* WITHOUT_ED25519 */
-
- enum kex_init_proposals {
- PROPOSAL_KEX_ALGS,
-@@ -92,7 +96,9 @@ enum kex_exchange {
- KEX_DH_GEX_SHA1,
- KEX_DH_GEX_SHA256,
- KEX_ECDH_SHA2,
-+#ifndef WITHOUT_ED25519
- KEX_C25519_SHA256,
-+#endif /* WITHOUT_ED25519 */
- KEX_GSS_GRP1_SHA1,
- KEX_GSS_GRP14_SHA1,
- KEX_GSS_GEX_SHA1,
-@@ -161,8 +167,10 @@ struct kex {
- u_int min, max, nbits; /* GEX */
- EC_KEY *ec_client_key; /* ECDH */
- const EC_GROUP *ec_group; /* ECDH */
-+#ifndef WITHOUT_ED25519
- u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
- u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
-+#endif /* WITHOUT_ED25519 */
- };
-
- int kex_names_valid(const char *);
-@@ -191,8 +199,10 @@ int kexgex_client(struct ssh *);
- int kexgex_server(struct ssh *);
- int kexecdh_client(struct ssh *);
- int kexecdh_server(struct ssh *);
-+#ifndef WITHOUT_ED25519
- int kexc25519_client(struct ssh *);
- int kexc25519_server(struct ssh *);
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- int kexgss_client(struct ssh *);
- int kexgss_server(struct ssh *);
-@@ -213,6 +223,7 @@ int kex_ecdh_hash(int, const EC_GROUP *,
- const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
- const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
-
-+#ifndef WITHOUT_ED25519
- int kex_c25519_hash(int, const char *, const char *, const char *, size_t,
- const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,
- const u_char *, size_t, u_char *, size_t *);
-@@ -224,6 +235,7 @@ int kexc25519_shared_key(const u_char ke
- const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
- __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
- __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
-+#endif /* WITHOUT_ED25519 */
-
- int
- derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
-diff -pur old/kexc25519.c new/kexc25519.c
---- old/kexc25519.c
-+++ new/kexc25519.c
-@@ -27,6 +27,7 @@
-
- #include "includes.h"
-
-+#ifndef WITHOUT_ED25519
- #include <sys/types.h>
-
- #include <signal.h>
-@@ -131,3 +132,4 @@ kex_c25519_hash(
- #endif
- return 0;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/kexc25519c.c new/kexc25519c.c
---- old/kexc25519c.c
-+++ new/kexc25519c.c
-@@ -27,6 +27,7 @@
-
- #include "includes.h"
-
-+#ifndef WITHOUT_ED25519
- #include <sys/types.h>
-
- #include <stdio.h>
-@@ -168,3 +169,4 @@ out:
- sshbuf_free(shared_secret);
- return r;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/kexc25519s.c new/kexc25519s.c
---- old/kexc25519s.c
-+++ new/kexc25519s.c
-@@ -26,6 +26,8 @@
-
- #include "includes.h"
-
-+#ifndef WITHOUT_ED25519
-+
- #include <sys/types.h>
- #include <stdio.h>
- #include <string.h>
-@@ -157,3 +159,4 @@ out:
- sshbuf_free(shared_secret);
- return r;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/monitor.c new/monitor.c
---- old/monitor.c
-+++ new/monitor.c
-@@ -1941,7 +1941,9 @@ monitor_apply_keystate(struct monitor *p
- kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
- # endif
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- kex->kex[KEX_C25519_SHA256] = kexc25519_server;
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- if (options.gss_keyex) {
- kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
-diff -pur old/myproposal.h new/myproposal.h
---- old/myproposal.h
-+++ new/myproposal.h
-@@ -59,6 +59,20 @@
- # define HOSTKEY_ECDSA_METHODS
- #endif
-
-+#ifndef WITHOUT_ED25519
-+# if defined(WITH_OPENSSL) && defined(HAVE_EVP_SHA256)
-+# define KEX_CURVE25519_METHODS "[email protected],"
-+# else
-+# define KEX_CURVE25519_METHODS
-+# endif
-+# define HOSTKEY_CURVE25519_CERT_METHODS "[email protected],"
-+# define HOSTKEY_CURVE25519_METHODS "ssh-ed25519,"
-+#else
-+# define KEX_CURVE25519_METHODS
-+# define HOSTKEY_CURVE25519_CERT_METHODS
-+# define HOSTKEY_CURVE25519_METHODS
-+#endif /* WITHOUT_ED25519 */
-+
- #ifdef OPENSSL_HAVE_EVPGCM
- # define AESGCM_CIPHER_MODES \
- ",[email protected],[email protected]"
-@@ -78,11 +92,6 @@
- #endif
-
- #ifdef WITH_OPENSSL
--# ifdef HAVE_EVP_SHA256
--# define KEX_CURVE25519_METHODS "[email protected],"
--# else
--# define KEX_CURVE25519_METHODS ""
--# endif
- #define KEX_COMMON_KEX \
- KEX_CURVE25519_METHODS \
- KEX_ECDH_METHODS \
-@@ -97,10 +106,10 @@
-
- #define KEX_DEFAULT_PK_ALG \
- HOSTKEY_ECDSA_CERT_METHODS \
-- "[email protected]," \
-+ HOSTKEY_CURVE25519_CERT_METHODS \
- "[email protected]," \
- HOSTKEY_ECDSA_METHODS \
-- "ssh-ed25519," \
-+ HOSTKEY_CURVE25519_METHODS \
- "ssh-rsa" \
-
- /* the actual algorithms */
-@@ -141,10 +150,10 @@
- #else
-
- #define KEX_SERVER_KEX \
-- "[email protected]"
-+ KEX_CURVE25519_METHODS
- #define KEX_DEFAULT_PK_ALG \
-- "[email protected]," \
-- "ssh-ed25519"
-+ HOSTKEY_CURVE25519_CERT_METHODS \
-+ HOSTKEY_CURVE25519_METHODS
- #define KEX_SERVER_ENCRYPT \
- "[email protected]," \
- "aes128-ctr,aes192-ctr,aes256-ctr"
-diff -pur old/openbsd-compat/Makefile.in new/openbsd-compat/Makefile.in
---- old/openbsd-compat/Makefile.in
-+++ new/openbsd-compat/Makefile.in
-@@ -32,7 +32,7 @@ $(OPENBSD): ../config.h
- $(PORTS): ../config.h
-
- libopenbsd-compat.a: $(COMPAT) $(OPENBSD) $(PORTS)
-- $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS)
-+ $(AR) rv $@ $(COMPAT) $(OPENBSD) $(PORTS) ../hash.o ../blocks.o
- $(RANLIB) $@
-
- clean:
-diff -pur old/pathnames.h new/pathnames.h
---- old/pathnames.h
-+++ new/pathnames.h
-@@ -39,7 +39,9 @@
- #define _PATH_HOST_KEY_FILE SSHDIR "/ssh_host_key"
- #define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key"
- #define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key"
-+#ifndef WITHOUT_ED25519
- #define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key"
-+#endif /* WITHOUT_ED25519 */
- #define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
- #define _PATH_DH_MODULI SSHDIR "/moduli"
- /* Backwards compatibility */
-@@ -78,7 +80,9 @@
- #define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa"
- #define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa"
- #define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa"
-+#ifndef WITHOUT_ED25519
- #define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519"
-+#endif /* WITHOUT_ED25519 */
-
- /*
- * Configuration file in user's home directory. This file need not be
-diff -pur old/readconf.c new/readconf.c
---- old/readconf.c
-+++ new/readconf.c
-@@ -1846,8 +1846,10 @@ fill_default_options(Options * options)
- add_identity_file(options, "~/",
- _PATH_SSH_CLIENT_ID_ECDSA, 0);
- #endif
-+#ifndef WITHOUT_ED25519
- add_identity_file(options, "~/",
- _PATH_SSH_CLIENT_ID_ED25519, 0);
-+#endif /* WITHOUT_ED25519 */
- }
- }
- if (options->escape_char == -1)
-diff -pur old/servconf.c new/servconf.c
---- old/servconf.c
-+++ new/servconf.c
-@@ -222,8 +222,10 @@ fill_default_server_options(ServerOption
- options->host_key_files[options->num_host_key_files++] =
- _PATH_HOST_ECDSA_KEY_FILE;
- #endif
-+#ifndef WITHOUT_ED25519
- options->host_key_files[options->num_host_key_files++] =
- _PATH_HOST_ED25519_KEY_FILE;
-+#endif /* WITHOUT_ED25519 */
- }
- }
- /* No certificates by default */
-diff -pur old/smult_curve25519_ref.c new/smult_curve25519_ref.c
---- old/smult_curve25519_ref.c
-+++ new/smult_curve25519_ref.c
-@@ -6,6 +6,8 @@ Public domain.
- Derived from public domain code by D. J. Bernstein.
- */
-
-+#ifndef WITHOUT_ED25519
-+
- int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *);
-
- static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
-@@ -263,3 +265,4 @@ int crypto_scalarmult_curve25519(unsigne
- for (i = 0;i < 32;++i) q[i] = work[64 + i];
- return 0;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/ssh-add.0 new/ssh-add.0
---- old/ssh-add.0
-+++ new/ssh-add.0
-@@ -11,7 +11,7 @@ SYNOPSIS
- DESCRIPTION
- ssh-add adds private key identities to the authentication agent,
- ssh-agent(1). When run without arguments, it adds the files
-- ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
-+ ~/.ssh/id_rsa, ~/.ssh/id_dsa, and
- ~/.ssh/identity. After loading a private key, ssh-add will try to load
- corresponding certificate information from the filename obtained by
- appending -cert.pub to the name of the private key file. Alternative
-@@ -97,14 +97,6 @@ FILES
- Contains the protocol version 2 DSA authentication identity of
- the user.
-
-- ~/.ssh/id_ecdsa
-- Contains the protocol version 2 ECDSA authentication identity of
-- the user.
--
-- ~/.ssh/id_ed25519
-- Contains the protocol version 2 Ed25519 authentication identity
-- of the user.
--
- ~/.ssh/id_rsa
- Contains the protocol version 2 RSA authentication identity of
- the user.
-diff -pur old/ssh-add.1 new/ssh-add.1
---- old/ssh-add.1
-+++ new/ssh-add.1
-@@ -58,8 +58,6 @@ adds private key identities to the authe
- When run without arguments, it adds the files
- .Pa ~/.ssh/id_rsa ,
- .Pa ~/.ssh/id_dsa ,
--.Pa ~/.ssh/id_ecdsa ,
--.Pa ~/.ssh/id_ed25519
- and
- .Pa ~/.ssh/identity .
- After loading a private key,
-@@ -178,10 +176,6 @@ socket used to communicate with the agen
- Contains the protocol version 1 RSA authentication identity of the user.
- .It Pa ~/.ssh/id_dsa
- Contains the protocol version 2 DSA authentication identity of the user.
--.It Pa ~/.ssh/id_ecdsa
--Contains the protocol version 2 ECDSA authentication identity of the user.
--.It Pa ~/.ssh/id_ed25519
--Contains the protocol version 2 Ed25519 authentication identity of the user.
- .It Pa ~/.ssh/id_rsa
- Contains the protocol version 2 RSA authentication identity of the user.
- .El
-diff -pur old/ssh-add.c new/ssh-add.c
---- old/ssh-add.c
-+++ new/ssh-add.c
-@@ -78,7 +78,9 @@ static char *default_files[] = {
- _PATH_SSH_CLIENT_ID_ECDSA,
- #endif
- #endif /* WITH_OPENSSL */
-- _PATH_SSH_CLIENT_ID_ED25519,
-+#ifndef WITHOUT_ED25519
-+ _PATH_SSH_CLIENT_ID_ED25519,
-+#endif /* WITHOUT_ED25519 */
- #ifdef WITH_SSH1
- _PATH_SSH_CLIENT_IDENTITY,
- #endif
-diff -pur old/ssh-agent.0 new/ssh-agent.0
---- old/ssh-agent.0
-+++ new/ssh-agent.0
-@@ -10,7 +10,7 @@ SYNOPSIS
-
- DESCRIPTION
- ssh-agent is a program to hold private keys used for public key
-- authentication (RSA, DSA, ECDSA, Ed25519). ssh-agent is usually started
-+ authentication (RSA, DSA). ssh-agent is usually started
- in the beginning of an X-session or a login session, and all other
- windows or programs are started as clients to the ssh-agent program.
- Through use of environment variables the agent can be located and
-diff -pur old/ssh-agent.1 new/ssh-agent.1
---- old/ssh-agent.1
-+++ new/ssh-agent.1
-@@ -54,7 +54,7 @@
- .Sh DESCRIPTION
- .Nm
- is a program to hold private keys used for public key authentication
--(RSA, DSA, ECDSA, Ed25519).
-+(RSA, DSA).
- .Nm
- is usually started in the beginning of an X-session or a login session, and
- all other windows or programs are started as clients to the ssh-agent
-diff -pur old/ssh-ed25519.c new/ssh-ed25519.c
---- old/ssh-ed25519.c
-+++ new/ssh-ed25519.c
-@@ -17,6 +17,8 @@
-
- #include "includes.h"
-
-+#ifndef WITHOUT_ED25519
-+
- #include <sys/types.h>
- #include <limits.h>
-
-@@ -164,3 +166,4 @@ ssh_ed25519_verify(const struct sshkey *
- free(ktype);
- return r;
- }
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/ssh-keygen.0 new/ssh-keygen.0
---- old/ssh-keygen.0
-+++ new/ssh-keygen.0
-@@ -4,7 +4,7 @@ NAME
- ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
-
- SYNOPSIS
-- ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
-+ ssh-keygen [-q] [-b bits] [-t dsa | rsa | rsa1]
- [-N new_passphrase] [-C comment] [-f output_keyfile]
- ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
- ssh-keygen -i [-m key_format] [-f input_keyfile]
-@@ -32,7 +32,7 @@ SYNOPSIS
- DESCRIPTION
- ssh-keygen generates, manages and converts authentication keys for
- ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
-- and DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
-+ and DSA or RSA keys for use by SSH protocol version 2.
- The type of key to be generated is specified with the -t option. If
- invoked without any arguments, ssh-keygen will generate an RSA key for
- use in SSH protocol 2 connections.
-@@ -46,7 +46,7 @@ DESCRIPTION
-
- Normally each user wishing to use SSH with public key authentication runs
- this once to create the authentication key in ~/.ssh/identity,
-- ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa.
-+ ~/.ssh/id_dsa or ~/.ssh/id_rsa.
- Additionally, the system administrator may use this to generate host
- keys, as seen in /etc/rc.
-
-@@ -79,14 +79,14 @@ DESCRIPTION
-
- The options are as follows:
-
-- -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
-+ -A For each of the key types (rsa1, rsa and dsa) for
- which host keys do not exist, generate the host keys with the
- default key file path, an empty passphrase, default bits for the
- key type, and default comment. This is used by /etc/rc to
- generate new host keys.
-
- -a rounds
-- When saving a new-format private key (i.e. an ed25519 key or any
-+ When saving a new-format private key (i.e.
- SSH protocol 2 key when the -o flag is set), this option
- specifies the number of KDF (key derivation function) rounds
- used. Higher numbers result in slower passphrase verification
-@@ -103,12 +103,7 @@ DESCRIPTION
- Specifies the number of bits in the key to create. For RSA keys,
- the minimum size is 1024 bits and the default is 2048 bits.
- Generally, 2048 bits is considered sufficient. DSA keys must be
-- exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
-- the -b flag determines the key length by selecting from one of
-- three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
-- use bit lengths other than these three values for ECDSA keys will
-- fail. Ed25519 keys have a fixed length and the -b flag will be
-- ignored.
-+ exactly 1024 bits as specified by FIPS 186-2.
-
- -C comment
- Provides a new comment.
-@@ -279,7 +274,7 @@ DESCRIPTION
- new OpenSSH format rather than the more compatible PEM format.
- The new format has increased resistance to brute-force password
- cracking but is not supported by versions of OpenSSH prior to
-- 6.5. Ed25519 keys always use the new private key format.
-+ 6.5.
-
- -P passphrase
- Provides the (old) passphrase.
-@@ -318,9 +313,9 @@ DESCRIPTION
- Test DH group exchange candidate primes (generated using the -G
- option) for safety.
-
-- -t dsa | ecdsa | ed25519 | rsa | rsa1
-+ -t dsa | rsa | rsa1
- Specifies the type of key to create. The possible values are
-- M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or
-+ M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], or
- M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.
-
- -u Update a KRL. When specified with -k, keys listed via the
-@@ -525,10 +520,8 @@ FILES
- contents of this file secret.
-
- ~/.ssh/id_dsa
-- ~/.ssh/id_ecdsa
-- ~/.ssh/id_ed25519
- ~/.ssh/id_rsa
-- Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
-+ Contains the protocol version 2 DSA or RSA
- authentication identity of the user. This file should not be
- readable by anyone but the user. It is possible to specify a
- passphrase when generating the key; that passphrase will be used
-@@ -538,10 +531,8 @@ FILES
- read this file when a login attempt is made.
-
- ~/.ssh/id_dsa.pub
-- ~/.ssh/id_ecdsa.pub
-- ~/.ssh/id_ed25519.pub
- ~/.ssh/id_rsa.pub
-- Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public
-+ Contains the protocol version 2 DSA or RSA public
- key for authentication. The contents of this file should be
- added to ~/.ssh/authorized_keys on all machines where the user
- wishes to log in using public key authentication. There is no
-diff -pur old/ssh-keygen.1 new/ssh-keygen.1
---- old/ssh-keygen.1
-+++ new/ssh-keygen.1
-@@ -46,7 +46,7 @@
- .Nm ssh-keygen
- .Op Fl q
- .Op Fl b Ar bits
--.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
-+.Op Fl t Cm dsa | rsa | rsa1
- .Op Fl N Ar new_passphrase
- .Op Fl C Ar comment
- .Op Fl f Ar output_keyfile
-@@ -142,7 +142,7 @@ generates, manages and converts authenti
- .Xr ssh 1 .
- .Nm
- can create RSA keys for use by SSH protocol version 1 and
--DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
-+DSA or RSA keys for use by SSH protocol version 2.
- The type of key to be generated is specified with the
- .Fl t
- option.
-@@ -170,8 +170,6 @@ with public key authentication runs this
- key in
- .Pa ~/.ssh/identity ,
- .Pa ~/.ssh/id_dsa ,
--.Pa ~/.ssh/id_ecdsa ,
--.Pa ~/.ssh/id_ed25519
- or
- .Pa ~/.ssh/id_rsa .
- Additionally, the system administrator may use this to generate host keys,
-@@ -219,7 +217,7 @@ should be placed to be activated.
- The options are as follows:
- .Bl -tag -width Ds
- .It Fl A
--For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
-+For each of the key types (rsa1, rsa and dsa)
- for which host keys
- do not exist, generate the host keys with the default key file path,
- an empty passphrase, default bits for the key type, and default comment.
-@@ -227,7 +225,7 @@ This is used by
- .Pa /etc/rc
- to generate new host keys.
- .It Fl a Ar rounds
--When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
-+When saving a new-format private key (i.e. SSH protocol
- 2 key when the
- .Fl o
- flag is set), this option specifies the number of KDF (key derivation function)
-@@ -247,15 +245,6 @@ Specifies the number of bits in the key
- For RSA keys, the minimum size is 1024 bits and the default is 2048 bits.
- Generally, 2048 bits is considered sufficient.
- DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
--For ECDSA keys, the
--.Fl b
--flag determines the key length by selecting from one of three elliptic
--curve sizes: 256, 384 or 521 bits.
--Attempting to use bit lengths other than these three values for ECDSA keys
--will fail.
--Ed25519 keys have a fixed length and the
--.Fl b
--flag will be ignored.
- .It Fl C Ar comment
- Provides a new comment.
- .It Fl c
-@@ -478,7 +467,6 @@ to save SSH protocol 2 private keys usin
- the more compatible PEM format.
- The new format has increased resistance to brute-force password cracking
- but is not supported by versions of OpenSSH prior to 6.5.
--Ed25519 keys always use the new private key format.
- .It Fl P Ar passphrase
- Provides the (old) passphrase.
- .It Fl p
-@@ -524,14 +512,12 @@ section for details.
- Test DH group exchange candidate primes (generated using the
- .Fl G
- option) for safety.
--.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
-+.It Fl t Cm dsa | rsa | rsa1
- Specifies the type of key to create.
- The possible values are
- .Dq rsa1
- for protocol version 1 and
- .Dq dsa ,
--.Dq ecdsa ,
--.Dq ed25519 ,
- or
- .Dq rsa
- for protocol version 2.
-@@ -810,10 +796,8 @@ where the user wishes to log in using RS
- There is no need to keep the contents of this file secret.
- .Pp
- .It Pa ~/.ssh/id_dsa
--.It Pa ~/.ssh/id_ecdsa
--.It Pa ~/.ssh/id_ed25519
- .It Pa ~/.ssh/id_rsa
--Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
-+Contains the protocol version 2 DSA or RSA
- authentication identity of the user.
- This file should not be readable by anyone but the user.
- It is possible to
-@@ -826,10 +810,8 @@ but it is offered as the default file fo
- will read this file when a login attempt is made.
- .Pp
- .It Pa ~/.ssh/id_dsa.pub
--.It Pa ~/.ssh/id_ecdsa.pub
--.It Pa ~/.ssh/id_ed25519.pub
- .It Pa ~/.ssh/id_rsa.pub
--Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
-+Contains the protocol version 2 DSA or RSA
- public key for authentication.
- The contents of this file should be added to
- .Pa ~/.ssh/authorized_keys
-diff -pur old/ssh-keygen.c new/ssh-keygen.c
---- old/ssh-keygen.c
-+++ new/ssh-keygen.c
-@@ -217,7 +217,11 @@ type_bits_valid(int type, const char *na
- fatal("key bits exceeds maximum %d", maxbits);
- if (type == KEY_DSA && *bitsp != 1024)
- fatal("DSA keys must be 1024 bits");
-- else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 1024)
-+ else if (type != KEY_ECDSA &&
-+#ifndef WITHOUT_ED25519
-+ type != KEY_ED25519 &&
-+#endif /* WITHOUT_ED25519 */
-+ *bitsp < 1024)
- fatal("Key must at least be 1024 bits");
- else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
- fatal("Invalid ECDSA key length - valid lengths are "
-@@ -252,10 +256,12 @@ ask_filename(struct passwd *pw, const ch
- case KEY_RSA:
- name = _PATH_SSH_CLIENT_ID_RSA;
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- name = _PATH_SSH_CLIENT_ID_ED25519;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- fatal("bad key type");
- }
-@@ -939,7 +945,9 @@ do_gen_all_hostkeys(struct passwd *pw)
- { "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
- #endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-- { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
-+#ifndef WITHOUT_ED25519
-+ { "ed25519", "ED25519",_PATH_HOST_ED25519_KEY_FILE },
-+#endif /* WITHOUT_ED25519 */
- { NULL, NULL, NULL }
- };
-
-@@ -1605,7 +1613,10 @@ do_ca_sign(struct passwd *pw, int argc,
- fatal("%s: unable to open \"%s\": %s",
- __func__, tmp, ssh_err(r));
- if (public->type != KEY_RSA && public->type != KEY_DSA &&
-- public->type != KEY_ECDSA && public->type != KEY_ED25519)
-+#ifndef WITHOUT_ED25519
-+ public->type != KEY_ED25519 &&
-+#endif /* WITHOUT_ED25519 */
-+ public->type != KEY_ECDSA)
- fatal("%s: key \"%s\" type %s cannot be certified",
- __func__, tmp, sshkey_type(public));
-
-@@ -2502,8 +2513,10 @@ main(int argc, char **argv)
- _PATH_HOST_DSA_KEY_FILE, rr_hostname);
- n += do_print_resource_record(pw,
- _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
-+#ifndef WITHOUT_ED25519
- n += do_print_resource_record(pw,
- _PATH_HOST_ED25519_KEY_FILE, rr_hostname);
-+#endif /* WITHOUT_ED25519 */
- if (n == 0)
- fatal("no keys found.");
- exit(0);
-diff -pur old/ssh-keyscan.0 new/ssh-keyscan.0
---- old/ssh-keyscan.0
-+++ new/ssh-keyscan.0
-@@ -48,9 +48,9 @@ DESCRIPTION
- -t type
- Specifies the type of the key to fetch from the scanned hosts.
- The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^],
-- M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple
-+ or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. Multiple
- values may be specified by separating them with commas. The
-- default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys.
-+ default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^] keys.
-
- -v Verbose mode. Causes ssh-keyscan to print debugging messages
- about its progress.
-@@ -72,12 +72,11 @@ FILES
-
- host-or-namelist bits exponent modulus
-
-- Output format for RSA, DSA, ECDSA, and Ed25519 keys:
-+ Output format for RSA, and DSA keys:
-
- host-or-namelist keytype base64-encoded-key
-
-- Where keytype is either M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^],
-- M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
-+ Where keytype is either M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
-
- /etc/ssh/ssh_known_hosts
-
-@@ -89,7 +88,7 @@ EXAMPLES
- Find all hosts from the file ssh_hosts which have new or different keys
- from those in the sorted file ssh_known_hosts:
-
-- $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \
-+ $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \
- sort -u - ssh_known_hosts | diff ssh_known_hosts -
-
- SEE ALSO
-diff -pur old/ssh-keyscan.1 new/ssh-keyscan.1
---- old/ssh-keyscan.1
-+++ new/ssh-keyscan.1
-@@ -90,18 +90,13 @@ Specifies the type of the key to fetch f
- The possible values are
- .Dq rsa1
- for protocol version 1 and
--.Dq dsa ,
--.Dq ecdsa ,
--.Dq ed25519 ,
-+.Dq dsa
- or
- .Dq rsa
- for protocol version 2.
- Multiple values may be specified by separating them with commas.
- The default is to fetch
--.Dq rsa ,
--.Dq ecdsa ,
--and
--.Dq ed25519
-+.Dq rsa
- keys.
- .It Fl v
- Verbose mode.
-@@ -130,7 +125,7 @@ Output format for RSA1 keys:
- host-or-namelist bits exponent modulus
- .Ed
- .Pp
--Output format for RSA, DSA, ECDSA, and Ed25519 keys:
-+Output format for RSA and DSA keys:
- .Bd -literal
- host-or-namelist keytype base64-encoded-key
- .Ed
-@@ -138,10 +133,6 @@ host-or-namelist keytype base64-encoded-
- Where
- .Ar keytype
- is either
--.Dq ecdsa-sha2-nistp256 ,
--.Dq ecdsa-sha2-nistp384 ,
--.Dq ecdsa-sha2-nistp521 ,
--.Dq ssh-ed25519 ,
- .Dq ssh-dss
- or
- .Dq ssh-rsa .
-@@ -159,7 +150,7 @@ Find all hosts from the file
- which have new or different keys from those in the sorted file
- .Pa ssh_known_hosts :
- .Bd -literal
--$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
-+$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
- sort -u - ssh_known_hosts | diff ssh_known_hosts -
- .Ed
- .Sh SEE ALSO
-diff -pur old/ssh-keyscan.c new/ssh-keyscan.c
---- old/ssh-keyscan.c
-+++ new/ssh-keyscan.c
-@@ -286,7 +286,9 @@ keygrab_ssh2(con *c)
- c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
- # endif
- #endif
-+#ifndef WITHOUT_ED25519
- c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
-+#endif /* WITHOUT_ED25519 */
- ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
- /*
- * do the key-exchange until an error occurs or until
-@@ -612,10 +614,15 @@ do_host(char *host)
- {
- char *name = strnnsep(&host, " \t\n");
- int j;
-+#ifndef WITHOUT_ED25519
-+ int max_kt = KT_ED25519;
-+#else
-+ int max_kt = KT_ECDSA;
-+#endif /* WITHOUT_ED25519 */
-
- if (name == NULL)
- return;
-- for (j = KT_RSA1; j <= KT_ED25519; j *= 2) {
-+ for (j = KT_RSA1; j <= max_kt; j *= 2) {
- if (get_keytypes & j) {
- while (ncon >= MAXCON)
- conloop();
-@@ -719,9 +726,11 @@ main(int argc, char **argv)
- case KEY_RSA:
- get_keytypes |= KT_RSA;
- break;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- get_keytypes |= KT_ED25519;
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- fatal("unknown key type %s", tname);
- }
-diff -pur old/ssh-keysign.0 new/ssh-keysign.0
---- old/ssh-keysign.0
-+++ new/ssh-keysign.0
-@@ -24,8 +24,6 @@ FILES
- Controls whether ssh-keysign is enabled.
-
- /etc/ssh/ssh_host_dsa_key
-- /etc/ssh/ssh_host_ecdsa_key
-- /etc/ssh/ssh_host_ed25519_key
- /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys used to
- generate the digital signature. They should be owned by root,
-@@ -34,8 +32,6 @@ FILES
- host-based authentication is used.
-
- /etc/ssh/ssh_host_dsa_key-cert.pub
-- /etc/ssh/ssh_host_ecdsa_key-cert.pub
-- /etc/ssh/ssh_host_ed25519_key-cert.pub
- /etc/ssh/ssh_host_rsa_key-cert.pub
- If these files exist they are assumed to contain public
- certificate information corresponding with the private keys
-diff -pur old/ssh-keysign.8 new/ssh-keysign.8
---- old/ssh-keysign.8
-+++ new/ssh-keysign.8
-@@ -62,8 +62,6 @@ Controls whether
- is enabled.
- .Pp
- .It Pa /etc/ssh/ssh_host_dsa_key
--.It Pa /etc/ssh/ssh_host_ecdsa_key
--.It Pa /etc/ssh/ssh_host_ed25519_key
- .It Pa /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys used to
- generate the digital signature.
-@@ -74,8 +72,6 @@ Since they are readable only by root,
- must be set-uid root if host-based authentication is used.
- .Pp
- .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
--.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
--.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
- .It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
- If these files exist they are assumed to contain public certificate
- information corresponding with the private keys above.
-diff -pur old/ssh-keysign.c new/ssh-keysign.c
---- old/ssh-keysign.c
-+++ new/ssh-keysign.c
-@@ -168,7 +168,7 @@ main(int argc, char **argv)
- {
- struct sshbuf *b;
- Options options;
--#define NUM_KEYTYPES 4
-+#define NUM_KEYTYPES 3
- struct sshkey *keys[NUM_KEYTYPES], *key = NULL;
- struct passwd *pw;
- int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
-@@ -190,7 +190,9 @@ main(int argc, char **argv)
- /* XXX This really needs to read sshd_config for the paths */
- key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
- key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
-+#ifndef WITHOUT_ED25519
- key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
-+#endif /* WITHOUT_ED25519 */
- key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
-
- original_real_uid = getuid(); /* XXX readconf.c needs this */
-diff -pur old/ssh.0 new/ssh.0
---- old/ssh.0
-+++ new/ssh.0
-@@ -140,8 +140,8 @@ DESCRIPTION
- -i identity_file
- Selects a file from which the identity (private key) for public
- key authentication is read. The default is ~/.ssh/identity for
-- protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
-- ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
-+ protocol version 1, and ~/.ssh/id_dsa
-+ and ~/.ssh/id_rsa for protocol version 2.
- Identity files may also be specified on a per-host basis in the
- configuration file. It is possible to have multiple -i options
- (and multiple identities specified in configuration files). ssh
-@@ -463,7 +463,7 @@ AUTHENTICATION
- creates a public/private key pair for authentication purposes. The
- server knows the public key, and only the user knows the private key.
- ssh implements public key authentication protocol automatically, using
-- one of the DSA, ECDSA, Ed25519 or RSA algorithms. Protocol 1 is
-+ one of the DSA or RSA algorithms. Protocol 1 is
- restricted to using only RSA keys, but protocol 2 may use any. The
- HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA
- algorithms.
-@@ -476,11 +476,9 @@ AUTHENTICATION
-
- The user creates his/her key pair by running ssh-keygen(1). This stores
- the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
-- 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2
-- Ed25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
-- ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA),
-- ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2
-- Ed25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
-+ 2 DSA) or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
-+ ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA)
-+ or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
- directory. The user should then copy the public key to
- ~/.ssh/authorized_keys in his/her home directory on the remote machine.
- The authorized_keys file corresponds to the conventional ~/.rhosts file,
-@@ -825,7 +823,7 @@ FILES
- for the user, and not accessible by others.
-
- ~/.ssh/authorized_keys
-- Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
-+ Lists the public keys (DSA, RSA) that can be used
- for logging in as this user. The format of this file is
- described in the sshd(8) manual page. This file is not highly
- sensitive, but the recommended permissions are read/write for the
-@@ -843,8 +841,6 @@ FILES
-
- ~/.ssh/identity
- ~/.ssh/id_dsa
-- ~/.ssh/id_ecdsa
-- ~/.ssh/id_ed25519
- ~/.ssh/id_rsa
- Contains the private key for authentication. These files contain
- sensitive data and should be readable by the user but not
-@@ -856,8 +852,6 @@ FILES
-
- ~/.ssh/identity.pub
- ~/.ssh/id_dsa.pub
-- ~/.ssh/id_ecdsa.pub
-- ~/.ssh/id_ed25519.pub
- ~/.ssh/id_rsa.pub
- Contains the public key for authentication. These files are not
- sensitive and can (but need not) be readable by anyone.
-@@ -888,8 +882,6 @@ FILES
-
- /etc/ssh/ssh_host_key
- /etc/ssh/ssh_host_dsa_key
-- /etc/ssh/ssh_host_ecdsa_key
-- /etc/ssh/ssh_host_ed25519_key
- /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys and are
- used for host-based authentication. If protocol version 1 is
-diff -pur old/ssh.1 new/ssh.1
---- old/ssh.1
-+++ new/ssh.1
-@@ -292,9 +292,7 @@ public key authentication is read.
- The default is
- .Pa ~/.ssh/identity
- for protocol version 1, and
--.Pa ~/.ssh/id_dsa ,
--.Pa ~/.ssh/id_ecdsa ,
--.Pa ~/.ssh/id_ed25519
-+.Pa ~/.ssh/id_dsa
- and
- .Pa ~/.ssh/id_rsa
- for protocol version 2.
-@@ -848,7 +846,7 @@ key pair for authentication purposes.
- The server knows the public key, and only the user knows the private key.
- .Nm
- implements public key authentication protocol automatically,
--using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
-+using one of the DSA or RSA algorithms.
- Protocol 1 is restricted to using only RSA keys,
- but protocol 2 may use any.
- The HISTORY section of
-@@ -873,10 +871,6 @@ This stores the private key in
- (protocol 1),
- .Pa ~/.ssh/id_dsa
- (protocol 2 DSA),
--.Pa ~/.ssh/id_ecdsa
--(protocol 2 ECDSA),
--.Pa ~/.ssh/id_ed25519
--(protocol 2 Ed25519),
- or
- .Pa ~/.ssh/id_rsa
- (protocol 2 RSA)
-@@ -885,10 +879,6 @@ and stores the public key in
- (protocol 1),
- .Pa ~/.ssh/id_dsa.pub
- (protocol 2 DSA),
--.Pa ~/.ssh/id_ecdsa.pub
--(protocol 2 ECDSA),
--.Pa ~/.ssh/id_ed25519.pub
--(protocol 2 Ed25519),
- or
- .Pa ~/.ssh/id_rsa.pub
- (protocol 2 RSA)
-@@ -1444,7 +1434,7 @@ secret, but the recommended permissions
- and not accessible by others.
- .Pp
- .It Pa ~/.ssh/authorized_keys
--Lists the public keys (DSA, ECDSA, Ed25519, RSA)
-+Lists the public keys (DSA, RSA)
- that can be used for logging in as this user.
- The format of this file is described in the
- .Xr sshd 8
-@@ -1466,8 +1456,6 @@ above.
- .Pp
- .It Pa ~/.ssh/identity
- .It Pa ~/.ssh/id_dsa
--.It Pa ~/.ssh/id_ecdsa
--.It Pa ~/.ssh/id_ed25519
- .It Pa ~/.ssh/id_rsa
- Contains the private key for authentication.
- These files
-@@ -1481,8 +1469,6 @@ sensitive part of this file using 3DES.
- .Pp
- .It Pa ~/.ssh/identity.pub
- .It Pa ~/.ssh/id_dsa.pub
--.It Pa ~/.ssh/id_ecdsa.pub
--.It Pa ~/.ssh/id_ed25519.pub
- .It Pa ~/.ssh/id_rsa.pub
- Contains the public key for authentication.
- These files are not
-@@ -1521,8 +1507,6 @@ The file format and configuration option
- .Pp
- .It Pa /etc/ssh/ssh_host_key
- .It Pa /etc/ssh/ssh_host_dsa_key
--.It Pa /etc/ssh/ssh_host_ecdsa_key
--.It Pa /etc/ssh/ssh_host_ed25519_key
- .It Pa /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys
- and are used for host-based authentication.
-diff -pur old/ssh.c new/ssh.c
---- old/ssh.c
-+++ new/ssh.c
-@@ -1233,8 +1233,10 @@ main(int ac, char **av)
- sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
- _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
- #endif
-+#ifndef WITHOUT_ED25519
- sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519,
- _PATH_HOST_ED25519_KEY_FILE, "", NULL);
-+#endif /* WITHOUT_ED25519 */
- sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
- _PATH_HOST_RSA_KEY_FILE, "", NULL);
- sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
-@@ -1243,8 +1245,10 @@ main(int ac, char **av)
- sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
- _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
- #endif
-+#ifndef WITHOUT_ED25519
- sensitive_data.keys[6] = key_load_private_type(KEY_ED25519,
- _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
-+#endif /* WITHOUT_ED25519 */
- sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
- _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
- sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
-@@ -1261,8 +1265,10 @@ main(int ac, char **av)
- sensitive_data.keys[1] = key_load_cert(
- _PATH_HOST_ECDSA_KEY_FILE);
- #endif
-+#ifndef WITHOUT_ED25519
- sensitive_data.keys[2] = key_load_cert(
- _PATH_HOST_ED25519_KEY_FILE);
-+#endif /* WITHOUT_ED25519 */
- sensitive_data.keys[3] = key_load_cert(
- _PATH_HOST_RSA_KEY_FILE);
- sensitive_data.keys[4] = key_load_cert(
-@@ -1271,8 +1277,10 @@ main(int ac, char **av)
- sensitive_data.keys[5] = key_load_public(
- _PATH_HOST_ECDSA_KEY_FILE, NULL);
- #endif
-+#ifndef WITHOUT_ED25519
- sensitive_data.keys[6] = key_load_public(
- _PATH_HOST_ED25519_KEY_FILE, NULL);
-+#endif /* WITHOUT_ED25519 */
- sensitive_data.keys[7] = key_load_public(
- _PATH_HOST_RSA_KEY_FILE, NULL);
- sensitive_data.keys[8] = key_load_public(
-diff -pur old/ssh_api.c new/ssh_api.c
---- old/ssh_api.c
-+++ new/ssh_api.c
-@@ -109,7 +109,9 @@ ssh_init(struct ssh **sshp, int is_serve
- ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
- # endif
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
-+#endif /* WITHOUT_ED25519 */
- ssh->kex->load_host_public_key=&_ssh_host_public_key;
- ssh->kex->load_host_private_key=&_ssh_host_private_key;
- ssh->kex->sign=&_ssh_host_key_sign;
-@@ -123,7 +125,9 @@ ssh_init(struct ssh **sshp, int is_serve
- ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
- # endif
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
-+#endif /* WITHOUT_ED25519 */
- ssh->kex->verify_host_key =&_ssh_verify_host_key;
- }
- *sshp = ssh;
-diff -pur old/ssh_config.0 new/ssh_config.0
---- old/ssh_config.0
-+++ new/ssh_config.0
-@@ -444,13 +444,8 @@ DESCRIPTION
- specified key types will be appended to the default set instead
- of replacing them. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- The -Q option of ssh(1) may be used to list supported key types.
-
-@@ -461,13 +456,8 @@ DESCRIPTION
- key types will be appended to the default set instead of
- replacing them. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- If hostkeys are known for the destination host then this default
- is modified to prefer their algorithms.
-@@ -503,10 +493,10 @@ DESCRIPTION
- default is M-bM-^@M-^\noM-bM-^@M-^].
-
- IdentityFile
-- Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA
-+ Specifies a file from which the user's DSA or RSA
- authentication identity is read. The default is ~/.ssh/identity
-- for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
-- ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
-+ for protocol version 1, and ~/.ssh/id_dsa
-+ and ~/.ssh/id_rsa for protocol version 2.
- Additionally, any identities represented by the authentication
- agent will be used for authentication unless IdentitiesOnly is
- set. ssh(1) will try to load certificate information from the
-@@ -569,7 +559,6 @@ DESCRIPTION
- will be appended to the default set instead of replacing them.
- The default is:
-
-- [email protected],
- ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
- diffie-hellman-group-exchange-sha256,
- diffie-hellman-group-exchange-sha1,
-@@ -727,13 +716,8 @@ DESCRIPTION
- types after it will be appended to the default instead of
- replacing it. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- The -Q option of ssh(1) may be used to list supported key types.
-
-diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5
-+++ new/ssh_config.5
-@@ -806,13 +806,8 @@ character, then the specified key types
- instead of replacing them.
- The default for this option is:
- .Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
- [email protected],
--ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
--ssh-ed25519,ssh-rsa
-+ssh-rsa
- .Ed
- .Pp
- The
-@@ -829,13 +824,8 @@ character, then the specified key types
- instead of replacing them.
- The default for this option is:
- .Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
- [email protected],
--ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
--ssh-ed25519,ssh-rsa
-+ssh-rsa
- .Ed
- .Pp
- If hostkeys are known for the destination host then this default is modified
-@@ -890,14 +880,12 @@ offers many different identities.
- The default is
- .Dq no .
- .It Cm IdentityFile
--Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
-+Specifies a file from which the user's DSA or RSA authentication
- identity is read.
- The default is
- .Pa ~/.ssh/identity
- for protocol version 1, and
- .Pa ~/.ssh/id_dsa ,
--.Pa ~/.ssh/id_ecdsa ,
--.Pa ~/.ssh/id_ed25519
- and
- .Pa ~/.ssh/id_rsa
- for protocol version 2.
-@@ -1014,7 +1002,6 @@ character, then the specified methods wi
- instead of replacing them.
- The default is:
- .Bd -literal -offset indent
[email protected],
- ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
- diffie-hellman-group-exchange-sha256,
- diffie-hellman-group-exchange-sha1,
-@@ -1259,13 +1246,8 @@ character, then the key types after it w
- instead of replacing it.
- The default for this option is:
- .Bd -literal -offset 3n
[email protected],
[email protected],
[email protected],
[email protected],
- [email protected],
--ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
--ssh-ed25519,ssh-rsa
-+ssh-rsa
- .Ed
- .Pp
- The
-diff -pur old/sshconnect.c new/sshconnect.c
---- old/sshconnect.c
-+++ new/sshconnect.c
-@@ -1392,7 +1392,9 @@ show_other_keys(struct hostkeys *hostkey
- KEY_RSA,
- KEY_DSA,
- KEY_ECDSA,
-+#ifndef WITHOUT_ED25519
- KEY_ED25519,
-+#endif /* WITHOUT_ED25519 */
- -1
- };
- int i, ret = 0;
-diff -pur old/sshconnect2.c new/sshconnect2.c
---- old/sshconnect2.c
-+++ new/sshconnect2.c
-@@ -247,7 +247,9 @@ ssh_kex2(char *host, struct sockaddr *ho
- kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
- # endif
- #endif
-+#ifndef WITHOUT_ED25519
- kex->kex[KEX_C25519_SHA256] = kexc25519_client;
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- if (options.gss_keyex) {
- kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
-diff -pur old/sshd.0 new/sshd.0
---- old/sshd.0
-+++ new/sshd.0
-@@ -81,8 +81,7 @@ DESCRIPTION
- be given if sshd is not run as root (as the normal host key files
- are normally not readable by anyone but root). The default is
- /etc/ssh/ssh_host_key for protocol version 1, and
-- /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key.
-- /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
-+ /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key for
- protocol version 2. It is possible to have multiple host key
- files for the different protocol versions and host key
- algorithms.
-@@ -146,7 +145,7 @@ DESCRIPTION
- AUTHENTICATION
- The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to
- use protocol 2 only, though this can be changed via the Protocol option
-- in sshd_config(5). Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
-+ in sshd_config(5). Protocol 2 supports DSA and RSA keys;
- protocol 1 only supports RSA keys. For both protocols, each host has a
- host-specific key, normally 2048 bits, used to identify the host.
-
-@@ -279,15 +278,13 @@ AUTHORIZED_KEYS FILE FORMAT
- starts with a number). The bits, exponent, modulus, and comment fields
- give the RSA key for protocol version 1; the comment field is not used
- for anything (but may be convenient for the user to identify the key).
-- For protocol version 2 the keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^],
-- M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or
-- M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
-+ For protocol version 2 the keytype is M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
-
- Note that lines in this file are usually several hundred bytes long
- (because of the size of the public key encoding) up to a limit of 8
- kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
- kilobits. You don't want to type them in; instead, copy the
-- identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub
-+ identity.pub, id_dsa.pub or the id_rsa.pub
- file and edit it.
-
- sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
-@@ -514,7 +511,7 @@ FILES
- for the user, and not accessible by others.
-
- ~/.ssh/authorized_keys
-- Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
-+ Lists the public keys (DSA, RSA) that can be used
- for logging in as this user. The format of this file is
- described above. The content of the file is not highly
- sensitive, but the recommended permissions are read/write for the
-@@ -570,8 +567,6 @@ FILES
-
- /etc/ssh/ssh_host_key
- /etc/ssh/ssh_host_dsa_key
-- /etc/ssh/ssh_host_ecdsa_key
-- /etc/ssh/ssh_host_ed25519_key
- /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys. These
- files should only be owned by root, readable only by root, and
-@@ -580,8 +575,6 @@ FILES
-
- /etc/ssh/ssh_host_key.pub
- /etc/ssh/ssh_host_dsa_key.pub
-- /etc/ssh/ssh_host_ecdsa_key.pub
-- /etc/ssh/ssh_host_ed25519_key.pub
- /etc/ssh/ssh_host_rsa_key.pub
- These files contain the public parts of the host keys. These
- files should be world-readable but writable only by root. Their
-diff -pur old/sshd.8 new/sshd.8
---- old/sshd.8
-+++ new/sshd.8
-@@ -172,8 +172,6 @@ The default is
- .Pa /etc/ssh/ssh_host_key
- for protocol version 1, and
- .Pa /etc/ssh/ssh_host_dsa_key ,
--.Pa /etc/ssh/ssh_host_ecdsa_key .
--.Pa /etc/ssh/ssh_host_ed25519_key
- and
- .Pa /etc/ssh/ssh_host_rsa_key
- for protocol version 2.
-@@ -275,7 +273,7 @@ though this can be changed via the
- .Cm Protocol
- option in
- .Xr sshd_config 5 .
--Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
-+Protocol 2 supports DSA and RSA keys;
- protocol 1 only supports RSA keys.
- For both protocols,
- each host has a host-specific key,
-@@ -491,10 +489,6 @@ protocol version 1; the
- comment field is not used for anything (but may be convenient for the
- user to identify the key).
- For protocol version 2 the keytype is
--.Dq ecdsa-sha2-nistp256 ,
--.Dq ecdsa-sha2-nistp384 ,
--.Dq ecdsa-sha2-nistp521 ,
--.Dq ssh-ed25519 ,
- .Dq ssh-dss
- or
- .Dq ssh-rsa .
-@@ -506,8 +500,6 @@ keys up to 16 kilobits.
- You don't want to type them in; instead, copy the
- .Pa identity.pub ,
- .Pa id_dsa.pub ,
--.Pa id_ecdsa.pub ,
--.Pa id_ed25519.pub ,
- or the
- .Pa id_rsa.pub
- file and edit it.
-@@ -807,7 +799,7 @@ secret, but the recommended permissions
- and not accessible by others.
- .Pp
- .It Pa ~/.ssh/authorized_keys
--Lists the public keys (DSA, ECDSA, Ed25519, RSA)
-+Lists the public keys (DSA, RSA)
- that can be used for logging in as this user.
- The format of this file is described above.
- The content of the file is not highly sensitive, but the recommended
-@@ -881,8 +873,6 @@ rlogin/rsh.
- .Pp
- .It Pa /etc/ssh/ssh_host_key
- .It Pa /etc/ssh/ssh_host_dsa_key
--.It Pa /etc/ssh/ssh_host_ecdsa_key
--.It Pa /etc/ssh/ssh_host_ed25519_key
- .It Pa /etc/ssh/ssh_host_rsa_key
- These files contain the private parts of the host keys.
- These files should only be owned by root, readable only by root, and not
-@@ -893,8 +883,6 @@ does not start if these files are group/
- .Pp
- .It Pa /etc/ssh/ssh_host_key.pub
- .It Pa /etc/ssh/ssh_host_dsa_key.pub
--.It Pa /etc/ssh/ssh_host_ecdsa_key.pub
--.It Pa /etc/ssh/ssh_host_ed25519_key.pub
- .It Pa /etc/ssh/ssh_host_rsa_key.pub
- These files contain the public parts of the host keys.
- These files should be world-readable but writable only by
-diff -pur old/sshd.c new/sshd.c
---- old/sshd.c
-+++ new/sshd.c
-@@ -811,7 +811,9 @@ list_hostkey_types(void)
- case KEY_RSA:
- case KEY_DSA:
- case KEY_ECDSA:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- if (buffer_len(&b) > 0)
- buffer_append(&b, ",", 1);
- p = key_ssh_name(key);
-@@ -826,7 +828,9 @@ list_hostkey_types(void)
- case KEY_RSA_CERT:
- case KEY_DSA_CERT:
- case KEY_ECDSA_CERT:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- if (buffer_len(&b) > 0)
- buffer_append(&b, ",", 1);
- p = key_ssh_name(key);
-@@ -852,7 +856,9 @@ get_hostkey_by_type(int type, int nid, i
- case KEY_RSA_CERT:
- case KEY_DSA_CERT:
- case KEY_ECDSA_CERT:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- key = sensitive_data.host_certificates[i];
- break;
- default:
-@@ -1810,7 +1816,9 @@ main(int ac, char **av)
- case KEY_RSA:
- case KEY_DSA:
- case KEY_ECDSA:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- if (have_agent || key != NULL)
- sensitive_data.have_ssh2_key = 1;
- break;
-@@ -2646,7 +2654,9 @@ do_ssh2_kex(void)
- kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
- # endif
- #endif
-+#ifndef WITHOUT_ED25519
- kex->kex[KEX_C25519_SHA256] = kexc25519_server;
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- if (options.gss_keyex) {
- kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
-diff -pur old/sshd_config.0 new/sshd_config.0
---- old/sshd_config.0
-+++ new/sshd_config.0
-@@ -403,13 +403,8 @@ DESCRIPTION
- specified key types will be appended to the default set instead
- of replacing them. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- The -Q option of ssh(1) may be used to list supported key types.
-
-@@ -438,8 +433,7 @@ DESCRIPTION
- HostKey
- Specifies a file containing a private host key used by SSH. The
- default is /etc/ssh/ssh_host_key for protocol version 1, and
-- /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
-- /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for
-+ /etc/ssh/ssh_host_dsa_key, and /etc/ssh/ssh_host_rsa_key for
- protocol version 2.
-
- Note that sshd(8) will refuse to use a file if it is group/world-
-@@ -447,7 +441,7 @@ DESCRIPTION
- of the keys are actually used by sshd(8).
-
- It is possible to have multiple host key files. M-bM-^@M-^\rsa1M-bM-^@M-^] keys are
-- used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^] are
-+ used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] are
- used for version 2 of the SSH protocol. It is also possible to
- specify public host key files instead. In this case operations
- on the private key will be delegated to an ssh-agent(1).
-@@ -462,13 +456,8 @@ DESCRIPTION
- Specifies the protocol version 2 host key algorithms that the
- server offers. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- The list of available key types may also be obtained using the -Q
- option of ssh(1) with an argument of M-bM-^@M-^\keyM-bM-^@M-^].
-@@ -532,7 +521,6 @@ DESCRIPTION
- will be appended to the default set instead of replacing them.
- The supported algorithms are:
-
-- [email protected]
- diffie-hellman-group1-sha1
- diffie-hellman-group14-sha1
- diffie-hellman-group-exchange-sha1
-@@ -543,7 +531,6 @@ DESCRIPTION
-
- The default is:
-
-- [email protected],
- ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
- diffie-hellman-group-exchange-sha256,
- diffie-hellman-group14-sha1
-@@ -787,13 +774,8 @@ DESCRIPTION
- specified key types will be appended to the default set instead
- of replacing them. The default for this option is:
-
-- [email protected],
-- [email protected],
-- [email protected],
-- [email protected],
- [email protected],
-- ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-- ssh-ed25519,ssh-rsa
-+ ssh-rsa
-
- The -Q option of ssh(1) may be used to list supported key types.
-
-diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5
-+++ new/sshd_config.5
-@@ -712,8 +712,6 @@ The default is
- .Pa /etc/ssh/ssh_host_key
- for protocol version 1, and
- .Pa /etc/ssh/ssh_host_dsa_key ,
--.Pa /etc/ssh/ssh_host_ecdsa_key ,
--.Pa /etc/ssh/ssh_host_ed25519_key
- and
- .Pa /etc/ssh/ssh_host_rsa_key
- for protocol version 2.
-@@ -730,8 +728,6 @@ It is possible to have multiple host key
- .Dq rsa1
- keys are used for version 1 and
- .Dq dsa ,
--.Dq ecdsa ,
--.Dq ed25519
- or
- .Dq rsa
- are used for version 2 of the SSH protocol.
-@@ -878,8 +874,6 @@ The supported algorithms are:
- .Pp
- .Bl -item -compact -offset indent
- .It
[email protected]
--.It
- diffie-hellman-group1-sha1
- .It
- diffie-hellman-group14-sha1
-@@ -897,7 +891,6 @@ ecdh-sha2-nistp521
- .Pp
- The default is:
- .Bd -literal -offset indent
[email protected],
- ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
- diffie-hellman-group-exchange-sha256,
- diffie-hellman-group14-sha1
-diff -pur old/sshkey.c new/sshkey.c
---- old/sshkey.c
-+++ new/sshkey.c
-@@ -85,9 +85,11 @@ struct keytype {
- int cert;
- };
- static const struct keytype keytypes[] = {
-+#ifndef WITHOUT_ED25519
- { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },
- { "s[email protected]", "ED25519-CERT",
- KEY_ED25519_CERT, 0, 1 },
-+#endif /* WITHOUT_ED25519 */
- #ifdef WITH_OPENSSL
- { NULL, "RSA1", KEY_RSA1, 0, 0 },
- { "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
-@@ -278,8 +280,10 @@ sshkey_size(const struct sshkey *k)
- case KEY_ECDSA_CERT:
- return sshkey_curve_nid_to_bits(k->ecdsa_nid);
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- return 256; /* XXX */
- }
- return 0;
-@@ -292,7 +296,9 @@ sshkey_type_is_valid_ca(int type)
- case KEY_RSA:
- case KEY_DSA:
- case KEY_ECDSA:
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- return 1;
- default:
- return 0;
-@@ -318,8 +324,10 @@ sshkey_type_plain(int type)
- return KEY_DSA;
- case KEY_ECDSA_CERT:
- return KEY_ECDSA;
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- return KEY_ED25519;
-+#endif /* WITHOUT_ED25519 */
- default:
- return type;
- }
-@@ -472,8 +480,10 @@ sshkey_new(int type)
- k->dsa = NULL;
- k->rsa = NULL;
- k->cert = NULL;
-+#ifndef WITHOUT_ED25519
- k->ed25519_sk = NULL;
- k->ed25519_pk = NULL;
-+#endif /* WITHOUT_ED25519 */
- switch (k->type) {
- #ifdef WITH_OPENSSL
- case KEY_RSA1:
-@@ -508,10 +518,12 @@ sshkey_new(int type)
- /* Cannot do anything until we know the group */
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- /* no need to prealloc */
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-@@ -558,10 +570,12 @@ sshkey_add_private(struct sshkey *k)
- /* Cannot do anything until we know the group */
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- /* no need to prealloc */
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-@@ -613,6 +627,7 @@ sshkey_free(struct sshkey *k)
- break;
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- if (k->ed25519_pk) {
-@@ -626,6 +641,7 @@ sshkey_free(struct sshkey *k)
- k->ed25519_sk = NULL;
- }
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- break;
- default:
-@@ -703,10 +719,12 @@ sshkey_equal_public(const struct sshkey
- return 1;
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
- memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
-+#endif /* WITHOUT_ED25519 */
- default:
- return 0;
- }
-@@ -749,7 +767,9 @@ to_blob_buf(const struct sshkey *key, st
- case KEY_ECDSA_CERT:
- case KEY_RSA_CERT:
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- /* Use the existing blob */
- /* XXX modified flag? */
- if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
-@@ -786,6 +806,7 @@ to_blob_buf(const struct sshkey *key, st
- return ret;
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- if (key->ed25519_pk == NULL)
- return SSH_ERR_INVALID_ARGUMENT;
-@@ -794,6 +815,7 @@ to_blob_buf(const struct sshkey *key, st
- key->ed25519_pk, ED25519_PK_SZ)) != 0)
- return ret;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_KEY_TYPE_UNKNOWN;
- }
-@@ -1267,11 +1289,13 @@ sshkey_read(struct sshkey *ret, char **c
- case KEY_RSA:
- case KEY_DSA:
- case KEY_ECDSA:
-- case KEY_ED25519:
-+#ifndef WITHOUT_ED25519
-+ case KEY_ED25519:
-+ case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- case KEY_DSA_CERT:
- case KEY_ECDSA_CERT:
- case KEY_RSA_CERT:
-- case KEY_ED25519_CERT:
- space = strchr(cp, ' ');
- if (space == NULL)
- return SSH_ERR_INVALID_FORMAT;
-@@ -1363,6 +1387,7 @@ sshkey_read(struct sshkey *ret, char **c
- }
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- if (sshkey_type_plain(ret->type) == KEY_ED25519) {
- free(ret->ed25519_pk);
- ret->ed25519_pk = k->ed25519_pk;
-@@ -1371,6 +1396,7 @@ sshkey_read(struct sshkey *ret, char **c
- /* XXX */
- #endif
- }
-+#endif /* WITHOUT_ED25519 */
- retval = 0;
- /*XXXX*/
- sshkey_free(k);
-@@ -1662,7 +1688,8 @@ sshkey_generate(int type, u_int bits, st
- if ((k = sshkey_new(KEY_UNSPEC)) == NULL)
- return SSH_ERR_ALLOC_FAIL;
- switch (type) {
-- case KEY_ED25519:
-+#ifndef WITHOUT_ED25519
-+ case KEY_ED25519:
- if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL ||
- (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) {
- ret = SSH_ERR_ALLOC_FAIL;
-@@ -1671,6 +1698,7 @@ sshkey_generate(int type, u_int bits, st
- crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
- ret = 0;
- break;
-+#endif /* WITHOUT_ED25519 */
- #ifdef WITH_OPENSSL
- case KEY_DSA:
- ret = dsa_generate_private_key(bits, &k->dsa);
-@@ -1806,6 +1834,7 @@ sshkey_from_private(const struct sshkey
- }
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- if ((n = sshkey_new(k->type)) == NULL)
-@@ -1818,6 +1847,7 @@ sshkey_from_private(const struct sshkey
- memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
- }
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_KEY_TYPE_UNKNOWN;
- }
-@@ -2084,6 +2114,7 @@ sshkey_from_blob_internal(struct sshbuf
- break;
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- /* Skip nonce */
- if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {
-@@ -2105,6 +2136,7 @@ sshkey_from_blob_internal(struct sshbuf
- key->ed25519_pk = pk;
- pk = NULL;
- break;
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- if ((key = sshkey_new(type)) == NULL) {
- ret = SSH_ERR_ALLOC_FAIL;
-@@ -2197,9 +2229,11 @@ sshkey_sign(const struct sshkey *key,
- case KEY_RSA:
- return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat);
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_KEY_TYPE_UNKNOWN;
- }
-@@ -2229,9 +2263,11 @@ sshkey_verify(const struct sshkey *key,
- case KEY_RSA:
- return ssh_rsa_verify(key, sig, siglen, data, dlen, compat);
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- case KEY_ED25519_CERT:
- return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat);
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_KEY_TYPE_UNKNOWN;
- }
-@@ -2255,8 +2291,10 @@ sshkey_demote(const struct sshkey *k, st
- pk->dsa = NULL;
- pk->ecdsa = NULL;
- pk->rsa = NULL;
-+#ifndef WITHOUT_ED25519
- pk->ed25519_pk = NULL;
- pk->ed25519_sk = NULL;
-+#endif /* WITHOUT_ED25519 */
-
- switch (k->type) {
- #ifdef WITH_OPENSSL
-@@ -2306,6 +2344,7 @@ sshkey_demote(const struct sshkey *k, st
- break;
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- if ((ret = sshkey_cert_copy(k, pk)) != 0)
- goto fail;
-@@ -2319,6 +2358,7 @@ sshkey_demote(const struct sshkey *k, st
- memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
- }
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- ret = SSH_ERR_KEY_TYPE_UNKNOWN;
- fail:
-@@ -2347,9 +2387,11 @@ sshkey_to_certified(struct sshkey *k)
- newtype = KEY_ECDSA_CERT;
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- newtype = KEY_ED25519_CERT;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_INVALID_ARGUMENT;
- }
-@@ -2428,11 +2470,13 @@ sshkey_certify(struct sshkey *k, struct
- goto out;
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519_CERT:
- if ((ret = sshbuf_put_string(cert,
- k->ed25519_pk, ED25519_PK_SZ)) != 0)
- goto out;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- ret = SSH_ERR_INVALID_ARGUMENT;
- goto out;
-@@ -2607,6 +2651,7 @@ sshkey_private_serialize(const struct ss
- break;
- # endif /* OPENSSL_HAS_ECC */
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- if ((r = sshbuf_put_string(b, key->ed25519_pk,
- ED25519_PK_SZ)) != 0 ||
-@@ -2626,6 +2671,7 @@ sshkey_private_serialize(const struct ss
- ED25519_SK_SZ)) != 0)
- goto out;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- r = SSH_ERR_INVALID_ARGUMENT;
- goto out;
-@@ -2750,6 +2796,7 @@ sshkey_private_deserialize(struct sshbuf
- goto out;
- break;
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- if ((k = sshkey_new_private(type)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
-@@ -2780,6 +2827,7 @@ sshkey_private_deserialize(struct sshbuf
- k->ed25519_sk = ed25519_sk;
- ed25519_pk = ed25519_sk = NULL;
- break;
-+#endif /* WITHOUT_ED25519 */
- default:
- r = SSH_ERR_KEY_TYPE_UNKNOWN;
- goto out;
-@@ -3545,9 +3593,11 @@ sshkey_private_to_fileblob(struct sshkey
- return sshkey_private_pem_to_blob(key, blob,
- passphrase, comment);
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- return sshkey_private_to_blob2(key, blob, passphrase,
- comment, new_format_cipher, new_format_rounds);
-+#endif /* WITHOUT_ED25519 */
- default:
- return SSH_ERR_KEY_TYPE_UNKNOWN;
- }
-@@ -3853,9 +3903,11 @@ sshkey_parse_private_fileblob_type(struc
- return sshkey_parse_private_pem_fileblob(blob, type,
- passphrase, keyp);
- #endif /* WITH_OPENSSL */
-+#ifndef WITHOUT_ED25519
- case KEY_ED25519:
- return sshkey_parse_private2(blob, type, passphrase,
- keyp, commentp);
-+#endif /* WITHOUT_ED25519 */
- case KEY_UNSPEC:
- if ((r = sshkey_parse_private2(blob, type, passphrase, keyp,
- commentp)) == 0)
-diff -pur old/sshkey.h new/sshkey.h
---- old/sshkey.h
-+++ new/sshkey.h
-@@ -57,11 +57,15 @@ enum sshkey_types {
- KEY_RSA,
- KEY_DSA,
- KEY_ECDSA,
-- KEY_ED25519,
-+#ifndef WITHOUT_ED25519
-+ KEY_ED25519,
-+#endif /* WITHOUT_ED25519 */
- KEY_RSA_CERT,
- KEY_DSA_CERT,
- KEY_ECDSA_CERT,
-+#ifndef WITHOUT_ED25519
- KEY_ED25519_CERT,
-+#endif /* WITHOUT_ED25519 */
- KEY_NULL,
- KEY_UNSPEC
- };
-@@ -104,13 +108,17 @@ struct sshkey {
- DSA *dsa;
- int ecdsa_nid; /* NID of curve */
- EC_KEY *ecdsa;
-+#ifndef WITHOUT_ED25519
- u_char *ed25519_sk;
- u_char *ed25519_pk;
-+#endif /* WITHOUT_ED25519 */
- struct sshkey_cert *cert;
- };
-
-+#ifndef WITHOUT_ED25519
- #define ED25519_SK_SZ crypto_sign_ed25519_SECRETKEYBYTES
- #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
-+#endif /* WITHOUT_ED25519 */
-
- struct sshkey *sshkey_new(int);
- int sshkey_add_private(struct sshkey *);
-@@ -208,11 +216,13 @@ int ssh_ecdsa_sign(const struct sshkey *
- int ssh_ecdsa_verify(const struct sshkey *key,
- const u_char *signature, size_t signaturelen,
- const u_char *data, size_t datalen, u_int compat);
-+#ifndef WITHOUT_ED25519
- int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
- const u_char *data, size_t datalen, u_int compat);
- int ssh_ed25519_verify(const struct sshkey *key,
- const u_char *signature, size_t signaturelen,
- const u_char *data, size_t datalen, u_int compat);
-+#endif /* WITHOUT_ED25519 */
- #endif
-
- #if !defined(WITH_OPENSSL)
--- a/components/openssh/patches/032-hang_on_closed_output.patch Wed Apr 20 13:13:57 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,25 +0,0 @@
-#
-# Fix possible hang on closed output.
-#
-# When there is a connectivity problem between the server and the client
-# (network outage, server crash or reboot), the client indefinitely hangs.
-#
-# This patch fixes the issue by checking ssh_packet_write_poll return value
-# in ssh_packet_write_wait and passing it through.
-#
-# The (updated) patch has been accepted upstream and will be part of 7.2
-# https://github.com/openssh/openssh-portable/commit/8408218
-#
-diff -pur old/packet.c new/packet.c
---- old/packet.c
-+++ new/packet.c
-@@ -2040,7 +2040,8 @@ ssh_packet_write_wait(struct ssh *ssh)
- NFDBITS), sizeof(fd_mask));
- if (setp == NULL)
- return SSH_ERR_ALLOC_FAIL;
-- ssh_packet_write_poll(ssh);
-+ if ((r = ssh_packet_write_poll(ssh)) != 0)
-+ return r;
- while (ssh_packet_have_data_to_write(ssh)) {
- memset(setp, 0, howmany(state->connection_out + 1,
- NFDBITS) * sizeof(fd_mask));
--- a/components/openssh/patches/033-without_cast128.patch Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/patches/033-without_cast128.patch Wed Apr 20 13:13:57 2016 -0700
@@ -28,43 +28,10 @@
{ "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
{ "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
{ "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
-diff -pur old/myproposal.h new/myproposal.h
---- old/myproposal.h
-+++ new/myproposal.h
-@@ -119,9 +119,16 @@
- "aes128-ctr,aes192-ctr,aes256-ctr" \
- AESGCM_CIPHER_MODES
-
-+#ifdef WITHOUT_CAST128
-+# define CAST128
-+#else
-+# define CAST128 "cast128-cbc"
-+#endif
-+
- #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
- "arcfour256,arcfour128," \
-- "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
-+ "aes128-cbc,3des-cbc,blowfish-cbc," \
-+ CAST128 \
- "aes192-cbc,aes256-cbc,arcfour,[email protected]"
-
- #define KEX_SERVER_MAC \
-diff -pur old/ssh.1 new/ssh.1
---- old/ssh.1
-+++ new/ssh.1
-@@ -788,7 +788,7 @@ options (see above).
- Both protocols support similar authentication methods,
- but protocol 2 is the default since
- it provides additional mechanisms for confidentiality
--(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
-+(the traffic is encrypted using AES, 3DES, Blowfish, or Arcfour)
- and integrity (hmac-md5, hmac-sha1,
- hmac-sha2-256, hmac-sha2-512,
- umac-64, umac-128, hmac-ripemd160).
diff -pur old/ssh_config.5 new/ssh_config.5
--- old/ssh_config.5
+++ new/ssh_config.5
-@@ -408,8 +408,6 @@ arcfour256
+@@ -478,8 +478,6 @@ arcfour256
.It
blowfish-cbc
.It
@@ -73,15 +40,6 @@
[email protected]
.El
.Pp
-@@ -419,7 +417,7 @@ [email protected],
- aes128-ctr,aes192-ctr,aes256-ctr,
- [email protected],[email protected],
- arcfour256,arcfour128,
--aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
-+aes128-cbc,3des-cbc,blowfish-cbc,
- aes192-cbc,aes256-cbc,arcfour
- .Ed
- .Pp
diff -pur old/sshd.8 new/sshd.8
--- old/sshd.8
+++ new/sshd.8
@@ -97,7 +55,7 @@
diff -pur old/sshd_config.5 new/sshd_config.5
--- old/sshd_config.5
+++ new/sshd_config.5
-@@ -469,8 +469,6 @@ arcfour256
+@@ -472,8 +472,6 @@ arcfour256
.It
blowfish-cbc
.It
--- a/components/openssh/patches/035-fips.patch Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/patches/035-fips.patch Wed Apr 20 13:13:57 2016 -0700
@@ -135,6 +135,50 @@
gss_enc2oid[oidpos].oid = NULL;
gss_enc2oid[oidpos].encoded = NULL;
+diff -pur old/kex.c new/kex.c
+--- old/kex.c
++++ new/kex.c
+@@ -89,7 +89,40 @@ struct kexalg {
+ int ec_nid;
+ int hash_alg;
+ };
++
++#ifdef ENABLE_OPENSSL_FIPS
++/* in FIPS mode limit kexalgs to FIPS compliant only */
++#define kexalgs (ssh_FIPS_mode() ? kexalgs_fips : kexalgs_dflt)
++static const struct kexalg kexalgs_fips[] = {
++#ifdef WITH_OPENSSL
++ { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
++ { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
++ { KEX_DHGEX_SHA1, KEX_DH_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
++#ifdef HAVE_EVP_SHA256
++ { KEX_DHGEX_SHA256, KEX_DH_GEX_SHA256, 0, SSH_DIGEST_SHA256 },
++#endif /* HAVE_EVP_SHA256 */
++#ifdef OPENSSL_HAS_ECC
++ { KEX_ECDH_SHA2_NISTP256, KEX_ECDH_SHA2,
++ NID_X9_62_prime256v1, SSH_DIGEST_SHA256 },
++ { KEX_ECDH_SHA2_NISTP384, KEX_ECDH_SHA2, NID_secp384r1,
++ SSH_DIGEST_SHA384 },
++# ifdef OPENSSL_HAS_NISTP521
++ { KEX_ECDH_SHA2_NISTP521, KEX_ECDH_SHA2, NID_secp521r1,
++ SSH_DIGEST_SHA512 },
++# endif /* OPENSSL_HAS_NISTP521 */
++#endif /* OPENSSL_HAS_ECC */
++#endif /* WITH_OPENSSL */
++#ifdef GSSAPI
++ { KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
++ { KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
++ { KEX_GSS_GRP14_SHA1_ID, KEX_GSS_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
++#endif
++ { NULL, -1, -1, -1},
++};
++static const struct kexalg kexalgs_dflt[] = {
++#else
+ static const struct kexalg kexalgs[] = {
++#endif
+ #ifdef WITH_OPENSSL
+ { KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
+ { KEX_DH14, KEX_DH_GRP14_SHA1, 0, SSH_DIGEST_SHA1 },
diff -pur old/mac.c new/mac.c
--- old/mac.c
+++ new/mac.c
@@ -175,7 +219,7 @@
diff -pur old/misc.c new/misc.c
--- old/misc.c
+++ new/misc.c
-@@ -38,12 +38,15 @@
+@@ -39,12 +39,15 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
@@ -191,7 +235,7 @@
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
-@@ -77,6 +80,60 @@ chop(char *s)
+@@ -78,6 +81,60 @@ chop(char *s)
}
@@ -270,28 +314,86 @@
diff -pur old/myproposal.h new/myproposal.h
--- old/myproposal.h
+++ new/myproposal.h
-@@ -131,6 +131,15 @@
- CAST128 \
- "aes192-cbc,aes256-cbc,arcfour,[email protected]"
+@@ -83,19 +83,31 @@
+ # else
+ # define KEX_CURVE25519_METHODS ""
+ # endif
+-#define KEX_COMMON_KEX \
++
++#define KEX_COMMON_KEX_DFLT \
+ KEX_CURVE25519_METHODS \
+ KEX_ECDH_METHODS \
+ KEX_SHA256_METHODS
+
+-#define KEX_SERVER_KEX KEX_COMMON_KEX \
++#define KEX_SERVER_KEX_DFLT KEX_COMMON_KEX_DFLT \
+ "diffie-hellman-group14-sha1" \
+
+-#define KEX_CLIENT_KEX KEX_COMMON_KEX \
++#define KEX_CLIENT_KEX_DFLT KEX_COMMON_KEX_DFLT \
+ "diffie-hellman-group-exchange-sha1," \
+ "diffie-hellman-group14-sha1"
-+#ifdef ENABLE_OPENSSL_FIPS
-+#define KEX_FIPS_SERVER_ENCRYPT \
+-#define KEX_DEFAULT_PK_ALG \
++#define KEX_COMMON_KEX_FIPS \
++ KEX_ECDH_METHODS \
++ KEX_SHA256_METHODS
++
++#define KEX_SERVER_KEX_FIPS KEX_COMMON_KEX_FIPS \
++ "diffie-hellman-group14-sha1" \
++
++#define KEX_CLIENT_KEX_FIPS KEX_COMMON_KEX_FIPS \
++ "diffie-hellman-group-exchange-sha1," \
++ "diffie-hellman-group14-sha1"
++
++#define KEX_DEFAULT_PK_ALG_DFLT \
+ HOSTKEY_ECDSA_CERT_METHODS \
+ "[email protected]," \
+ "[email protected]," \
+@@ -105,17 +117,32 @@
+ "rsa-sha2-256," \
+ "ssh-rsa"
+
++#define KEX_DEFAULT_PK_ALG_FIPS \
++ HOSTKEY_ECDSA_CERT_METHODS \
++ "[email protected]," \
++ HOSTKEY_ECDSA_METHODS \
++ "rsa-sha2-512," \
++ "rsa-sha2-256," \
++ "ssh-rsa"
++
+ /* the actual algorithms */
+
+-#define KEX_SERVER_ENCRYPT \
++#define KEX_SERVER_ENCRYPT_DFLT \
+ "[email protected]," \
+ "aes128-ctr,aes192-ctr,aes256-ctr" \
+ AESGCM_CIPHER_MODES
+
+-#define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
++#define KEX_CLIENT_ENCRYPT_DFLT KEX_SERVER_ENCRYPT_DFLT "," \
++ "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
++
++#define KEX_SERVER_ENCRYPT_FIPS \
+ "aes128-ctr,aes192-ctr,aes256-ctr" \
+ AESGCM_CIPHER_MODES
+
-+#define KEX_FIPS_CLIENT_ENCRYPT KEX_FIPS_SERVER_ENCRYPT "," \
-+ "aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,[email protected]"
-+#endif /* ENABLE_OPENSSL_FIPS */
-+
- #define KEX_SERVER_MAC \
++#define KEX_CLIENT_ENCRYPT_FIPS KEX_SERVER_ENCRYPT_FIPS "," \
+ "aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc"
+
+-#define KEX_SERVER_MAC \
++#define KEX_SERVER_MAC_DFLT \
"[email protected]," \
"[email protected]," \
-@@ -154,6 +163,20 @@
- "hmac-sha1-96," \
- "hmac-md5-96"
+ "[email protected]," \
+@@ -127,7 +154,42 @@
+ "hmac-sha2-512," \
+ "hmac-sha1"
-+#ifdef ENABLE_OPENSSL_FIPS
-+#define KEX_FIPS_SERVER_MAC \
+-#define KEX_CLIENT_MAC KEX_SERVER_MAC
++#define KEX_CLIENT_MAC_DFLT KEX_SERVER_MAC_DFLT
++
++#define KEX_SERVER_MAC_FIPS \
+ "[email protected]," \
+ "[email protected]," \
+ "[email protected]," \
@@ -299,79 +401,39 @@
+ "hmac-sha2-512," \
+ "hmac-sha1"
+
-+#define KEX_FIPS_CLIENT_MAC KEX_FIPS_SERVER_MAC "," \
-+ "[email protected]," \
-+ "hmac-sha1-96"
-+#endif /* ENABLE_OPENSSL_FIPS */
-+
- #else
-
- #define KEX_SERVER_KEX \
-diff -pur old/readconf.c new/readconf.c
---- old/readconf.c
-+++ new/readconf.c
-@@ -1760,6 +1760,11 @@ fill_default_options_for_canonicalizatio
- void
- fill_default_options(Options * options)
- {
-+#ifdef ENABLE_OPENSSL_FIPS
-+ char *encs;
-+ char *macs;
-+#endif /* ENABLE_OPENSSL_FIPS */
++#define KEX_CLIENT_MAC_FIPS KEX_SERVER_MAC_FIPS
+
- if (options->forward_agent == -1)
- options->forward_agent = 0;
- if (options->forward_x11 == -1)
-@@ -1934,8 +1939,15 @@ fill_default_options(Options * options)
- options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
- if (options->update_hostkeys == -1)
- options->update_hostkeys = 0;
-+#ifndef ENABLE_OPENSSL_FIPS
- if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||
- kex_assemble_names(KEX_CLIENT_MAC, &options->macs) != 0 ||
-+#else
-+ encs = ssh_FIPS_mode() ? KEX_FIPS_CLIENT_ENCRYPT : KEX_CLIENT_ENCRYPT;
-+ macs = ssh_FIPS_mode() ? KEX_FIPS_CLIENT_MAC : KEX_CLIENT_MAC;
-+ if (kex_assemble_names(encs, &options->ciphers) != 0 ||
-+ kex_assemble_names(macs, &options->macs) != 0 ||
-+#endif /* ENABLE_OPENSSL_FIPS */
- kex_assemble_names(KEX_CLIENT_KEX, &options->kex_algorithms) != 0 ||
- kex_assemble_names(KEX_DEFAULT_PK_ALG,
- &options->hostbased_key_types) != 0 ||
-diff -pur old/servconf.c new/servconf.c
---- old/servconf.c
-+++ new/servconf.c
-@@ -195,6 +195,10 @@ void
- fill_default_server_options(ServerOptions *options)
- {
- int i;
+#ifdef ENABLE_OPENSSL_FIPS
-+ char *encs;
-+ char *macs;
++ #define KEX_SERVER_KEX \
++ (ssh_FIPS_mode() ? (KEX_SERVER_KEX_FIPS) : (KEX_SERVER_KEX_DFLT) )
++ #define KEX_CLIENT_KEX \
++ (ssh_FIPS_mode() ? (KEX_CLIENT_KEX_FIPS) : (KEX_CLIENT_KEX_DFLT) )
++ #define KEX_DEFAULT_PK_ALG \
++ (ssh_FIPS_mode() ? (KEX_DEFAULT_PK_ALG_FIPS) : (KEX_DEFAULT_PK_ALG_DFLT) )
++ #define KEX_SERVER_ENCRYPT \
++ (ssh_FIPS_mode() ? (KEX_SERVER_ENCRYPT_FIPS) : (KEX_SERVER_ENCRYPT_DFLT))
++ #define KEX_CLIENT_ENCRYPT \
++ (ssh_FIPS_mode() ? (KEX_CLIENT_ENCRYPT_FIPS) : (KEX_CLIENT_ENCRYPT_DFLT))
++ #define KEX_SERVER_MAC \
++ (ssh_FIPS_mode() ? (KEX_SERVER_MAC_FIPS) : (KEX_SERVER_MAC_DFLT) )
++ #define KEX_CLIENT_MAC \
++ (ssh_FIPS_mode() ? (KEX_CLIENT_MAC_FIPS) : (KEX_CLIENT_MAC_DFLT) )
++#else /* ENABLE_OPENSSL_FIPS */
++ #define KEX_SERVER_KEX KEX_SERVER_KEX_DFLT
++ #define KEX_CLIENT_KEX KEX_CLIENT_KEX_DFLT
++ #define KEX_DEFAULT_PK_ALG KEX_DEFAULT_PK_ALG_DFLT
++ #define KEX_SERVER_ENCRYPT KEX_SERVER_ENCRYPT_DFLT
++ #define KEX_CLIENT_ENCRYPT KEX_CLIENT_ENCRYPT_DFLT
++ #define KEX_SERVER_MAC KEX_SERVER_MAC_DFLT
++ #define KEX_CLIENT_MAC KEX_CLIENT_MAC_DFLT
+#endif /* ENABLE_OPENSSL_FIPS */
- /* Portable-specific options */
- if (options->use_pam == -1)
-@@ -382,8 +386,15 @@ fill_default_server_options(ServerOption
- if (options->fingerprint_hash == -1)
- options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+ #else /* WITH_OPENSSL */
-+#ifndef ENABLE_OPENSSL_FIPS
- if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 ||
- kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 ||
-+#else
-+ encs = ssh_FIPS_mode() ? KEX_FIPS_SERVER_ENCRYPT : KEX_SERVER_ENCRYPT;
-+ macs = ssh_FIPS_mode() ? KEX_FIPS_SERVER_MAC : KEX_SERVER_MAC;
-+ if (kex_assemble_names(encs, &options->ciphers) != 0 ||
-+ kex_assemble_names(macs, &options->macs) != 0 ||
-+#endif /* ENABLE_OPENSSL_FIPS */
- kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 ||
- kex_assemble_names(KEX_DEFAULT_PK_ALG,
- &options->hostbased_key_types) != 0 ||
diff -pur old/ssh-add.1 new/ssh-add.1
--- old/ssh-add.1
+++ new/ssh-add.1
-@@ -114,6 +114,8 @@ and
+@@ -116,6 +116,8 @@ and
.Dq sha256 .
The default is
.Dq sha256 .
@@ -383,7 +445,7 @@
diff -pur old/ssh-add.c new/ssh-add.c
--- old/ssh-add.c
+++ new/ssh-add.c
-@@ -493,6 +493,12 @@ main(int argc, char **argv)
+@@ -488,6 +488,12 @@ main(int argc, char **argv)
__progname = ssh_get_progname(argv[0]);
seed_rng();
@@ -399,7 +461,7 @@
diff -pur old/ssh-agent.1 new/ssh-agent.1
--- old/ssh-agent.1
+++ new/ssh-agent.1
-@@ -110,6 +110,8 @@ and
+@@ -117,6 +117,8 @@ and
.Dq sha256 .
The default is
.Dq sha256 .
@@ -411,15 +473,15 @@
diff -pur old/ssh-agent.c new/ssh-agent.c
--- old/ssh-agent.c
+++ new/ssh-agent.c
-@@ -1187,6 +1187,7 @@ main(int ac, char **av)
+@@ -1199,6 +1199,7 @@ main(int ac, char **av)
struct timeval *tvp = NULL;
size_t len;
mode_t prev_mask;
+ int fips_err;
+ ssh_malloc_init(); /* must be called before any mallocs */
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
- sanitise_stdfd();
-@@ -1200,6 +1201,9 @@ main(int ac, char **av)
+@@ -1213,6 +1214,9 @@ main(int ac, char **av)
prctl(PR_SET_DUMPABLE, 0);
#endif
@@ -429,13 +491,14 @@
#ifdef WITH_OPENSSL
OpenSSL_add_all_algorithms();
#endif
-@@ -1330,7 +1334,18 @@ main(int ac, char **av)
+@@ -1343,8 +1347,19 @@ main(int ac, char **av)
printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
SSH_AUTHSOCKET_ENV_NAME);
printf("echo Agent pid %ld;\n", (long)parent_pid);
+#ifdef ENABLE_OPENSSL_FIPS
+ ssh_FIPS_check_status();
+#endif
+ fflush(stdout);
goto skip;
+#ifdef ENABLE_OPENSSL_FIPS
+ } else {
@@ -451,7 +514,7 @@
diff -pur old/ssh-keygen.1 new/ssh-keygen.1
--- old/ssh-keygen.1
+++ new/ssh-keygen.1
-@@ -268,6 +268,8 @@ and
+@@ -283,6 +283,8 @@ and
.Dq sha256 .
The default is
.Dq sha256 .
@@ -463,7 +526,7 @@
diff -pur old/ssh-keygen.c new/ssh-keygen.c
--- old/ssh-keygen.c
+++ new/ssh-keygen.c
-@@ -2224,11 +2224,18 @@ main(int argc, char **argv)
+@@ -2267,11 +2267,18 @@ main(int argc, char **argv)
__progname = ssh_get_progname(argv[0]);
@@ -485,7 +548,7 @@
diff -pur old/ssh-keysign.c new/ssh-keysign.c
--- old/ssh-keysign.c
+++ new/ssh-keysign.c
-@@ -175,6 +175,7 @@ main(int argc, char **argv)
+@@ -178,6 +178,7 @@ main(int argc, char **argv)
u_char *signature, *data, rver;
char *host, *fp;
size_t slen, dlen;
@@ -493,7 +556,7 @@
#ifdef WITH_OPENSSL
u_int32_t rnd[256];
#endif
-@@ -223,6 +224,16 @@ main(int argc, char **argv)
+@@ -228,6 +229,16 @@ main(int argc, char **argv)
if (found == 0)
fatal("could not open any host key");
@@ -513,7 +576,7 @@
diff -pur old/ssh.1 new/ssh.1
--- old/ssh.1
+++ new/ssh.1
-@@ -92,6 +92,9 @@ If
+@@ -91,6 +91,9 @@ If
is specified,
it is executed on the remote host instead of a login shell.
.Pp
@@ -526,7 +589,7 @@
diff -pur old/ssh.c new/ssh.c
--- old/ssh.c
+++ new/ssh.c
-@@ -588,6 +588,11 @@ main(int ac, char **av)
+@@ -606,6 +606,11 @@ main(int ac, char **av)
*/
initialize_options(&options);
@@ -538,7 +601,7 @@
/* Parse command-line arguments. */
host = NULL;
use_syslog = 0;
-@@ -997,6 +1002,10 @@ main(int ac, char **av)
+@@ -1016,6 +1021,10 @@ main(int ac, char **av)
#endif
);
@@ -566,8 +629,8 @@
diff -pur old/ssh_config.5 new/ssh_config.5
--- old/ssh_config.5
+++ new/ssh_config.5
-@@ -423,6 +423,13 @@ aes128-cbc,3des-cbc,blowfish-cbc,cast128
- aes192-cbc,aes256-cbc,arcfour
+@@ -489,6 +489,13 @@ [email protected],[email protected]
+ aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
.Ed
.Pp
+The following ciphers are FIPS-140 approved and are supported in FIPS-140 mode:
@@ -580,7 +643,7 @@
The list of available ciphers may also be obtained using the
.Fl Q
option of
-@@ -662,6 +669,8 @@ and
+@@ -738,6 +745,8 @@ and
.Dq sha256 .
The default is
.Dq sha256 .
@@ -589,8 +652,8 @@
.It Cm ForwardAgent
Specifies whether the connection to the authentication agent (if any)
will be forwarded to the remote machine.
-@@ -1110,6 +1119,16 @@ hmac-md5,hmac-sha1,hmac-ripemd160,
- hmac-sha1-96,hmac-md5-96
+@@ -1200,6 +1209,16 @@ [email protected],[email protected]
+ hmac-sha2-256,hmac-sha2-512,hmac-sha1
.Ed
.Pp
+The following MACs are FIPS-140 approved and are supported in FIPS-140 mode:
@@ -609,7 +672,7 @@
diff -pur old/sshconnect.c new/sshconnect.c
--- old/sshconnect.c
+++ new/sshconnect.c
-@@ -523,8 +523,14 @@ send_client_banner(int connection_out, i
+@@ -530,8 +530,14 @@ send_client_banner(int connection_out, i
{
/* Send our own protocol version identification. */
if (compat20) {
@@ -640,7 +703,7 @@
diff -pur old/sshd.c new/sshd.c
--- old/sshd.c
+++ new/sshd.c
-@@ -431,10 +431,18 @@ sshd_exchange_identification(int sock_in
+@@ -430,10 +430,18 @@ sshd_exchange_identification(int sock_in
minor = PROTOCOL_MINOR_1;
}
@@ -658,8 +721,8 @@
+#endif
/* Send our protocol version identification. */
- if (roaming_atomicio(vwrite, sock_out, server_version_string,
-@@ -1501,6 +1509,10 @@ main(int ac, char **av)
+ if (atomicio(vwrite, sock_out, server_version_string,
+@@ -1503,6 +1511,10 @@ main(int ac, char **av)
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
@@ -684,7 +747,7 @@
diff -pur old/sshd_config.5 new/sshd_config.5
--- old/sshd_config.5
+++ new/sshd_config.5
-@@ -481,6 +481,13 @@ aes128-ctr,aes192-ctr,aes256-ctr,
+@@ -482,6 +482,13 @@ aes128-ctr,aes192-ctr,aes256-ctr,
[email protected],[email protected]
.Ed
.Pp
@@ -698,7 +761,7 @@
The list of available ciphers may also be obtained using the
.Fl Q
option of
-@@ -577,6 +584,8 @@ and
+@@ -576,6 +583,8 @@ and
.Dq sha256 .
The default is
.Dq sha256 .
@@ -707,8 +770,8 @@
.It Cm ForceCommand
Forces the execution of the command specified by
.Cm ForceCommand ,
-@@ -1023,6 +1032,16 @@ [email protected],[email protected]
- hmac-sha2-256,hmac-sha2-512
+@@ -1025,6 +1034,16 @@ [email protected],[email protected]
+ hmac-sha2-256,hmac-sha2-512,hmac-sha1
.Ed
.Pp
+The following MACs are FIPS-140 approved and are supported in FIPS-140 mode:
@@ -724,3 +787,53 @@
The list of available MAC algorithms may also be obtained using the
.Fl Q
option of
+diff -pur old/sshkey.c new/sshkey.c
+--- old/sshkey.c
++++ new/sshkey.c
+@@ -85,7 +85,46 @@ struct keytype {
+ int cert;
+ int sigonly;
+ };
++
++#ifdef ENABLE_OPENSSL_FIPS
++/* in FIPS mode limit keytypes to FIPS compliant only */
++#define keytypes (ssh_FIPS_mode() ? keytypes_fips : keytypes_dflt)
++
++static const struct keytype keytypes_fips[] = {
++#ifdef WITH_OPENSSL
++ { NULL, "RSA1", KEY_RSA1, 0, 0, 0 },
++ { "ssh-rsa", "RSA", KEY_RSA, 0, 0, 0 },
++ { "rsa-sha2-256", "RSA", KEY_RSA, 0, 0, 1 },
++ { "rsa-sha2-512", "RSA", KEY_RSA, 0, 0, 1 },
++ { "ssh-dss", "DSA", KEY_DSA, 0, 0, 0 },
++# ifdef OPENSSL_HAS_ECC
++ { "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0, 0 },
++ { "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0, 0 },
++# ifdef OPENSSL_HAS_NISTP521
++ { "ecdsa-sha2-nistp521", "ECDSA", KEY_ECDSA, NID_secp521r1, 0, 0 },
++# endif /* OPENSSL_HAS_NISTP521 */
++# endif /* OPENSSL_HAS_ECC */
++ { "[email protected]", "RSA-CERT", KEY_RSA_CERT, 0, 1, 0 },
++ { "[email protected]", "DSA-CERT", KEY_DSA_CERT, 0, 1, 0 },
++# ifdef OPENSSL_HAS_ECC
++ { "ecdsa-s[email protected]", "ECDSA-CERT",
++ KEY_ECDSA_CERT, NID_X9_62_prime256v1, 1, 0 },
++ { "ecdsa-s[email protected]", "ECDSA-CERT",
++ KEY_ECDSA_CERT, NID_secp384r1, 1, 0 },
++# ifdef OPENSSL_HAS_NISTP521
++ { "ecdsa-s[email protected]", "ECDSA-CERT",
++ KEY_ECDSA_CERT, NID_secp521r1, 1, 0 },
++# endif /* OPENSSL_HAS_NISTP521 */
++# endif /* OPENSSL_HAS_ECC */
++#endif /* WITH_OPENSSL */
++ { "null", "null", KEY_NULL, 0, 0 },
++ { NULL, NULL, -1, -1, 0, 0 }
++};
++
++static const struct keytype keytypes_dflt[] = {
++#else /* ENABLE_OPENSSL_FIPS */
+ static const struct keytype keytypes[] = {
++#endif /* ENABLE_OPENSSL_FIPS */
+ { "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0, 0 },
+ { "s[email protected]", "ED25519-CERT",
+ KEY_ED25519_CERT, 0, 1, 0 },
--- a/components/openssh/patches/037-missing_or_misleading_error_messages.patch Wed Apr 20 13:13:57 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,51 +0,0 @@
-#
-# Add missing error() upon identity_sign() failure, fix typos in ssherr() calls.
-#
-# After OpenSSH code was refactored recently, DSA_do_sign() and RSA_sign()
-# failures no longer result in error messages printed out. This is particularly
-# inconvenient for FIPS mode, were these calls can fail due to non-compliant
-# crypto algorithm options.
-#
-# Investigating other missing error messages spotted two calls to ssherr()
-# with wrong error codes.
-#
-# Patch has been submitted upstream:
-# https://bugzilla.mindrot.org/show_bug.cgi?id=2507
-#
-# Update: patch has been accepted upstream, will be part of 7.2:
-# https://github.com/openssh/openssh-portable/commit/39736be
-#
-# On uprev to 7.2+ we will drop this patch.
-#
-diff -pur old/ssh-agent.c new/ssh-agent.c
---- old/ssh-agent.c
-+++ new/ssh-agent.c
-@@ -389,7 +389,7 @@ process_sign_request2(SocketEntry *e)
- if (flags & SSH_AGENT_OLD_SIGNATURE)
- compat = SSH_BUG_SIGBLOB;
- if ((r = sshkey_from_blob(blob, blen, &key)) != 0) {
-- error("%s: cannot parse key blob: %s", __func__, ssh_err(ok));
-+ error("%s: cannot parse key blob: %s", __func__, ssh_err(r));
- goto send;
- }
- if ((id = lookup_identity(key, 2)) == NULL) {
-@@ -402,7 +402,7 @@ process_sign_request2(SocketEntry *e)
- }
- if ((r = sshkey_sign(id->key, &signature, &slen,
- data, dlen, compat)) != 0) {
-- error("%s: sshkey_sign: %s", __func__, ssh_err(ok));
-+ error("%s: sshkey_sign: %s", __func__, ssh_err(r));
- goto send;
- }
- /* Success */
-diff -pur old/sshconnect2.c new/sshconnect2.c
---- old/sshconnect2.c
-+++ new/sshconnect2.c
-@@ -1167,6 +1167,7 @@ sign_and_send_pubkey(Authctxt *authctxt,
- ret = identity_sign(id, &signature, &slen,
- buffer_ptr(&b), buffer_len(&b), datafellows);
- if (ret != 0) {
-+ error("%s: signing failed: %s", __func__, ssh_err(ret));
- free(blob);
- buffer_free(&b);
- return 0;
--- a/components/openssh/patches/039-sshd_config_5_defaults.patch Wed Apr 20 13:13:57 2016 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-#
-# hmac-sha1 is heavily used in the world, and customers updating openssh should
-# have up-to-date man pages
-#
-# Upstream has been notified of this typo and is correcting it, this patch
-# will be removed when Solaris updates to an update including the fix.
-#
-
-diff -rupN old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5 2016-01-28 13:47:34.630632408 -0800
-+++ new/sshd_config.5 2016-01-28 13:48:34.129479936 -0800
-@@ -1018,7 +1018,7 @@ The default is:
- [email protected],[email protected],
- [email protected],[email protected],
- [email protected],[email protected],
--hmac-sha2-256,hmac-sha2-512
-+hmac-sha2-256,hmac-sha2-512,hmac-sha1
- .Ed
- .Pp
- The list of available MAC algorithms may also be obtained using the
--- a/components/openssh/patches/040-default_config_files.patch Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/patches/040-default_config_files.patch Wed Apr 20 13:13:57 2016 -0700
@@ -2,11 +2,12 @@
# This patch contains changes to the default SSH system configurations for
# /etc/ssh/sshd_config and /etc/ssh/ssh_config on Solaris.
#
-# This is a Solaris specific patch and will not be contributed back to tge
+# This is a Solaris specific patch and will not be contributed back to the
# upstream community.
#
---- orig/ssh_config Wed Feb 10 16:52:14 2016
-+++ new/ssh_config Wed Feb 10 18:32:20 2016
+diff -pur old/ssh_config new/ssh_config
+--- old/ssh_config
++++ new/ssh_config
@@ -24,8 +24,9 @@
# RSAAuthentication yes
# PasswordAuthentication yes
@@ -18,7 +19,7 @@
# BatchMode no
# CheckHostIP yes
# AddressFamily any
-@@ -46,3 +47,7 @@
+@@ -48,3 +49,7 @@
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
@@ -26,9 +27,12 @@
+# Send the LANG and LC_* environment variables to server.
+SendEnv LANG
+SendEnv LC_*
---- orig/sshd_config Wed Feb 10 16:52:20 2016
-+++ new/sshd_config Tue Feb 23 16:40:15 2016
-@@ -2,132 +2,95 @@
+diff -pur old/sshd_config new/sshd_config
+--- old/sshd_config
++++ new/sshd_config
+@@ -1,133 +1,96 @@
+-# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
++# $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -66,71 +70,74 @@
-#HostKey /etc/ssh/ssh_host_dsa_key
-#HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
+-
+-# Lifetime and size of ephemeral version 1 server key
+-#KeyRegenerationInterval 1h
+-#ServerKeyBits 1024
+-
+-# Ciphers and keying
+-#RekeyLimit default none
+-
+-# Logging
+-# obsoletes QuietMode and FascistLogging
+-#SyslogFacility AUTH
+-#LogLevel INFO
+# X11 tunneling options
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+X11Forwarding yes
--# Lifetime and size of ephemeral version 1 server key
--#KeyRegenerationInterval 1h
--#ServerKeyBits 1024
+-# Authentication:
+# The maximum number of concurrent unauthenticated connections to sshd.
+# start:rate:full see sshd(1) for more information.
+#MaxStartups 10:30:100
--# Ciphers and keying
--#RekeyLimit default none
-+# Banner to be printed before authentication starts.
-+Banner /etc/issue
-
--# Logging
--# obsoletes QuietMode and FascistLogging
--#SyslogFacility AUTH
--#LogLevel INFO
-+# Should sshd print the /etc/motd file and check for mail.
-+# On Solaris it is assumed that the login shell will do these (eg /etc/profile).
-+PrintMotd no
-
--# Authentication:
-+# KeepAlive specifies whether keep alive messages are sent to the client.
-+# See sshd(1) for detailed description of what this means.
-+# Note that the client may also be sending keep alive messages to the server.
-+#KeepAlive yes
-
-#LoginGraceTime 2m
-#PermitRootLogin prohibit-password
-#StrictModes yes
-#MaxAuthTries 6
-#MaxSessions 10
-+# Syslog facility and level
-+#SyslogFacility auth
-+#LogLevel info
++# Banner to be printed before authentication starts.
++Banner /etc/issue
-#RSAAuthentication yes
-#PubkeyAuthentication yes
++# Should sshd print the /etc/motd file and check for mail.
++# On Solaris it is assumed that the login shell will do these (eg /etc/profile).
++PrintMotd no
++
++# KeepAlive specifies whether keep alive messages are sent to the client.
++# See sshd(1) for detailed description of what this means.
++# Note that the client may also be sending keep alive messages to the server.
++#KeepAlive yes
++
++# Syslog facility and level
++#SyslogFacility auth
++#LogLevel info
++
+#
+# Authentication configuration
+#
-
--# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
--# but this is overridden so installations will only check .ssh/authorized_keys
--AuthorizedKeysFile .ssh/authorized_keys
++
+# Host private key files
+# Must be on a local disk and readable only by the root user (root:sys 600).
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
-
--#AuthorizedPrincipalsFile none
++
+# sshd regenerates the key every KeyRegenerationInterval seconds.
+# The key is never stored anywhere except the memory of sshd.
+# The default is 1 hour (3600 seconds).
+#KeyRegenerationInterval 3600
+-# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+-# but this is overridden so installations will only check .ssh/authorized_keys
+-AuthorizedKeysFile .ssh/authorized_keys
+-
+-#AuthorizedPrincipalsFile none
+-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-+# Ensure secure permissions on users .ssh directory.
-+#StrictModes yes
-
+-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#RhostsRSAAuthentication no
-# similar for protocol version 2
@@ -140,13 +147,16 @@
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
++# Ensure secure permissions on users .ssh directory.
++#StrictModes yes
+
+-# To disable tunneled clear text passwords, change to no here!
+-#PasswordAuthentication yes
+# Length of time in seconds before a client that hasn't completed
+# authentication is disconnected.
+# Default is 120 seconds. 0 means no time limit.
+#LoginGraceTime 120
-
--# To disable tunneled clear text passwords, change to no here!
--#PasswordAuthentication yes
++
+# Maximum number of retries for authentication
+# Default is 6.
+#MaxAuthTries 6
@@ -158,26 +168,17 @@
-# Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
-+# To disable tunneled clear text passwords, change PasswordAuthentication to no.
-+#PasswordAuthentication yes
-
+-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-+# Are root logins permitted using sshd.
-+# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
-+# maybe denied access by a PAM module regardless of this setting.
-+# Valid options are yes, without-password, no.
-+PermitRootLogin no
-
+-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-+# sftp subsystem
-+Subsystem sftp internal-sftp
-
+-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
@@ -188,8 +189,8 @@
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-#UsePAM no
-+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
-+#IgnoreUserKnownHosts yes
++# To disable tunneled clear text passwords, change PasswordAuthentication to no.
++#PasswordAuthentication yes
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
@@ -202,7 +203,7 @@
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
--UsePrivilegeSeparation sandbox # Default for new installations.
+-#UsePrivilegeSeparation sandbox
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
@@ -226,6 +227,18 @@
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server
++# Are root logins permitted using sshd.
++# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
++# maybe denied access by a PAM module regardless of this setting.
++# Valid options are yes, without-password, no.
++PermitRootLogin no
++
++# sftp subsystem
++Subsystem sftp internal-sftp
++
++# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
++#IgnoreUserKnownHosts yes
++
+# Accept the LANG and LC_* environment variables sent by the client.
+AcceptEnv LANG
+AcceptEnv LC_*
--- a/components/openssh/service-network-ssh.p5m Wed Apr 20 13:13:57 2016 -0700
+++ b/components/openssh/service-network-ssh.p5m Wed Apr 20 13:13:57 2016 -0700
@@ -32,7 +32,7 @@
value=org.opensolaris.category.2008:System/Security
set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
-set name=org.opensolaris.arc-caseid value=PSARC/2015/227
+set name=org.opensolaris.arc-caseid value=PSARC/2015/227 value=PSARC/2016/216
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
file path=etc/ssh/moduli group=sys mode=0644 overlay=allow preserve=renamenew
file path=etc/ssh/sshd_config group=sys mode=0644 \