Accepting request 680205 from network

OBS-URL: https://build.opensuse.org/request/show/680205 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=129
2019-03-01 19:27:19 +00:00 · 2019-03-01 19:27:19 +00:00 · 5a265c2de0
commit 5a265c2de0
parent 44f9d7c40f 3f73bd9831
6 changed files with 218 additions and 732 deletions
--- a/openssh-7.7p1-disable_short_DH_parameters.patch
+++ b/openssh-7.7p1-disable_short_DH_parameters.patch
@ -1,425 +0,0 @@
 # HG changeset patch
 # Parent  681914438b1a02c1940d19204138e9b8eacfda7b
 Raise minimal size of DH group parameters to 2048 bits like upstream did in
 7.2. 1024b values are believed to be in breaking range for state adversaries
 and the default moduli shipped with openssh have been around long enough to
 make it more likely for them to be broken.
 Also provide an option that allows the client to accept shorter (RFC4419
 compliant) parameters.
 CVE-2015-4000 (LOGJAM)
 bsc#932483
 Index: openssh-7.9p1/dh.c
 ===================================================================
 --- openssh-7.9p1.orig/dh.c
 +++ openssh-7.9p1/dh.c
@@ -45,6 +45,8 @@
 #include "openbsd-compat/openssl-compat.h"
 +int dh_grp_min = DH_GRP_MIN;
 +
 static int
 parse_prime(int linenum, char *line, struct dhgroup *dhg)
 {
 Index: openssh-7.9p1/dh.h
 ===================================================================
 --- openssh-7.9p1.orig/dh.h
 +++ openssh-7.9p1/dh.h
@@ -50,6 +50,7 @@ u_int	 dh_estimate(int);
  * Max value from RFC4419.
  * Miniumum increased in light of DH precomputation attacks.
  */
 +#define DH_GRP_MIN_RFC	1024
 #define DH_GRP_MIN	2048
 #define DH_GRP_MAX	8192
 Index: openssh-7.9p1/kexgexc.c
 ===================================================================
 --- openssh-7.9p1.orig/kexgexc.c
 +++ openssh-7.9p1/kexgexc.c
@@ -53,6 +53,9 @@
 #include "sshbuf.h"
 #include "misc.h"
 +/* import from dh.c */
 +extern int dh_grp_min;
 +
 static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *);
 static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *);
@@ -65,7 +68,7 @@ kexgex_client(struct ssh *ssh)
 	nbits = dh_estimate(kex->dh_need * 8);
 -	kex->min = DH_GRP_MIN;
 +	kex->min = dh_grp_min;
 	kex->max = DH_GRP_MAX;
 	kex->nbits = nbits;
 	if (datafellows & SSH_BUG_DHGEX_LARGE)
@@ -111,6 +114,12 @@ input_kex_dh_gex_group(int type, u_int32
 		goto out;
 	if ((bits = BN_num_bits(p)) < 0 ||
 	    (u_int)bits < kex->min || (u_int)bits > kex->max) {
 +		if ((u_int)bits < kex->min && (u_int)bits >= DH_GRP_MIN_RFC)
 +			logit("DH parameter offered by the server (%d bits) "
 +			    "is considered insecure. "
 +			    "You can lower the accepted the minimum "
 +			    "via the KexDHMin option.",
 +			    bits);
 		r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
 		goto out;
 	}
 Index: openssh-7.9p1/kexgexs.c
 ===================================================================
 --- openssh-7.9p1.orig/kexgexs.c
 +++ openssh-7.9p1/kexgexs.c
@@ -56,6 +56,9 @@
 #include "sshbuf.h"
 #include "misc.h"
 +/* import from dh.c */
 +extern int dh_grp_min;
 +
 static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *);
 static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *);
@@ -85,13 +88,19 @@ input_kex_dh_gex_request(int type, u_int
 	kex->nbits = nbits;
 	kex->min = min;
 	kex->max = max;
 -	min = MAXIMUM(DH_GRP_MIN, min);
 +	min = MAXIMUM(dh_grp_min, min);
 	max = MINIMUM(DH_GRP_MAX, max);
 -	nbits = MAXIMUM(DH_GRP_MIN, nbits);
 +	nbits = MAXIMUM(dh_grp_min, nbits);
 	nbits = MINIMUM(DH_GRP_MAX, nbits);
 	if (kex->max < kex->min || kex->nbits < kex->min ||
 	    kex->max < kex->nbits || kex->max < DH_GRP_MIN) {
 +		if (kex->nbits < kex->min && kex->nbits >= DH_GRP_MIN_RFC)
 +			logit("DH parameter requested by the client (%d bits) "
 +			    "is considered insecure. "
 +			    "You can lower the accepted minimum "
 +			    "via the KexDHMin option.",
 +			    kex->nbits);
 		r = SSH_ERR_DH_GEX_OUT_OF_RANGE;
 		goto out;
 	}
 Index: openssh-7.9p1/readconf.c
 ===================================================================
 --- openssh-7.9p1.orig/readconf.c
 +++ openssh-7.9p1/readconf.c
@@ -67,6 +67,7 @@
 #include "uidswap.h"
 #include "myproposal.h"
 #include "digest.h"
 +#include "dh.h"
 /* Format of the configuration file:
@@ -167,7 +168,7 @@ typedef enum {
 	oTunnel, oTunnelDevice,
 	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
 	oVisualHostKey,
 -	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
 +	oKexAlgorithms, oKexDHMin, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
 	oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
@@ -292,6 +293,7 @@ static struct {
 	{ "remotecommand", oRemoteCommand },
 	{ "visualhostkey", oVisualHostKey },
 	{ "kexalgorithms", oKexAlgorithms },
 +	{ "kexdhmin", oKexDHMin },
 	{ "ipqos", oIPQoS },
 	{ "requesttty", oRequestTTY },
 	{ "proxyusefdpass", oProxyUseFdpass },
@@ -313,6 +315,9 @@ static struct {
 	{ NULL, oBadOption }
 };
 +/* import from dh.c */
 +extern int dh_grp_min;
 +
 /*
  * Adds a local TCP/IP port forward to options.  Never returns if there is an
  * error.
@@ -1216,6 +1221,10 @@ parse_int:
 			options->kex_algorithms = xstrdup(arg);
 		break;
 +	case oKexDHMin:
 +		intptr = &options->kex_dhmin;
 +		goto parse_int;
 +
 	case oHostKeyAlgorithms:
 		charptr = &options->hostkeyalgorithms;
 parse_keytypes:
@@ -1860,6 +1869,7 @@ initialize_options(Options * options)
 	options->ciphers = NULL;
 	options->macs = NULL;
 	options->kex_algorithms = NULL;
 +	options->kex_dhmin = -1;
 	options->hostkeyalgorithms = NULL;
 	options->ca_sign_algorithms = NULL;
 	options->num_identity_files = 0;
@@ -2014,6 +2024,13 @@ fill_default_options(Options * options)
 		options->connection_attempts = 1;
 	if (options->number_of_password_prompts == -1)
 		options->number_of_password_prompts = 3;
 +	if (options->kex_dhmin == -1)
 +		options->kex_dhmin = DH_GRP_MIN;
 +	else {
 +		options->kex_dhmin = MAXIMUM(options->kex_dhmin, DH_GRP_MIN_RFC);
 +		options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX);
 +	}
 +	dh_grp_min = options->kex_dhmin;
 	/* options->hostkeyalgorithms, default set in myproposals.h */
 	if (options->add_keys_to_agent == -1)
 		options->add_keys_to_agent = 0;
 Index: openssh-7.9p1/readconf.h
 ===================================================================
 --- openssh-7.9p1.orig/readconf.h
 +++ openssh-7.9p1/readconf.h
@@ -68,6 +68,7 @@ typedef struct {
 	char   *hostkeyalgorithms;	/* SSH2 server key types in order of preference. */
 	char   *kex_algorithms;	/* SSH2 kex methods in order of preference. */
 	char   *ca_sign_algorithms;	/* Allowed CA signature algorithms */
 +	int     kex_dhmin;      /* minimum bit length of the DH group parameter */
 	char   *hostname;	/* Real host to connect. */
 	char   *host_key_alias;	/* hostname alias for .ssh/known_hosts */
 	char   *proxy_command;	/* Proxy command for connecting the host. */
 Index: openssh-7.9p1/servconf.c
 ===================================================================
 --- openssh-7.9p1.orig/servconf.c
 +++ openssh-7.9p1/servconf.c
@@ -64,6 +64,10 @@
 #include "auth.h"
 #include "myproposal.h"
 #include "digest.h"
 +#include "dh.h"
 +
 +/* import from dh.c */
 +extern int dh_grp_min;
 static void add_listen_addr(ServerOptions *, const char *,
     const char *, int);
@@ -146,6 +150,7 @@ initialize_server_options(ServerOptions
 	options->ciphers = NULL;
 	options->macs = NULL;
 	options->kex_algorithms = NULL;
 +	options->kex_dhmin = -1;
 	options->ca_sign_algorithms = NULL;
 	options->fwd_opts.gateway_ports = -1;
 	options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
@@ -267,6 +272,14 @@ fill_default_server_options(ServerOption
 	if (options->use_pam_check_locks == -1)
 		options->use_pam_check_locks = 0;
 +	if (options->kex_dhmin == -1)
 +		options->kex_dhmin = DH_GRP_MIN;
 +	else {
 +		options->kex_dhmin = MAXIMUM(options->kex_dhmin, DH_GRP_MIN_RFC);
 +		options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX);
 +	}
 +	dh_grp_min = options->kex_dhmin;
 +
 	/* Standard Options */
 	if (options->num_host_key_files == 0) {
 		/* fill default hostkeys for protocols */
@@ -494,7 +507,7 @@ typedef enum {
 	sHostCertificate,
 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
 	sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
 -	sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
 +	sKexAlgorithms, sKexDHMin, sCASignatureAlgorithms, sIPQoS, sVersionAddendum,
 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
 	sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
 	sStreamLocalBindMask, sStreamLocalBindUnlink,
@@ -635,6 +648,7 @@ static struct {
 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
 	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
 +	{ "kexdhmin", sKexDHMin },
 	{ "ipqos", sIPQoS, SSHCFG_ALL },
 	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
 	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
@@ -1735,6 +1749,10 @@ process_server_config_line(ServerOptions
 			options->kex_algorithms = xstrdup(arg);
 		break;
 +	case sKexDHMin:
 +		intptr = &options->kex_dhmin;
 +		goto parse_int;
 +
 	case sSubsystem:
 		if (options->num_subsystems >= MAX_SUBSYSTEMS) {
 			fatal("%s line %d: too many subsystems defined.",
@@ -2549,6 +2567,7 @@ dump_config(ServerOptions *o)
 	dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
 	dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
 	dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
 +	dump_cfg_int(sKexDHMin, o->kex_dhmin);
 	/* formatted integer arguments */
 	dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
 Index: openssh-7.9p1/servconf.h
 ===================================================================
 --- openssh-7.9p1.orig/servconf.h
 +++ openssh-7.9p1/servconf.h
@@ -103,6 +103,7 @@ typedef struct {
 	char   *ciphers;	/* Supported SSH2 ciphers. */
 	char   *macs;		/* Supported SSH2 macs. */
 	char   *kex_algorithms;	/* SSH2 kex methods in order of preference. */
 +	int     kex_dhmin;	/* minimum bit length of the DH group parameter */
 	struct ForwardOptions fwd_opts;	/* forwarding options */
 	SyslogFacility log_facility;	/* Facility for system logging. */
 	LogLevel log_level;	/* Level for system logging. */
 Index: openssh-7.9p1/ssh_config
 ===================================================================
 --- openssh-7.9p1.orig/ssh_config
 +++ openssh-7.9p1/ssh_config
@@ -17,6 +17,11 @@
 # list of available options, their meanings and defaults, please see the
 # ssh_config(5) man page.
 +# Minimum accepted size of the DH parameter p. By default this is set to 1024
 +# to maintain compatibility with RFC4419, but should be set higher.
 +# Upstream default is identical to setting this to 2048.
 +#KexDHMin 1024
 +
 Host *
 #   ForwardAgent no
 #   ForwardX11 no
 Index: openssh-7.9p1/ssh_config.0
 ===================================================================
 --- openssh-7.9p1.orig/ssh_config.0
 +++ openssh-7.9p1/ssh_config.0
@@ -610,6 +610,23 @@ DESCRIPTION
              The list of available key exchange algorithms may also be
              obtained using "ssh -Q kex".
 +     KexDHMin
 +             Specifies the minimum accepted bit length of the DH group
 +             parameter p.
 +
 +             As per RFC4419, this is 1024 bits, however this has increasingly
 +             been seen as insecure, which prompted the change to 2048 bits.
 +             Setting this option allows the client to accept parameters shorter
 +             than the current minimum, down to the RFC specified 1024 bits.
 +             Using this option may be needed when connecting to servers that
 +             only know short DH group parameters.
 +
 +             Note, that while by default this option is set to 1024 to maintain
 +             maximum backward compatibility, using it can severly impact
 +             security and thus should be viewed as a temporary fix of last
 +             resort and all efforts should be made to fix the (broken)
 +             counterparty.
 +
      LocalCommand
              Specifies a command to execute on the local machine after
              successfully connecting to the server.  The command string
 Index: openssh-7.9p1/ssh_config.5
 ===================================================================
 --- openssh-7.9p1.orig/ssh_config.5
 +++ openssh-7.9p1/ssh_config.5
@@ -1047,6 +1047,22 @@ diffie-hellman-group14-sha1
 .Pp
 The list of available key exchange algorithms may also be obtained using
 .Qq ssh -Q kex .
 +.It Cm KexDHMin
 +Specifies the minimum accepted bit length of the DH group
 +parameter p.
 +.Pp
 +As per RFC4419, this is 1024 bits, however this has increasingly
 +been seen as insecure, which prompted the change to 2048 bits.
 +Setting this option allows the client to accept parameters shorter
 +than the current minimum, down to the RFC specified 1024 bits.
 +Using this option may be needed when connecting to servers that
 +only know short DH group parameters.
 +.Pp
 +Note, that while by default this option is set to 1024 to maintain
 +maximum backward compatibility, using it can severly impact
 +security and thus should be viewed as a temporary fix of last
 +resort and all efforts should be made to fix the (broken)
 +counterparty.
 .It Cm LocalCommand
 Specifies a command to execute on the local machine after successfully
 connecting to the server.
 Index: openssh-7.9p1/sshd_config
 ===================================================================
 --- openssh-7.9p1.orig/sshd_config
 +++ openssh-7.9p1/sshd_config
@@ -19,6 +19,13 @@
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key
 +# Minimum accepted size of the DH parameter p. The default, which replicates
 +# upstream behaviour, is 2048. To maintain compatibility with RFC4419 it should
 +# be set to 1024.
 +# You will also need to add a HostKey directive to load a DSA key (typically
 +# located in /etc/ssh/ssh_host_dsa_key), which is not loaded by default.
 +#KexDHMin 2048
 +
 # Ciphers and keying
 #RekeyLimit default none
 Index: openssh-7.9p1/sshd_config.0
 ===================================================================
 --- openssh-7.9p1.orig/sshd_config.0
 +++ openssh-7.9p1/sshd_config.0
@@ -555,6 +555,23 @@ DESCRIPTION
              The list of available key exchange algorithms may also be
              obtained using "ssh -Q kex".
 +     KexDHMin
 +             Specifies the minimum accepted bit length of the DH group
 +             parameter p.
 +
 +             As per RFC4419, this is 1024 bits, however this has increasingly
 +             been seen as insecure, which prompted the change to 2048 bits.
 +             Setting this option allows the server to accept parameters shorter
 +             than the current minimum, down to the RFC specified 1024 bits.
 +             Using this option may be needed when some of the connectiong
 +             clients only know short DH group parameters.
 +
 +             Note, that while by default this option is set to 1024 to maintain
 +             maximum backward compatibility, using it can severly impact
 +             security and thus should be viewed as a temporary fix of last
 +             resort and all efforts should be made to fix the (broken)
 +             counterparty.
 +
      ListenAddress
              Specifies the local addresses sshd(8) should listen on.  The
              following forms may be used:
 Index: openssh-7.9p1/sshd_config.5
 ===================================================================
 --- openssh-7.9p1.orig/sshd_config.5
 +++ openssh-7.9p1/sshd_config.5
@@ -923,6 +923,22 @@ diffie-hellman-group14-sha256,diffie-hel
 .Pp
 The list of available key exchange algorithms may also be obtained using
 .Qq ssh -Q kex .
 +.It Cm KexDHMin
 +Specifies the minimum accepted bit length of the DH group
 +parameter p.
 +.Pp
 +As per RFC4419, this is 1024 bits, however this has increasingly
 +been seen as insecure, which prompted the change to 2048 bits.
 +Setting this option allows the server to accept parameters shorter
 +than the current minimum, down to the RFC specified 1024 bits.
 +Using this option may be needed when some of the connectiong
 +clients only know short DH group parameters.
 +.Pp
 +Note, that while by default this option is set to 1024 to maintain
 +maximum backward compatibility, using it can severly impact
 +security and thus should be viewed as a temporary fix of last
 +resort and all efforts should be made to fix the (broken)
 +counterparty.
 .It Cm ListenAddress
 Specifies the local addresses
 .Xr sshd 8
--- a/openssh-7.7p1-fips.patch
+++ b/openssh-7.7p1-fips.patch
@ -5,8 +5,8 @@ algorithms.
 Index: openssh-7.9p1/Makefile.in
 ===================================================================
--- openssh-7.9p1.orig/Makefile.in
+--- openssh-7.9p1.orig/Makefile.in	2019-02-28 17:20:15.767164591 +0100
-+++ openssh-7.9p1/Makefile.in
+++ openssh-7.9p1/Makefile.in	2019-02-28 20:18:30.666473978 +0100
@@ -102,6 +102,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
 	platform-pledge.o platform-tracing.o platform-misc.o
@ -18,8 +18,8 @@ Index: openssh-7.9p1/Makefile.in
 Index: openssh-7.9p1/cipher-ctr.c
 ===================================================================
--- openssh-7.9p1.orig/cipher-ctr.c
+--- openssh-7.9p1.orig/cipher-ctr.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/cipher-ctr.c
+++ openssh-7.9p1/cipher-ctr.c	2019-02-28 17:20:15.919165544 +0100
@@ -27,6 +27,8 @@
 #include "xmalloc.h"
 #include "log.h"
@ -40,8 +40,8 @@ Index: openssh-7.9p1/cipher-ctr.c
 }
 Index: openssh-7.9p1/cipher.c
 ===================================================================
--- openssh-7.9p1.orig/cipher.c
+--- openssh-7.9p1.orig/cipher.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/cipher.c
+++ openssh-7.9p1/cipher.c	2019-02-28 20:18:30.666473978 +0100
@@ -51,6 +51,8 @@
 #include "openbsd-compat/openssl-compat.h"
@ -131,23 +131,11 @@ Index: openssh-7.9p1/cipher.c
 		if (strcmp(c->name, name) == 0)
 			return c;
 	return NULL;
 Index: openssh-7.9p1/dh.h
 ===================================================================
 --- openssh-7.9p1.orig/dh.h
 +++ openssh-7.9p1/dh.h
@@ -52,6 +52,7 @@ u_int	 dh_estimate(int);
  */
 #define DH_GRP_MIN_RFC	1024
 #define DH_GRP_MIN	2048
 +#define DH_GRP_MIN_FIPS	2048
 #define DH_GRP_MAX	8192
 /*
 Index: openssh-7.9p1/fips.c
 ===================================================================
--- /dev/null
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssh-7.9p1/fips.c
+++ openssh-7.9p1/fips.c	2019-02-28 20:18:30.534473204 +0100
-@@ -0,0 +1,237 @@
+@@ -0,0 +1,215 @@
 +/*
 + * Copyright (c) 2012 Petr Cerny.  All rights reserved.
 + *
@ -363,33 +351,11 @@ Index: openssh-7.9p1/fips.c
 +	return dgst;
 +}
 +
 +int
 +fips_dh_grp_min(void)
 +{
 +	int fips;
 +	int dh;
 +
 +	fips = fips_mode();
 +	switch (fips) {
 +		case 0:
 +			dh = dh_grp_min;
 +			break;
 +		case 1:
 +			dh = DH_GRP_MIN_FIPS;
 +			break;
 +		default:
 +			/* should not be reached */
 +			fatal("Fatal error: incorrect FIPS mode '%i' at %s:%u",
 +			    fips, __FILE__, __LINE__);
 +	}
 +	return dh;
 +}
 +
 Index: openssh-7.9p1/fips.h
 ===================================================================
--- /dev/null
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssh-7.9p1/fips.h
+++ openssh-7.9p1/fips.h	2019-02-28 20:18:30.534473204 +0100
-@@ -0,0 +1,45 @@
+@@ -0,0 +1,44 @@
 +/*
 + * Copyright (c) 2012 Petr Cerny.  All rights reserved.
 + *
@ -429,7 +395,6 @@ Index: openssh-7.9p1/fips.h
 +int	 fips_mode(void);
 +int	 fips_correct_dgst(int);
 +int	 fips_dgst_min(void);
 +int	 fips_dh_grp_min(void);
 +enum fp_type	 fips_correct_fp_type(enum fp_type);
 +int	 fips_filter_crypto(char **, fips_filters);
 +
@ -437,8 +402,8 @@ Index: openssh-7.9p1/fips.h
 +
 Index: openssh-7.9p1/hmac.c
 ===================================================================
--- openssh-7.9p1.orig/hmac.c
+--- openssh-7.9p1.orig/hmac.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/hmac.c
+++ openssh-7.9p1/hmac.c	2019-02-28 17:20:15.919165544 +0100
@@ -144,7 +144,7 @@ hmac_test(void *key, size_t klen, void *
 	size_t			 i;
 	u_char			 digest[16];
@ -450,8 +415,8 @@ Index: openssh-7.9p1/hmac.c
 	    ssh_hmac_update(ctx, m, mlen) < 0 ||
 Index: openssh-7.9p1/kex.c
 ===================================================================
--- openssh-7.9p1.orig/kex.c
+--- openssh-7.9p1.orig/kex.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/kex.c
+++ openssh-7.9p1/kex.c	2019-02-28 17:20:15.919165544 +0100
@@ -54,6 +54,8 @@
 #include "sshbuf.h"
 #include "digest.h"
@ -547,59 +512,23 @@ Index: openssh-7.9p1/kex.c
 			free(s);
 			return 0;
 		}
 Index: openssh-7.9p1/kexgexc.c
 ===================================================================
 --- openssh-7.9p1.orig/kexgexc.c
 +++ openssh-7.9p1/kexgexc.c
@@ -53,8 +53,7 @@
 #include "sshbuf.h"
 #include "misc.h"
 -/* import from dh.c */
 -extern int dh_grp_min;
 +#include "fips.h"
 static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *);
 static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *);
@@ -68,7 +67,7 @@ kexgex_client(struct ssh *ssh)
 	nbits = dh_estimate(kex->dh_need * 8);
 -	kex->min = dh_grp_min;
 +	kex->min = fips_dh_grp_min();
 	kex->max = DH_GRP_MAX;
 	kex->nbits = nbits;
 	if (datafellows & SSH_BUG_DHGEX_LARGE)
 Index: openssh-7.9p1/kexgexs.c
 ===================================================================
--- openssh-7.9p1.orig/kexgexs.c
+--- openssh-7.9p1.orig/kexgexs.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/kexgexs.c
+++ openssh-7.9p1/kexgexs.c	2019-02-28 17:20:15.923165569 +0100
-@@ -56,8 +56,7 @@
+@@ -56,6 +56,8 @@
 #include "sshbuf.h"
 #include "misc.h"
 -/* import from dh.c */
 -extern int dh_grp_min;
 +#include "fips.h"
- 
+
 static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *);
 static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *);
@@ -88,9 +87,9 @@ input_kex_dh_gex_request(int type, u_int
 	kex->nbits = nbits;
 	kex->min = min;
 	kex->max = max;
 -	min = MAXIMUM(dh_grp_min, min);
 +	min = MAXIMUM(fips_dh_grp_min(), min);
 	max = MINIMUM(DH_GRP_MAX, max);
 -	nbits = MAXIMUM(dh_grp_min, nbits);
 +	nbits = MAXIMUM(fips_dh_grp_min(), nbits);
 	nbits = MINIMUM(DH_GRP_MAX, nbits);
 	if (kex->max < kex->min || kex->nbits < kex->min ||
 Index: openssh-7.9p1/mac.c
 ===================================================================
--- openssh-7.9p1.orig/mac.c
+--- openssh-7.9p1.orig/mac.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/mac.c
+++ openssh-7.9p1/mac.c	2019-02-28 17:20:15.923165569 +0100
@@ -40,6 +40,9 @@
 #include "openbsd-compat/openssl-compat.h"
@ -681,8 +610,8 @@ Index: openssh-7.9p1/mac.c
 		if (mac != NULL)
 Index: openssh-7.9p1/myproposal.h
 ===================================================================
--- openssh-7.9p1.orig/myproposal.h
+--- openssh-7.9p1.orig/myproposal.h	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/myproposal.h
+++ openssh-7.9p1/myproposal.h	2019-02-28 17:20:15.923165569 +0100
@@ -151,6 +151,8 @@
 #else /* WITH_OPENSSL */
@ -694,17 +623,18 @@ Index: openssh-7.9p1/myproposal.h
 	"curve25519-sha256@libssh.org"
 Index: openssh-7.9p1/readconf.c
 ===================================================================
--- openssh-7.9p1.orig/readconf.c
+--- openssh-7.9p1.orig/readconf.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/readconf.c
+++ openssh-7.9p1/readconf.c	2019-02-28 20:18:54.650614520 +0100
-@@ -68,6 +68,7 @@
+@@ -68,6 +68,8 @@
 #include "myproposal.h"
 #include "digest.h"
 #include "dh.h"
 +#include "fips.h"
 +#include "fips.h"
 +
 /* Format of the configuration file:
-@@ -1825,6 +1826,23 @@ option_clear_or_none(const char *o)
+    # Configuration data is parsed as follows:
@@ -1816,6 +1818,23 @@ option_clear_or_none(const char *o)
 	return o == NULL || strcasecmp(o, "none") == 0;
 }
@ -728,19 +658,7 @@ Index: openssh-7.9p1/readconf.c
 /*
  * Initializes options to special values that indicate that they have not yet
  * been set.  Read_config_file will only set options with this value. Options
-@@ -2025,9 +2043,9 @@ fill_default_options(Options * options)
+@@ -2095,6 +2114,8 @@ fill_default_options(Options * options)
 	if (options->number_of_password_prompts == -1)
 		options->number_of_password_prompts = 3;
 	if (options->kex_dhmin == -1)
 -		options->kex_dhmin = DH_GRP_MIN;
 +		options->kex_dhmin = fips_dh_grp_min();
 	else {
 -		options->kex_dhmin = MAXIMUM(options->kex_dhmin, DH_GRP_MIN_RFC);
 +		options->kex_dhmin = MAXIMUM(options->kex_dhmin, fips_dh_grp_min());
 		options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX);
 	}
 	dh_grp_min = options->kex_dhmin;
@@ -2112,6 +2130,8 @@ fill_default_options(Options * options)
 		options->canonicalize_hostname = SSH_CANONICALISE_NO;
 	if (options->fingerprint_hash == -1)
 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
@ -749,19 +667,19 @@ Index: openssh-7.9p1/readconf.c
 	if (options->update_hostkeys == -1)
 		options->update_hostkeys = 0;
-@@ -2594,6 +2614,7 @@ dump_client_config(Options *o, const cha
+@@ -2122,6 +2143,7 @@ fill_default_options(Options * options)
- 	    KEX_DEFAULT_PK_ALG, all_key) != 0)
+ 	free(all_kex);
 		fatal("%s: kex_assemble_names failed", __func__);
 	free(all_key);
-+	filter_fips_algorithms(o);
+ 	free(all_sig);
 +	filter_fips_algorithms(options);
- 	/* Most interesting options first: user, host, port */
+ #define CLEAR_ON_NONE(v) \
- 	dump_cfg_string(oUser, o->user);
+ 	do { \
 Index: openssh-7.9p1/readconf.h
 ===================================================================
--- openssh-7.9p1.orig/readconf.h
+--- openssh-7.9p1.orig/readconf.h	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/readconf.h
+++ openssh-7.9p1/readconf.h	2019-02-28 17:20:15.923165569 +0100
-@@ -198,6 +198,7 @@ typedef struct {
+@@ -197,6 +197,7 @@ typedef struct {
 #define SSH_STRICT_HOSTKEY_YES	2
 #define SSH_STRICT_HOSTKEY_ASK	3
@ -771,17 +689,17 @@ Index: openssh-7.9p1/readconf.h
 void	 fill_default_options_for_canonicalization(Options *);
 Index: openssh-7.9p1/servconf.c
 ===================================================================
--- openssh-7.9p1.orig/servconf.c
+--- openssh-7.9p1.orig/servconf.c	2019-02-28 17:20:15.851165117 +0100
-+++ openssh-7.9p1/servconf.c
+++ openssh-7.9p1/servconf.c	2019-02-28 17:20:15.923165569 +0100
-@@ -65,6 +65,7 @@
+@@ -64,6 +64,7 @@
 #include "auth.h"
 #include "myproposal.h"
 #include "digest.h"
 #include "dh.h"
 +#include "fips.h"
- /* import from dh.c */
+ static void add_listen_addr(ServerOptions *, const char *,
- extern int dh_grp_min;
+     const char *, int);
-@@ -195,6 +196,23 @@ option_clear_or_none(const char *o)
+@@ -190,6 +191,23 @@ option_clear_or_none(const char *o)
 	return o == NULL || strcasecmp(o, "none") == 0;
 }
@ -805,7 +723,7 @@ Index: openssh-7.9p1/servconf.c
 static void
 assemble_algorithms(ServerOptions *o)
 {
-@@ -224,6 +242,8 @@ assemble_algorithms(ServerOptions *o)
+@@ -219,6 +237,8 @@ assemble_algorithms(ServerOptions *o)
 	free(all_kex);
 	free(all_key);
 	free(all_sig);
@ -814,19 +732,7 @@ Index: openssh-7.9p1/servconf.c
 }
 static void
-@@ -273,9 +293,9 @@ fill_default_server_options(ServerOption
+@@ -410,6 +430,8 @@ fill_default_server_options(ServerOption
 		options->use_pam_check_locks = 0;
 	if (options->kex_dhmin == -1)
 -		options->kex_dhmin = DH_GRP_MIN;
 +		options->kex_dhmin = fips_dh_grp_min();
 	else {
 -		options->kex_dhmin = MAXIMUM(options->kex_dhmin, DH_GRP_MIN_RFC);
 +		options->kex_dhmin = MAXIMUM(options->kex_dhmin, fips_dh_grp_min());
 		options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX);
 	}
 	dh_grp_min = options->kex_dhmin;
@@ -423,6 +443,8 @@ fill_default_server_options(ServerOption
 		options->fwd_opts.streamlocal_bind_unlink = 0;
 	if (options->fingerprint_hash == -1)
 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
@ -837,8 +743,8 @@ Index: openssh-7.9p1/servconf.c
 	if (options->expose_userauth_info == -1)
 Index: openssh-7.9p1/ssh-keygen.c
 ===================================================================
--- openssh-7.9p1.orig/ssh-keygen.c
+--- openssh-7.9p1.orig/ssh-keygen.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/ssh-keygen.c
+++ openssh-7.9p1/ssh-keygen.c	2019-02-28 17:20:15.923165569 +0100
@@ -61,6 +61,8 @@
 #include "utf8.h"
 #include "authfd.h"
@ -913,8 +819,8 @@ Index: openssh-7.9p1/ssh-keygen.c
 	if (!quiet)
 Index: openssh-7.9p1/ssh_config.0
 ===================================================================
--- openssh-7.9p1.orig/ssh_config.0
+--- openssh-7.9p1.orig/ssh_config.0	2018-10-19 03:06:19.000000000 +0200
-+++ openssh-7.9p1/ssh_config.0
+++ openssh-7.9p1/ssh_config.0	2019-02-28 17:20:15.923165569 +0100
@@ -353,6 +353,9 @@ DESCRIPTION
              Specifies the hash algorithm used when displaying key
              fingerprints.  Valid options are: md5 and sha256 (the default).
@ -925,9 +831,9 @@ Index: openssh-7.9p1/ssh_config.0
      ForwardAgent
              Specifies whether the connection to the authentication agent (if
              any) will be forwarded to the remote machine.  The argument must
-@@ -627,6 +630,9 @@ DESCRIPTION
+@@ -610,6 +613,9 @@ DESCRIPTION
-              resort and all efforts should be made to fix the (broken)
+              The list of available key exchange algorithms may also be
-              counterparty.
+              obtained using "ssh -Q kex".
 +             In the FIPS mode the FIPS standard takes precedence over RFC and
 +             forces the minimum to a higher value, currently 2048 bits.
@ -937,8 +843,8 @@ Index: openssh-7.9p1/ssh_config.0
              successfully connecting to the server.  The command string
 Index: openssh-7.9p1/ssh_config.5
 ===================================================================
--- openssh-7.9p1.orig/ssh_config.5
+--- openssh-7.9p1.orig/ssh_config.5	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/ssh_config.5
+++ openssh-7.9p1/ssh_config.5	2019-02-28 17:20:15.923165569 +0100
@@ -642,6 +642,8 @@ Valid options are:
 and
 .Cm sha256
@ -948,20 +854,10 @@ Index: openssh-7.9p1/ssh_config.5
 .It Cm ForwardAgent
 Specifies whether the connection to the authentication agent (if any)
 will be forwarded to the remote machine.
@@ -1063,6 +1065,9 @@ maximum backward compatibility, using it
 security and thus should be viewed as a temporary fix of last
 resort and all efforts should be made to fix the (broken)
 counterparty.
 +.Pp
 +In the FIPS mode the FIPS standard takes precedence over RFC and
 +forces the minimum to a higher value, currently 2048 bits.
 .It Cm LocalCommand
 Specifies a command to execute on the local machine after successfully
 connecting to the server.
 Index: openssh-7.9p1/sshd.c
 ===================================================================
--- openssh-7.9p1.orig/sshd.c
+--- openssh-7.9p1.orig/sshd.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/sshd.c
+++ openssh-7.9p1/sshd.c	2019-02-28 20:18:30.534473204 +0100
@@ -123,6 +123,8 @@
 #include "version.h"
 #include "ssherr.h"
@ -973,8 +869,8 @@ Index: openssh-7.9p1/sshd.c
 #define REEXEC_STARTUP_PIPE_FD		(STDERR_FILENO + 2)
 Index: openssh-7.9p1/sshd_config.0
 ===================================================================
--- openssh-7.9p1.orig/sshd_config.0
+--- openssh-7.9p1.orig/sshd_config.0	2019-02-28 17:20:15.851165117 +0100
-+++ openssh-7.9p1/sshd_config.0
+++ openssh-7.9p1/sshd_config.0	2019-02-28 17:20:15.927165594 +0100
@@ -348,6 +348,9 @@ DESCRIPTION
              Specifies the hash algorithm used when logging key fingerprints.
              Valid options are: md5 and sha256.  The default is sha256.
@ -985,9 +881,9 @@ Index: openssh-7.9p1/sshd_config.0
      ForceCommand
              Forces the execution of the command specified by ForceCommand,
              ignoring any command supplied by the client and ~/.ssh/rc if
-@@ -572,6 +575,9 @@ DESCRIPTION
+@@ -555,6 +558,9 @@ DESCRIPTION
-              resort and all efforts should be made to fix the (broken)
+              The list of available key exchange algorithms may also be
-              counterparty.
+              obtained using "ssh -Q kex".
 +             In the FIPS mode the FIPS standard takes precedence over RFC and
 +             forces the minimum to a higher value, currently 2048 bits.
@ -997,8 +893,8 @@ Index: openssh-7.9p1/sshd_config.0
              following forms may be used:
 Index: openssh-7.9p1/sshd_config.5
 ===================================================================
--- openssh-7.9p1.orig/sshd_config.5
+--- openssh-7.9p1.orig/sshd_config.5	2019-02-28 17:20:15.851165117 +0100
-+++ openssh-7.9p1/sshd_config.5
+++ openssh-7.9p1/sshd_config.5	2019-02-28 17:20:15.927165594 +0100
@@ -603,6 +603,8 @@ and
 .Cm sha256 .
 The default is
--- a/openssh-7.7p1-fips_checks.patch
+++ b/openssh-7.7p1-fips_checks.patch
@ -14,10 +14,10 @@
 # file is not found (or the hash matches), proceed in non-FIPS mode and abort
 # otherwise.
-Index: openssh-7.8p1/fips-check.c
+Index: openssh-7.9p1/fips-check.c
 ===================================================================
--- /dev/null
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssh-7.8p1/fips-check.c
+++ openssh-7.9p1/fips-check.c	2019-02-27 14:03:03.383988170 +0100
@@ -0,0 +1,34 @@
 +#include "includes.h"
 +#include <fcntl.h>
@ -53,10 +53,10 @@ Index: openssh-7.8p1/fips-check.c
 +    fips_ssh_init();
 +	return 0;
 +}
-Index: openssh-7.8p1/fips.c
+Index: openssh-7.9p1/fips.c
 ===================================================================
--- openssh-7.8p1.orig/fips.c
+--- openssh-7.9p1.orig/fips.c	2019-02-27 14:03:03.323987792 +0100
-+++ openssh-7.8p1/fips.c
+++ openssh-7.9p1/fips.c	2019-02-27 14:03:03.383988170 +0100
@@ -35,33 +35,296 @@
 #include "log.h"
 #include "xmalloc.h"
@ -365,15 +365,10 @@ Index: openssh-7.8p1/fips.c
 int
 fips_mode(void)
 {
-@@ -234,4 +497,3 @@ fips_dh_grp_min(void)
+Index: openssh-7.9p1/fips.h
 	}
 	return dh;
 }
 -
 Index: openssh-7.8p1/fips.h
 ===================================================================
--- openssh-7.8p1.orig/fips.h
+--- openssh-7.9p1.orig/fips.h	2019-02-27 14:03:03.323987792 +0100
-+++ openssh-7.8p1/fips.h
+++ openssh-7.9p1/fips.h	2019-02-27 14:03:03.383988170 +0100
@@ -1,5 +1,5 @@
 /*
 - * Copyright (c) 2012 Petr Cerny.  All rights reserved.
@ -410,15 +405,15 @@ Index: openssh-7.8p1/fips.h
 int	 fips_mode(void);
 int	 fips_correct_dgst(int);
 int	 fips_dgst_min(void);
-@@ -42,4 +57,3 @@ enum fp_type	 fips_correct_fp_type(enum
+@@ -41,4 +56,3 @@ enum fp_type	 fips_correct_fp_type(enum
 int	 fips_filter_crypto(char **, fips_filters);
 #endif
 -
-Index: openssh-7.8p1/sftp-server.c
+Index: openssh-7.9p1/sftp-server.c
 ===================================================================
--- openssh-7.8p1.orig/sftp-server.c
+--- openssh-7.9p1.orig/sftp-server.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.8p1/sftp-server.c
+++ openssh-7.9p1/sftp-server.c	2019-02-27 14:03:03.383988170 +0100
@@ -51,6 +51,8 @@
 #include "sftp.h"
 #include "sftp-common.h"
@ -438,10 +433,10 @@ Index: openssh-7.8p1/sftp-server.c
 	ssh_malloc_init();	/* must be called before any mallocs */
 	__progname = ssh_get_progname(argv[0]);
 	log_init(__progname, log_level, log_facility, log_stderr);
-Index: openssh-7.8p1/ssh.c
+Index: openssh-7.9p1/ssh.c
 ===================================================================
--- openssh-7.8p1.orig/ssh.c
+--- openssh-7.9p1.orig/ssh.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.8p1/ssh.c
+++ openssh-7.9p1/ssh.c	2019-02-27 14:03:03.387988194 +0100
@@ -113,6 +113,8 @@
 #include "ssh-pkcs11.h"
 #endif
@ -462,11 +457,11 @@ Index: openssh-7.8p1/ssh.c
 	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
-Index: openssh-7.8p1/sshd.c
+Index: openssh-7.9p1/sshd.c
 ===================================================================
--- openssh-7.8p1.orig/sshd.c
+--- openssh-7.9p1.orig/sshd.c	2019-02-27 14:03:03.327987816 +0100
-+++ openssh-7.8p1/sshd.c
+++ openssh-7.9p1/sshd.c	2019-02-27 14:03:03.387988194 +0100
-@@ -1486,6 +1486,10 @@ main(int ac, char **av)
+@@ -1485,6 +1485,10 @@ main(int ac, char **av)
 	Authctxt *authctxt;
 	struct connection_info *connection_info = NULL;
--- a/openssh-7.7p1-gssapi_key_exchange.patch
+++ b/openssh-7.7p1-gssapi_key_exchange.patch
@ -3,8 +3,8 @@
 Index: openssh-7.9p1/Makefile.in
 ===================================================================
--- openssh-7.9p1.orig/Makefile.in
+--- openssh-7.9p1.orig/Makefile.in	2019-02-27 15:43:51.360515721 +0100
-+++ openssh-7.9p1/Makefile.in
+++ openssh-7.9p1/Makefile.in	2019-02-27 15:43:55.360539487 +0100
@@ -104,10 +104,13 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
 	kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
@ -30,8 +30,8 @@ Index: openssh-7.9p1/Makefile.in
 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 Index: openssh-7.9p1/auth-krb5.c
 ===================================================================
--- openssh-7.9p1.orig/auth-krb5.c
+--- openssh-7.9p1.orig/auth-krb5.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/auth-krb5.c
+++ openssh-7.9p1/auth-krb5.c	2019-02-27 15:43:51.428516125 +0100
@@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, c
 	len = strlen(authctxt->krb5_ticket_file) + 6;
@ -76,8 +76,8 @@ Index: openssh-7.9p1/auth-krb5.c
 }
 Index: openssh-7.9p1/auth.c
 ===================================================================
--- openssh-7.9p1.orig/auth.c
+--- openssh-7.9p1.orig/auth.c	2019-02-27 15:43:51.228514936 +0100
-+++ openssh-7.9p1/auth.c
+++ openssh-7.9p1/auth.c	2019-02-27 15:43:55.360539487 +0100
@@ -399,6 +399,7 @@ auth_root_allowed(struct ssh *ssh, const
 	case PERMIT_NO_PASSWD:
 		if (strcmp(method, "publickey") == 0 ||
@ -88,8 +88,8 @@ Index: openssh-7.9p1/auth.c
 		break;
 Index: openssh-7.9p1/auth2-gss.c
 ===================================================================
--- openssh-7.9p1.orig/auth2-gss.c
+--- openssh-7.9p1.orig/auth2-gss.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/auth2-gss.c
+++ openssh-7.9p1/auth2-gss.c	2019-02-27 15:43:51.428516125 +0100
@@ -31,6 +31,7 @@
 #include <sys/types.h>
@ -143,7 +143,7 @@ Index: openssh-7.9p1/auth2-gss.c
  * We only support those mechanisms that we know about (ie ones that we know
  * how to check local user kuserok and the like)
  */
-@@ -260,7 +302,8 @@ input_gssapi_exchange_complete(int type,
+@@ -260,7 +299,8 @@ input_gssapi_exchange_complete(int type,
 	if ((r = sshpkt_get_end(ssh)) != 0)
 		fatal("%s: %s", __func__, ssh_err(r));
@ -153,7 +153,7 @@ Index: openssh-7.9p1/auth2-gss.c
 	if ((!use_privsep || mm_is_monitor()) &&
 	    (displayname = ssh_gssapi_displayname()) != NULL)
-@@ -306,7 +349,8 @@ input_gssapi_mic(int type, u_int32_t ple
+@@ -306,7 +346,8 @@ input_gssapi_mic(int type, u_int32_t ple
 	gssbuf.length = sshbuf_len(b);
 	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))
@ -163,7 +163,7 @@ Index: openssh-7.9p1/auth2-gss.c
 	else
 		logit("GSSAPI MIC check failed");
-@@ -326,6 +370,12 @@ input_gssapi_mic(int type, u_int32_t ple
+@@ -326,6 +367,12 @@ input_gssapi_mic(int type, u_int32_t ple
 	return 0;
 }
@ -178,8 +178,8 @@ Index: openssh-7.9p1/auth2-gss.c
 	userauth_gssapi,
 Index: openssh-7.9p1/auth2.c
 ===================================================================
--- openssh-7.9p1.orig/auth2.c
+--- openssh-7.9p1.orig/auth2.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/auth2.c
+++ openssh-7.9p1/auth2.c	2019-02-27 15:43:55.360539487 +0100
@@ -74,6 +74,7 @@ extern Authmethod method_passwd;
 extern Authmethod method_kbdint;
 extern Authmethod method_hostbased;
@ -198,8 +198,8 @@ Index: openssh-7.9p1/auth2.c
 	&method_passwd,
 Index: openssh-7.9p1/clientloop.c
 ===================================================================
--- openssh-7.9p1.orig/clientloop.c
+--- openssh-7.9p1.orig/clientloop.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/clientloop.c
+++ openssh-7.9p1/clientloop.c	2019-02-27 15:43:51.428516125 +0100
@@ -112,6 +112,10 @@
 #include "ssherr.h"
 #include "hostfile.h"
@ -233,8 +233,8 @@ Index: openssh-7.9p1/clientloop.c
 Index: openssh-7.9p1/configure.ac
 ===================================================================
--- openssh-7.9p1.orig/configure.ac
+--- openssh-7.9p1.orig/configure.ac	2019-02-27 15:43:51.412516029 +0100
-+++ openssh-7.9p1/configure.ac
+++ openssh-7.9p1/configure.ac	2019-02-27 15:43:55.192538489 +0100
@@ -664,6 +664,30 @@ main() { if (NSVersionOfRunTimeLibrary("
 	    [Use tunnel device compatibility to OpenBSD])
 	AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
@ -308,8 +308,8 @@ Index: openssh-7.9p1/configure.ac
 	if test "X$maildir" != "X"; then
 Index: openssh-7.9p1/gss-genr.c
 ===================================================================
--- openssh-7.9p1.orig/gss-genr.c
+--- openssh-7.9p1.orig/gss-genr.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/gss-genr.c
+++ openssh-7.9p1/gss-genr.c	2019-02-27 15:43:54.528534543 +0100
@@ -41,12 +41,174 @@
 #include "sshbuf.h"
 #include "log.h"
@ -485,7 +485,7 @@ Index: openssh-7.9p1/gss-genr.c
 /* sshbuf_get for gss_buffer_desc */
 int
 ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)
-@@ -218,7 +381,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int de
+@@ -218,7 +380,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int de
 	}
 	ctx->major = gss_init_sec_context(&ctx->minor,
@ -494,7 +494,7 @@ Index: openssh-7.9p1/gss-genr.c
 	    GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
 	    0, NULL, recv_tok, NULL, send_tok, flags, NULL);
-@@ -248,8 +411,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
+@@ -248,8 +410,42 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
 }
 OM_uint32
@ -537,7 +537,7 @@ Index: openssh-7.9p1/gss-genr.c
 	if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
 	    GSS_C_QOP_DEFAULT, buffer, hash)))
 		ssh_gssapi_error(ctx);
-@@ -257,6 +454,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
+@@ -257,6 +453,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
 	return (ctx->major);
 }
@ -557,7 +557,7 @@ Index: openssh-7.9p1/gss-genr.c
 void
 ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
     const char *context)
-@@ -273,22 +483,31 @@ ssh_gssapi_buildmic(struct sshbuf *b, co
+@@ -273,22 +482,31 @@ ssh_gssapi_buildmic(struct sshbuf *b, co
 }
 int
@ -592,7 +592,7 @@ Index: openssh-7.9p1/gss-genr.c
 		    NULL);
 		gss_release_buffer(&minor, &token);
 		if ((*ctx)->context != GSS_C_NO_CONTEXT)
-@@ -296,10 +515,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
+@@ -296,10 +514,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
 			    GSS_C_NO_BUFFER);
 	}
@ -662,8 +662,8 @@ Index: openssh-7.9p1/gss-genr.c
 #endif /* GSSAPI */
 Index: openssh-7.9p1/gss-serv-krb5.c
 ===================================================================
--- openssh-7.9p1.orig/gss-serv-krb5.c
+--- openssh-7.9p1.orig/gss-serv-krb5.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/gss-serv-krb5.c
+++ openssh-7.9p1/gss-serv-krb5.c	2019-02-27 15:43:51.432516148 +0100
@@ -120,7 +120,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
 	krb5_error_code problem;
 	krb5_principal princ;
@ -701,7 +701,7 @@ Index: openssh-7.9p1/gss-serv-krb5.c
 #ifdef USE_PAM
 	if (options.use_pam)
-@@ -193,9 +208,76 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
+@@ -193,9 +205,76 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl
 	krb5_cc_close(krb_context, ccache);
@ -778,7 +778,7 @@ Index: openssh-7.9p1/gss-serv-krb5.c
 ssh_gssapi_mech gssapi_kerberos_mech = {
 	"toWM5Slw5Ew8Mqkay+al2g==",
 	"Kerberos",
-@@ -203,7 +285,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
+@@ -203,7 +282,8 @@ ssh_gssapi_mech gssapi_kerberos_mech = {
 	NULL,
 	&ssh_gssapi_krb5_userok,
 	NULL,
@ -790,8 +790,8 @@ Index: openssh-7.9p1/gss-serv-krb5.c
 #endif /* KRB5 */
 Index: openssh-7.9p1/gss-serv.c
 ===================================================================
--- openssh-7.9p1.orig/gss-serv.c
+--- openssh-7.9p1.orig/gss-serv.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/gss-serv.c
+++ openssh-7.9p1/gss-serv.c	2019-02-27 15:43:51.432516148 +0100
@@ -44,17 +44,19 @@
 #include "session.h"
 #include "misc.h"
@ -1075,8 +1075,8 @@ Index: openssh-7.9p1/gss-serv.c
 /* Privileged */
 Index: openssh-7.9p1/kex.c
 ===================================================================
--- openssh-7.9p1.orig/kex.c
+--- openssh-7.9p1.orig/kex.c	2019-02-27 15:43:51.296515340 +0100
-+++ openssh-7.9p1/kex.c
+++ openssh-7.9p1/kex.c	2019-02-27 15:43:55.360539487 +0100
@@ -56,6 +56,10 @@
 #include "fips.h"
@ -1126,8 +1126,8 @@ Index: openssh-7.9p1/kex.c
 }
 Index: openssh-7.9p1/kex.h
 ===================================================================
--- openssh-7.9p1.orig/kex.h
+--- openssh-7.9p1.orig/kex.h	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/kex.h
+++ openssh-7.9p1/kex.h	2019-02-27 15:43:55.360539487 +0100
@@ -100,6 +100,11 @@ enum kex_exchange {
 	KEX_DH_GEX_SHA256,
 	KEX_ECDH_SHA2,
@ -1166,8 +1166,8 @@ Index: openssh-7.9p1/kex.h
     const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
 Index: openssh-7.9p1/kexgssc.c
 ===================================================================
--- /dev/null
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssh-7.9p1/kexgssc.c
+++ openssh-7.9p1/kexgssc.c	2019-02-27 15:44:14.792654941 +0100
@@ -0,0 +1,346 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@ -1240,7 +1240,7 @@ Index: openssh-7.9p1/kexgssc.c
 +	char *lang;
 +	int type = 0;
 +	int first = 1;
-+	int nbits = 0, min = fips_dh_grp_min(), max = DH_GRP_MAX;
+	int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
 +	u_char hash[SSH_DIGEST_MAX_LENGTH];
 +	size_t hashlen;
 +
@ -1517,9 +1517,9 @@ Index: openssh-7.9p1/kexgssc.c
 +#endif /* GSSAPI */
 Index: openssh-7.9p1/kexgsss.c
 ===================================================================
--- /dev/null
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssh-7.9p1/kexgsss.c
+++ openssh-7.9p1/kexgsss.c	2019-02-27 15:43:51.432516148 +0100
-@@ -0,0 +1,308 @@
+@@ -0,0 +1,302 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@ -1636,16 +1636,10 @@ Index: openssh-7.9p1/kexgsss.c
 +		cmin = packet_get_int();
 +		nbits = packet_get_int();
 +		cmax = packet_get_int();
-+		min = MAX(fips_dh_grp_min(), cmin);
+		min = MAX(DH_GRP_MIN, cmin);
 +		max = MIN(DH_GRP_MAX, cmax);
 +		packet_check_eom();
 +		if (max < min || nbits < min || max < nbits) {
 +			if (nbits < min && nbits >= DH_GRP_MIN_RFC)
 +				logit("DH parameter requested by the client (%d bits) "
 +				    "is considered insecure. "
 +				    "You can lower the accepted minimum "
 +				    "via the KexDHMin option.",
 +				    nbits);
 +			fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
 +			    min, nbits, max);
 +		}
@ -1830,8 +1824,8 @@ Index: openssh-7.9p1/kexgsss.c
 +#endif /* GSSAPI */
 Index: openssh-7.9p1/monitor.c
 ===================================================================
--- openssh-7.9p1.orig/monitor.c
+--- openssh-7.9p1.orig/monitor.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/monitor.c
+++ openssh-7.9p1/monitor.c	2019-02-27 15:43:55.360539487 +0100
@@ -145,6 +145,8 @@ int mm_answer_gss_setup_ctx(int, struct
 int mm_answer_gss_accept_ctx(int, struct sshbuf *);
 int mm_answer_gss_userok(int, struct sshbuf *);
@ -2045,8 +2039,8 @@ Index: openssh-7.9p1/monitor.c
 +#endif /* GSSAPI */
 Index: openssh-7.9p1/monitor.h
 ===================================================================
--- openssh-7.9p1.orig/monitor.h
+--- openssh-7.9p1.orig/monitor.h	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/monitor.h
+++ openssh-7.9p1/monitor.h	2019-02-27 15:43:55.360539487 +0100
@@ -63,6 +63,9 @@ enum monitor_reqtype {
 	MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111,
 	MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113,
@ -2059,8 +2053,8 @@ Index: openssh-7.9p1/monitor.h
 struct monitor {
 Index: openssh-7.9p1/monitor_wrap.c
 ===================================================================
--- openssh-7.9p1.orig/monitor_wrap.c
+--- openssh-7.9p1.orig/monitor_wrap.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/monitor_wrap.c
+++ openssh-7.9p1/monitor_wrap.c	2019-02-27 15:43:55.360539487 +0100
@@ -984,7 +984,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
 }
@ -2125,8 +2119,8 @@ Index: openssh-7.9p1/monitor_wrap.c
 #endif /* GSSAPI */
 Index: openssh-7.9p1/monitor_wrap.h
 ===================================================================
--- openssh-7.9p1.orig/monitor_wrap.h
+--- openssh-7.9p1.orig/monitor_wrap.h	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/monitor_wrap.h
+++ openssh-7.9p1/monitor_wrap.h	2019-02-27 15:43:55.360539487 +0100
@@ -60,8 +60,10 @@ int mm_sshkey_verify(const struct sshkey
 OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
 OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
@ -2141,8 +2135,8 @@ Index: openssh-7.9p1/monitor_wrap.h
 #ifdef USE_PAM
 Index: openssh-7.9p1/readconf.c
 ===================================================================
--- openssh-7.9p1.orig/readconf.c
+--- openssh-7.9p1.orig/readconf.c	2019-02-27 15:43:51.296515340 +0100
-+++ openssh-7.9p1/readconf.c
+++ openssh-7.9p1/readconf.c	2019-02-27 15:43:51.432516148 +0100
@@ -163,6 +163,8 @@ typedef enum {
 	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
 	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@ -2173,7 +2167,7 @@ Index: openssh-7.9p1/readconf.c
 #endif
 #ifdef ENABLE_PKCS11
 	{ "smartcarddevice", oPKCS11Provider },
-@@ -980,10 +992,30 @@ parse_time:
+@@ -976,10 +988,30 @@ parse_time:
 		intptr = &options->gss_authentication;
 		goto parse_flag;
@ -2204,7 +2198,7 @@ Index: openssh-7.9p1/readconf.c
 	case oBatchMode:
 		intptr = &options->batch_mode;
 		goto parse_flag;
-@@ -1869,7 +1901,12 @@ initialize_options(Options * options)
+@@ -1861,7 +1893,12 @@ initialize_options(Options * options)
 	options->pubkey_authentication = -1;
 	options->challenge_response_authentication = -1;
 	options->gss_authentication = -1;
@ -2217,7 +2211,7 @@ Index: openssh-7.9p1/readconf.c
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
 	options->kbd_interactive_devices = NULL;
-@@ -2016,8 +2053,14 @@ fill_default_options(Options * options)
+@@ -2007,8 +2044,14 @@ fill_default_options(Options * options)
 		options->challenge_response_authentication = 1;
 	if (options->gss_authentication == -1)
 		options->gss_authentication = 0;
@ -2234,8 +2228,8 @@ Index: openssh-7.9p1/readconf.c
 	if (options->kbd_interactive_authentication == -1)
 Index: openssh-7.9p1/readconf.h
 ===================================================================
--- openssh-7.9p1.orig/readconf.h
+--- openssh-7.9p1.orig/readconf.h	2019-02-27 15:43:51.296515340 +0100
-+++ openssh-7.9p1/readconf.h
+++ openssh-7.9p1/readconf.h	2019-02-27 15:43:51.432516148 +0100
@@ -40,7 +40,12 @@ typedef struct {
 	int     challenge_response_authentication;
 					/* Try S/Key or TIS, authentication. */
@ -2251,8 +2245,8 @@ Index: openssh-7.9p1/readconf.h
 	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 Index: openssh-7.9p1/regress/cert-hostkey.sh
 ===================================================================
--- openssh-7.9p1.orig/regress/cert-hostkey.sh
+--- openssh-7.9p1.orig/regress/cert-hostkey.sh	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/regress/cert-hostkey.sh
+++ openssh-7.9p1/regress/cert-hostkey.sh	2019-02-27 15:43:51.432516148 +0100
@@ -66,7 +66,7 @@ touch $OBJ/host_revoked_plain
 touch $OBJ/host_revoked_cert
 cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca
@ -2264,8 +2258,8 @@ Index: openssh-7.9p1/regress/cert-hostkey.sh
 	PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
 Index: openssh-7.9p1/regress/cert-userkey.sh
 ===================================================================
--- openssh-7.9p1.orig/regress/cert-userkey.sh
+--- openssh-7.9p1.orig/regress/cert-userkey.sh	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/regress/cert-userkey.sh
+++ openssh-7.9p1/regress/cert-userkey.sh	2019-02-27 15:43:51.432516148 +0100
@@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/us
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
 cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
@ -2277,8 +2271,8 @@ Index: openssh-7.9p1/regress/cert-userkey.sh
 if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
 Index: openssh-7.9p1/regress/kextype.sh
 ===================================================================
--- openssh-7.9p1.orig/regress/kextype.sh
+--- openssh-7.9p1.orig/regress/kextype.sh	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/regress/kextype.sh
+++ openssh-7.9p1/regress/kextype.sh	2019-02-27 15:43:51.432516148 +0100
@@ -14,6 +14,9 @@ echo "KexAlgorithms=$KEXOPT" >> $OBJ/ssh
 tries="1 2 3 4"
@ -2291,8 +2285,8 @@ Index: openssh-7.9p1/regress/kextype.sh
 		${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true
 Index: openssh-7.9p1/regress/rekey.sh
 ===================================================================
--- openssh-7.9p1.orig/regress/rekey.sh
+--- openssh-7.9p1.orig/regress/rekey.sh	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/regress/rekey.sh
+++ openssh-7.9p1/regress/rekey.sh	2019-02-27 15:43:51.436516173 +0100
@@ -38,6 +38,9 @@ increase_datafile_size 300
 opts=""
@ -2315,9 +2309,9 @@ Index: openssh-7.9p1/regress/rekey.sh
     done
 Index: openssh-7.9p1/servconf.c
 ===================================================================
--- openssh-7.9p1.orig/servconf.c
+--- openssh-7.9p1.orig/servconf.c	2019-02-27 15:43:51.296515340 +0100
-+++ openssh-7.9p1/servconf.c
+++ openssh-7.9p1/servconf.c	2019-02-27 15:43:51.436516173 +0100
-@@ -130,8 +130,10 @@ initialize_server_options(ServerOptions
+@@ -126,8 +126,10 @@ initialize_server_options(ServerOptions
 	options->kerberos_ticket_cleanup = -1;
 	options->kerberos_get_afs_token = -1;
 	options->gss_authentication=-1;
@ -2328,7 +2322,7 @@ Index: openssh-7.9p1/servconf.c
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
 	options->challenge_response_authentication = -1;
-@@ -373,10 +375,14 @@ fill_default_server_options(ServerOption
+@@ -360,10 +362,14 @@ fill_default_server_options(ServerOption
 		options->kerberos_get_afs_token = 0;
 	if (options->gss_authentication == -1)
 		options->gss_authentication = 0;
@ -2343,7 +2337,7 @@ Index: openssh-7.9p1/servconf.c
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)
-@@ -523,6 +529,7 @@ typedef enum {
+@@ -510,6 +516,7 @@ typedef enum {
 	sHostKeyAlgorithms,
 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
 	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@ -2351,7 +2345,7 @@ Index: openssh-7.9p1/servconf.c
 	sAcceptEnv, sSetEnv, sPermitTunnel,
 	sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
 	sUsePrivilegeSeparation, sAllowAgentForwarding,
-@@ -600,11 +607,17 @@ static struct {
+@@ -587,11 +594,17 @@ static struct {
 	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
 	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
 	{ "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL },
@ -2369,7 +2363,7 @@ Index: openssh-7.9p1/servconf.c
 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
 	{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
-@@ -1512,6 +1525,10 @@ process_server_config_line(ServerOptions
+@@ -1498,6 +1511,10 @@ process_server_config_line(ServerOptions
 		intptr = &options->gss_authentication;
 		goto parse_flag;
@ -2380,7 +2374,7 @@ Index: openssh-7.9p1/servconf.c
 	case sGssCleanupCreds:
 		intptr = &options->gss_cleanup_creds;
 		goto parse_flag;
-@@ -1520,6 +1537,10 @@ process_server_config_line(ServerOptions
+@@ -1506,6 +1523,10 @@ process_server_config_line(ServerOptions
 		intptr = &options->gss_strict_acceptor;
 		goto parse_flag;
@ -2391,7 +2385,7 @@ Index: openssh-7.9p1/servconf.c
 	case sPasswordAuthentication:
 		intptr = &options->password_authentication;
 		goto parse_flag;
-@@ -2313,6 +2334,10 @@ copy_set_server_options(ServerOptions *d
+@@ -2295,6 +2316,10 @@ copy_set_server_options(ServerOptions *d
 	M_CP_INTOPT(password_authentication);
 	M_CP_INTOPT(gss_authentication);
@ -2402,7 +2396,7 @@ Index: openssh-7.9p1/servconf.c
 	M_CP_INTOPT(pubkey_authentication);
 	M_CP_INTOPT(kerberos_authentication);
 	M_CP_INTOPT(hostbased_authentication);
-@@ -2609,7 +2634,10 @@ dump_config(ServerOptions *o)
+@@ -2590,7 +2615,10 @@ dump_config(ServerOptions *o)
 #endif
 #ifdef GSSAPI
 	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@ -2415,8 +2409,8 @@ Index: openssh-7.9p1/servconf.c
 	dump_cfg_fmtint(sKbdInteractiveAuthentication,
 Index: openssh-7.9p1/servconf.h
 ===================================================================
--- openssh-7.9p1.orig/servconf.h
+--- openssh-7.9p1.orig/servconf.h	2019-02-27 15:43:51.232514961 +0100
-+++ openssh-7.9p1/servconf.h
+++ openssh-7.9p1/servconf.h	2019-02-27 15:43:51.436516173 +0100
@@ -16,6 +16,8 @@
 #ifndef SERVCONF_H
 #define SERVCONF_H
@ -2426,7 +2420,7 @@ Index: openssh-7.9p1/servconf.h
 #define MAX_PORTS		256	/* Max # ports. */
 #define MAX_SUBSYSTEMS		256	/* Max # subsystems. */
-@@ -126,8 +128,10 @@ typedef struct {
+@@ -125,8 +127,10 @@ typedef struct {
 	int     kerberos_get_afs_token;		/* If true, try to get AFS token if
 						 * authenticated with Kerberos. */
 	int     gss_authentication;	/* If true, permit GSSAPI authentication */
@ -2439,8 +2433,8 @@ Index: openssh-7.9p1/servconf.h
 	int     kbd_interactive_authentication;	/* If true, permit */
 Index: openssh-7.9p1/ssh-gss.h
 ===================================================================
--- openssh-7.9p1.orig/ssh-gss.h
+--- openssh-7.9p1.orig/ssh-gss.h	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/ssh-gss.h
+++ openssh-7.9p1/ssh-gss.h	2019-02-27 15:43:51.436516173 +0100
@@ -61,10 +61,22 @@
 #define SSH_GSS_OIDTYPE 0x06
@ -2533,9 +2527,9 @@ Index: openssh-7.9p1/ssh-gss.h
 #endif /* _SSH_GSS_H */
 Index: openssh-7.9p1/ssh_config
 ===================================================================
--- openssh-7.9p1.orig/ssh_config
+--- openssh-7.9p1.orig/ssh_config	2019-02-27 15:43:51.172514604 +0100
-+++ openssh-7.9p1/ssh_config
+++ openssh-7.9p1/ssh_config	2019-02-27 15:43:51.436516173 +0100
-@@ -45,6 +45,8 @@ Host *
+@@ -40,6 +40,8 @@ Host *
 #   HostbasedAuthentication no
 #   GSSAPIAuthentication no
 #   GSSAPIDelegateCredentials no
@ -2546,8 +2540,8 @@ Index: openssh-7.9p1/ssh_config
 #   AddressFamily any
 Index: openssh-7.9p1/ssh_config.0
 ===================================================================
--- openssh-7.9p1.orig/ssh_config.0
+--- openssh-7.9p1.orig/ssh_config.0	2019-02-27 15:43:51.300515365 +0100
-+++ openssh-7.9p1/ssh_config.0
+++ openssh-7.9p1/ssh_config.0	2019-02-27 15:43:51.436516173 +0100
@@ -422,9 +422,40 @@ DESCRIPTION
              Specifies whether user authentication based on GSSAPI is allowed.
              The default is no.
@ -2591,8 +2585,8 @@ Index: openssh-7.9p1/ssh_config.0
              they are added to ~/.ssh/known_hosts.  These hashed names may be
 Index: openssh-7.9p1/ssh_config.5
 ===================================================================
--- openssh-7.9p1.orig/ssh_config.5
+--- openssh-7.9p1.orig/ssh_config.5	2019-02-27 15:43:51.300515365 +0100
-+++ openssh-7.9p1/ssh_config.5
+++ openssh-7.9p1/ssh_config.5	2019-02-27 15:43:51.436516173 +0100
@@ -738,10 +738,40 @@ The default is
 Specifies whether user authentication based on GSSAPI is allowed.
 The default is
@ -2636,8 +2630,8 @@ Index: openssh-7.9p1/ssh_config.5
 .Xr ssh 1
 Index: openssh-7.9p1/sshconnect2.c
 ===================================================================
--- openssh-7.9p1.orig/sshconnect2.c
+--- openssh-7.9p1.orig/sshconnect2.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/sshconnect2.c
+++ openssh-7.9p1/sshconnect2.c	2019-02-27 15:43:51.436516173 +0100
@@ -82,6 +82,124 @@ extern char *client_version_string;
 extern char *server_version_string;
 extern Options options;
@ -2956,7 +2950,7 @@ Index: openssh-7.9p1/sshconnect2.c
 #endif /* GSSAPI */
 int
-@@ -1473,8 +1716,8 @@ key_type_allowed_by_config(struct sshkey
+@@ -1473,8 +1713,8 @@ key_type_allowed_by_config(struct sshkey
 /*
  * try keys in the following order:
@ -2969,8 +2963,8 @@ Index: openssh-7.9p1/sshconnect2.c
  *	5. keys that are only listed in the config file
 Index: openssh-7.9p1/sshd.c
 ===================================================================
--- openssh-7.9p1.orig/sshd.c
+--- openssh-7.9p1.orig/sshd.c	2019-02-27 15:43:51.412516029 +0100
-+++ openssh-7.9p1/sshd.c
+++ openssh-7.9p1/sshd.c	2019-02-27 15:43:55.360539487 +0100
@@ -131,6 +131,10 @@
 #include "fips.h"
@ -3204,9 +3198,9 @@ Index: openssh-7.9p1/sshd.c
 	kex->server_version_string=server_version_string;
 Index: openssh-7.9p1/sshd_config
 ===================================================================
--- openssh-7.9p1.orig/sshd_config
+--- openssh-7.9p1.orig/sshd_config	2019-02-27 15:43:51.172514604 +0100
-+++ openssh-7.9p1/sshd_config
+++ openssh-7.9p1/sshd_config	2019-02-27 15:43:51.436516173 +0100
-@@ -76,6 +76,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
+@@ -69,6 +69,8 @@ AuthorizedKeysFile	.ssh/authorized_keys
 # GSSAPI options
 #GSSAPIAuthentication no
 #GSSAPICleanupCredentials yes
@ -3217,8 +3211,8 @@ Index: openssh-7.9p1/sshd_config
 # and session processing. If this is enabled, PAM authentication will
 Index: openssh-7.9p1/sshd_config.5
 ===================================================================
--- openssh-7.9p1.orig/sshd_config.5
+--- openssh-7.9p1.orig/sshd_config.5	2019-02-27 15:43:51.300515365 +0100
-+++ openssh-7.9p1/sshd_config.5
+++ openssh-7.9p1/sshd_config.5	2019-02-27 15:43:51.436516173 +0100
@@ -655,6 +655,11 @@ Specifies whether to automatically destr
 on logout.
 The default is
@ -3243,7 +3237,7 @@ Index: openssh-7.9p1/sshd_config.5
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
 as a list of comma-separated patterns.
-@@ -1643,16 +1653,16 @@ as a non-root user.
+@@ -1627,16 +1637,16 @@ as a non-root user.
 The default is
 .Cm no .
 .It Cm UsePAMCheckLocks
@ -3265,8 +3259,8 @@ Index: openssh-7.9p1/sshd_config.5
 Optionally specifies additional text to append to the SSH protocol banner
 Index: openssh-7.9p1/sshkey.c
 ===================================================================
--- openssh-7.9p1.orig/sshkey.c
+--- openssh-7.9p1.orig/sshkey.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/sshkey.c
+++ openssh-7.9p1/sshkey.c	2019-02-27 15:43:55.360539487 +0100
@@ -135,6 +135,7 @@ static const struct keytype keytypes[] =
 #  endif /* OPENSSL_HAS_NISTP521 */
 # endif /* OPENSSL_HAS_ECC */
@ -3277,8 +3271,8 @@ Index: openssh-7.9p1/sshkey.c
 Index: openssh-7.9p1/sshkey.h
 ===================================================================
--- openssh-7.9p1.orig/sshkey.h
+--- openssh-7.9p1.orig/sshkey.h	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/sshkey.h
+++ openssh-7.9p1/sshkey.h	2019-02-27 15:43:55.360539487 +0100
@@ -64,6 +64,7 @@ enum sshkey_types {
 	KEY_ED25519_CERT,
 	KEY_XMSS,
@ -3289,8 +3283,8 @@ Index: openssh-7.9p1/sshkey.h
 Index: openssh-7.9p1/sshd_config.0
 ===================================================================
--- openssh-7.9p1.orig/sshd_config.0
+--- openssh-7.9p1.orig/sshd_config.0	2019-02-27 15:43:51.300515365 +0100
-+++ openssh-7.9p1/sshd_config.0
+++ openssh-7.9p1/sshd_config.0	2019-02-27 15:43:51.436516173 +0100
@@ -380,6 +380,12 @@ DESCRIPTION
              Specifies whether user authentication based on GSSAPI is allowed.
              The default is no.
--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,30 @@
 -------------------------------------------------------------------
 Thu Feb 28 19:20:58 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
 - Correctly filter out non-compliant algorithms when in FIPS mode
  (bsc#1126397)
  * A hunk was applied to a wrong place due to a patch fuzz when
    the fips patch was being ported to openssh 7.9p1
 - update openssh-7.7p1-fips.patch
 -------------------------------------------------------------------
 Wed Feb 27 12:29:05 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
 - Remove the "KexDHMin" config keyword (bsc#1127180)
  It used to allow lowering of the minimal allowed DH group size,
  which was increased to 2048 by upstream in the light of the Logjam
  attack.
  The code was broken since the upgrade to 7.6p1, but nobody noticed.
  As apparently no one needs the functionality any more, let's drop
  the patch.
  It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1
  key exchange method when working with legacy systems.
 - drop openssh-7.7p1-disable_short_DH_parameters.patch
 - updated patches:
  openssh-7.7p1-fips.patch
  openssh-7.7p1-fips_checks.patch
  openssh-7.7p1-gssapi_key_exchange.patch
 -------------------------------------------------------------------
 Mon Feb 18 10:01:45 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
--- a/openssh.spec
+++ b/openssh.spec
@ -65,7 +65,6 @@ Patch7:         openssh-7.7p1-hostname_changes_when_forwarding_X.patch
 Patch8:         openssh-7.7p1-remove_xauth_cookies_on_exit.patch
 Patch9:         openssh-7.7p1-pts_names_formatting.patch
 Patch10:        openssh-7.7p1-pam_check_locks.patch
 Patch11:        openssh-7.7p1-disable_short_DH_parameters.patch
 # https://bugzilla.mindrot.org/show_bug.cgi?id=2752
 Patch14:        openssh-7.7p1-seccomp_stat.patch
 # https://bugzilla.mindrot.org/show_bug.cgi?id=2752