From b21be4c6b44382c14dc425aec1e054687f39cbc5728105bf442ae47eb09137ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Mon, 22 Oct 2018 09:08:19 +0000 Subject: [PATCH] Accepting request 643660 from home:pmonrealgonzalez:branches:network - Version update to 7.9p1 * No actual changes for the askpass * See main package changelog for details - Version update to 7.9p1 * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms option (see below) bans the use of DSA keys as certificate authorities. * sshd(8): the authentication success/failure log message has changed format slightly. It now includes the certificate fingerprint (previously it included only key ID and CA key fingerprint). * ssh(1), sshd(8): allow most port numbers to be specified using service names from getservbyname(3) (typically /etc/services). * sshd(8): support signalling sessions via the SSH protocol. A limited subset of signals is supported and only for login or command sessions (i.e. not subsystems) that were not subject to a forced command via authorized_keys or sshd_config. bz#1424 * ssh(1): support "ssh -Q sig" to list supported signature options. Also "ssh -Q help" to show the full set of supported queries. * ssh(1), sshd(8): add a CASignatureAlgorithms option for the client and server configs to allow control over which signature formats are allowed for CAs to sign certificates. For example, this allows banning CAs that sign certificates using the RSA-SHA1 signature algorithm. * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to revoke keys specified by SHA256 hash. * ssh-keygen(1): allow creation of key revocation lists directly from base64-encoded SHA256 fingerprints. This supports revoking keys using only the information contained in sshd(8) OBS-URL: https://build.opensuse.org/request/show/643660 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=159 --- openssh-7.7p1-audit.patch | 266 +- ...sh-7.7p1-disable_short_DH_parameters.patch | 142 +- openssh-7.7p1-fips.patch | 182 +- openssh-7.7p1-gssapi_key_exchange.patch | 341 +- openssh-7.7p1-openssl_1.1.0.patch | 3102 ----------------- openssh-7.7p1-seccomp_ipc_flock.patch | 31 +- openssh-7.8p1.tar.gz | 3 - openssh-7.8p1.tar.gz.asc | 14 - openssh-7.9p1.tar.gz | 3 + openssh-7.9p1.tar.gz.asc | 14 + openssh-askpass-gnome.changes | 7 + openssh-askpass-gnome.spec | 2 +- openssh.changes | 44 + openssh.spec | 8 +- 14 files changed, 533 insertions(+), 3626 deletions(-) delete mode 100644 openssh-7.7p1-openssl_1.1.0.patch delete mode 100644 openssh-7.8p1.tar.gz delete mode 100644 openssh-7.8p1.tar.gz.asc create mode 100644 openssh-7.9p1.tar.gz create mode 100644 openssh-7.9p1.tar.gz.asc diff --git a/openssh-7.7p1-audit.patch b/openssh-7.7p1-audit.patch index 7acc3eb..3ae385a 100644 --- a/openssh-7.7p1-audit.patch +++ b/openssh-7.7p1-audit.patch @@ -3,10 +3,10 @@ Extended auditing through the Linux Auditing subsystem RH patch from git://pkgs.fedoraproject.org/openssh.git -Index: openssh-7.8p1/Makefile.in +Index: openssh-7.9p1/Makefile.in =================================================================== ---- openssh-7.8p1.orig/Makefile.in -+++ openssh-7.8p1/Makefile.in +--- openssh-7.9p1.orig/Makefile.in ++++ openssh-7.9p1/Makefile.in @@ -110,6 +110,8 @@ LIBSSH_OBJS += fips.o LIBSSH_OBJS += kexgssc.o kexgsss.o @@ -16,10 +16,10 @@ Index: openssh-7.8p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect2.o mux.o -Index: openssh-7.8p1/audit-bsm.c +Index: openssh-7.9p1/audit-bsm.c =================================================================== ---- openssh-7.8p1.orig/audit-bsm.c -+++ openssh-7.8p1/audit-bsm.c +--- openssh-7.9p1.orig/audit-bsm.c ++++ openssh-7.9p1/audit-bsm.c @@ -372,10 +372,23 @@ audit_connection_from(const char *host, #endif } @@ -93,10 +93,10 @@ Index: openssh-7.8p1/audit-bsm.c + /* not implemented */ +} #endif /* BSM */ -Index: openssh-7.8p1/audit-linux.c +Index: openssh-7.9p1/audit-linux.c =================================================================== ---- openssh-7.8p1.orig/audit-linux.c -+++ openssh-7.8p1/audit-linux.c +--- openssh-7.9p1.orig/audit-linux.c ++++ openssh-7.9p1/audit-linux.c @@ -33,27 +33,40 @@ #include "log.h" @@ -468,10 +468,10 @@ Index: openssh-7.8p1/audit-linux.c + error("cannot write into audit"); +} #endif /* USE_LINUX_AUDIT */ -Index: openssh-7.8p1/audit.c +Index: openssh-7.9p1/audit.c =================================================================== ---- openssh-7.8p1.orig/audit.c -+++ openssh-7.8p1/audit.c +--- openssh-7.9p1.orig/audit.c ++++ openssh-7.9p1/audit.c @@ -34,13 +34,19 @@ #include "log.h" #include "hostfile.h" @@ -648,10 +648,10 @@ Index: openssh-7.8p1/audit.c } # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ -Index: openssh-7.8p1/audit.h +Index: openssh-7.9p1/audit.h =================================================================== ---- openssh-7.8p1.orig/audit.h -+++ openssh-7.8p1/audit.h +--- openssh-7.9p1.orig/audit.h ++++ openssh-7.9p1/audit.h @@ -26,6 +26,7 @@ # define _SSH_AUDIT_H @@ -694,10 +694,10 @@ Index: openssh-7.8p1/audit.h +void audit_destroy_sensitive_data(const char *, pid_t, uid_t); #endif /* _SSH_AUDIT_H */ -Index: openssh-7.8p1/auditstub.c +Index: openssh-7.9p1/auditstub.c =================================================================== --- /dev/null -+++ openssh-7.8p1/auditstub.c ++++ openssh-7.9p1/auditstub.c @@ -0,0 +1,50 @@ +/* $Id: auditstub.c,v 1.1 jfch Exp $ */ + @@ -749,11 +749,11 @@ Index: openssh-7.8p1/auditstub.c +audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) +{ +} -Index: openssh-7.8p1/auth.c +Index: openssh-7.9p1/auth.c =================================================================== ---- openssh-7.8p1.orig/auth.c -+++ openssh-7.8p1/auth.c -@@ -362,7 +362,7 @@ auth_log(Authctxt *authctxt, int authent +--- openssh-7.9p1.orig/auth.c ++++ openssh-7.9p1/auth.c +@@ -366,7 +366,7 @@ auth_log(Authctxt *authctxt, int authent # endif #endif #ifdef SSH_AUDIT_EVENTS @@ -762,7 +762,7 @@ Index: openssh-7.8p1/auth.c audit_event(audit_classify_auth(method)); #endif } -@@ -601,9 +601,6 @@ getpwnamallow(const char *user) +@@ -605,9 +605,6 @@ getpwnamallow(const char *user) record_failed_login(user, auth_get_canonical_hostname(ssh, options.use_dns), "ssh"); #endif @@ -772,10 +772,10 @@ Index: openssh-7.8p1/auth.c return (NULL); } if (!allowed_user(pw)) -Index: openssh-7.8p1/auth.h +Index: openssh-7.9p1/auth.h =================================================================== ---- openssh-7.8p1.orig/auth.h -+++ openssh-7.8p1/auth.h +--- openssh-7.9p1.orig/auth.h ++++ openssh-7.9p1/auth.h @@ -193,6 +193,8 @@ struct passwd * getpwnamallow(const char char *expand_authorized_keys(const char *, struct passwd *pw); @@ -794,11 +794,11 @@ Index: openssh-7.8p1/auth.h /* Key / cert options linkage to auth layer */ const struct sshauthopt *auth_options(struct ssh *); -Index: openssh-7.8p1/auth2-hostbased.c +Index: openssh-7.9p1/auth2-hostbased.c =================================================================== ---- openssh-7.8p1.orig/auth2-hostbased.c -+++ openssh-7.8p1/auth2-hostbased.c -@@ -141,7 +141,7 @@ userauth_hostbased(struct ssh *ssh) +--- openssh-7.9p1.orig/auth2-hostbased.c ++++ openssh-7.9p1/auth2-hostbased.c +@@ -148,7 +148,7 @@ userauth_hostbased(struct ssh *ssh) /* test for allowed key and correct signature */ authenticated = 0; if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && @@ -807,7 +807,7 @@ Index: openssh-7.8p1/auth2-hostbased.c sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0) authenticated = 1; -@@ -158,6 +158,19 @@ done: +@@ -165,6 +165,19 @@ done: return authenticated; } @@ -827,11 +827,11 @@ Index: openssh-7.8p1/auth2-hostbased.c /* return 1 if given hostkey is allowed */ int hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, -Index: openssh-7.8p1/auth2-pubkey.c +Index: openssh-7.9p1/auth2-pubkey.c =================================================================== ---- openssh-7.8p1.orig/auth2-pubkey.c -+++ openssh-7.8p1/auth2-pubkey.c -@@ -187,7 +187,7 @@ userauth_pubkey(struct ssh *ssh) +--- openssh-7.9p1.orig/auth2-pubkey.c ++++ openssh-7.9p1/auth2-pubkey.c +@@ -193,7 +193,7 @@ userauth_pubkey(struct ssh *ssh) /* test for correct signature */ authenticated = 0; if (PRIVSEP(user_key_allowed(ssh, pw, key, 1, &authopts)) && @@ -840,7 +840,7 @@ Index: openssh-7.8p1/auth2-pubkey.c sshbuf_ptr(b), sshbuf_len(b), (ssh->compat & SSH_BUG_SIGTYPE) == 0 ? pkalg : NULL, ssh->compat)) == 0) { -@@ -246,6 +246,19 @@ done: +@@ -252,6 +252,19 @@ done: return authenticated; } @@ -860,7 +860,7 @@ Index: openssh-7.8p1/auth2-pubkey.c static int match_principals_option(const char *principal_list, struct sshkey_cert *cert) { -@@ -767,7 +780,7 @@ user_cert_trusted_ca(struct ssh *ssh, st +@@ -773,7 +786,7 @@ user_cert_trusted_ca(struct ssh *ssh, st found_principal = 1; /* If principals file or command is specified, then require a match */ use_authorized_principals = principals_file != NULL || @@ -869,10 +869,10 @@ Index: openssh-7.8p1/auth2-pubkey.c if (!found_principal && use_authorized_principals) { reason = "Certificate does not contain an authorized principal"; goto fail_reason; -Index: openssh-7.8p1/auth2.c +Index: openssh-7.9p1/auth2.c =================================================================== ---- openssh-7.8p1.orig/auth2.c -+++ openssh-7.8p1/auth2.c +--- openssh-7.9p1.orig/auth2.c ++++ openssh-7.9p1/auth2.c @@ -284,9 +284,6 @@ input_userauth_request(int type, u_int32 } else { /* Invalid user, fake password information */ @@ -883,10 +883,10 @@ Index: openssh-7.8p1/auth2.c } #ifdef USE_PAM if (options.use_pam) -Index: openssh-7.8p1/cipher.c +Index: openssh-7.9p1/cipher.c =================================================================== ---- openssh-7.8p1.orig/cipher.c -+++ openssh-7.8p1/cipher.c +--- openssh-7.9p1.orig/cipher.c ++++ openssh-7.9p1/cipher.c @@ -54,25 +54,6 @@ #include "fips.h" #include "log.h" @@ -922,10 +922,10 @@ Index: openssh-7.8p1/cipher.c return; if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx)); -Index: openssh-7.8p1/cipher.h +Index: openssh-7.9p1/cipher.h =================================================================== ---- openssh-7.8p1.orig/cipher.h -+++ openssh-7.8p1/cipher.h +--- openssh-7.9p1.orig/cipher.h ++++ openssh-7.9p1/cipher.h @@ -45,7 +45,25 @@ #define CIPHER_ENCRYPT 1 #define CIPHER_DECRYPT 0 @@ -953,10 +953,10 @@ Index: openssh-7.8p1/cipher.h struct sshcipher_ctx { int plaintext; int encrypt; -Index: openssh-7.8p1/kex.c +Index: openssh-7.9p1/kex.c =================================================================== ---- openssh-7.8p1.orig/kex.c -+++ openssh-7.8p1/kex.c +--- openssh-7.9p1.orig/kex.c ++++ openssh-7.9p1/kex.c @@ -53,6 +53,7 @@ #include "ssherr.h" #include "sshbuf.h" @@ -1053,10 +1053,10 @@ Index: openssh-7.8p1/kex.c + mac_destroy(&newkeys->mac); + memset(&newkeys->comp, 0, sizeof(newkeys->comp)); +} -Index: openssh-7.8p1/kex.h +Index: openssh-7.9p1/kex.h =================================================================== ---- openssh-7.8p1.orig/kex.h -+++ openssh-7.8p1/kex.h +--- openssh-7.9p1.orig/kex.h ++++ openssh-7.9p1/kex.h @@ -213,6 +213,8 @@ int kexgss_client(struct ssh *); int kexgss_server(struct ssh *); #endif @@ -1066,10 +1066,10 @@ Index: openssh-7.8p1/kex.h int kex_dh_hash(int, const char *, const char *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); -Index: openssh-7.8p1/mac.c +Index: openssh-7.9p1/mac.c =================================================================== ---- openssh-7.8p1.orig/mac.c -+++ openssh-7.8p1/mac.c +--- openssh-7.9p1.orig/mac.c ++++ openssh-7.9p1/mac.c @@ -280,6 +280,20 @@ mac_clear(struct sshmac *mac) mac->umac_ctx = NULL; } @@ -1091,10 +1091,10 @@ Index: openssh-7.8p1/mac.c /* XXX copied from ciphers_valid */ #define MAC_SEP "," int -Index: openssh-7.8p1/mac.h +Index: openssh-7.9p1/mac.h =================================================================== ---- openssh-7.8p1.orig/mac.h -+++ openssh-7.8p1/mac.h +--- openssh-7.9p1.orig/mac.h ++++ openssh-7.9p1/mac.h @@ -49,5 +49,6 @@ int mac_compute(struct sshmac *, u_int3 int mac_check(struct sshmac *, u_int32_t, const u_char *, size_t, const u_char *, size_t); @@ -1102,11 +1102,11 @@ Index: openssh-7.8p1/mac.h +void mac_destroy(struct sshmac *); #endif /* SSHMAC_H */ -Index: openssh-7.8p1/monitor.c +Index: openssh-7.9p1/monitor.c =================================================================== ---- openssh-7.8p1.orig/monitor.c -+++ openssh-7.8p1/monitor.c -@@ -91,6 +91,7 @@ +--- openssh-7.9p1.orig/monitor.c ++++ openssh-7.9p1/monitor.c +@@ -93,6 +93,7 @@ #include "compat.h" #include "ssh2.h" #include "authfd.h" @@ -1114,7 +1114,7 @@ Index: openssh-7.8p1/monitor.c #include "match.h" #include "ssherr.h" -@@ -105,6 +106,8 @@ extern u_char session_id[]; +@@ -107,6 +108,8 @@ extern u_char session_id[]; extern struct sshbuf *loginmsg; extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */ @@ -1123,7 +1123,7 @@ Index: openssh-7.8p1/monitor.c /* State exported from the child */ static struct sshbuf *child_state; -@@ -150,6 +153,11 @@ int mm_answer_gss_updatecreds(int, struc +@@ -152,6 +155,11 @@ int mm_answer_gss_updatecreds(int, struc #ifdef SSH_AUDIT_EVENTS int mm_answer_audit_event(int, struct sshbuf *); int mm_answer_audit_command(int, struct sshbuf *); @@ -1135,7 +1135,7 @@ Index: openssh-7.8p1/monitor.c #endif static int monitor_read_log(struct monitor *); -@@ -203,6 +211,11 @@ struct mon_table mon_dispatch_proto20[] +@@ -205,6 +213,11 @@ struct mon_table mon_dispatch_proto20[] #endif #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, @@ -1147,7 +1147,7 @@ Index: openssh-7.8p1/monitor.c #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, -@@ -231,6 +244,11 @@ struct mon_table mon_dispatch_postauth20 +@@ -233,6 +246,11 @@ struct mon_table mon_dispatch_postauth20 #ifdef SSH_AUDIT_EVENTS {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, @@ -1159,7 +1159,7 @@ Index: openssh-7.8p1/monitor.c #endif #ifdef GSSAPI {MONITOR_REQ_GSSSETUP, 0, mm_answer_gss_setup_ctx}, -@@ -1375,6 +1393,7 @@ mm_answer_keyverify(int sock, struct ssh +@@ -1379,6 +1397,7 @@ mm_answer_keyverify(int sock, struct ssh char *sigalg; size_t signaturelen, datalen, bloblen; int r, ret, valid_data = 0, encoded_ret; @@ -1167,7 +1167,7 @@ Index: openssh-7.8p1/monitor.c if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 || (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 || -@@ -1385,6 +1404,8 @@ mm_answer_keyverify(int sock, struct ssh +@@ -1389,6 +1408,8 @@ mm_answer_keyverify(int sock, struct ssh if (hostbased_cuser == NULL || hostbased_chost == NULL || !monitor_allowed_key(blob, bloblen)) fatal("%s: bad key, not previously allowed", __func__); @@ -1176,7 +1176,7 @@ Index: openssh-7.8p1/monitor.c /* Empty signature algorithm means NULL. */ if (*sigalg == '\0') { -@@ -1399,22 +1420,25 @@ mm_answer_keyverify(int sock, struct ssh +@@ -1403,22 +1424,25 @@ mm_answer_keyverify(int sock, struct ssh switch (key_blobtype) { case MM_USERKEY: valid_data = monitor_valid_userblob(data, datalen); @@ -1204,7 +1204,7 @@ Index: openssh-7.8p1/monitor.c debug3("%s: %s %p signature %s", __func__, auth_method, key, (ret == 0) ? "verified" : "unverified"); auth2_record_key(authctxt, ret == 0, key); -@@ -1474,6 +1498,12 @@ mm_session_close(Session *s) +@@ -1478,6 +1502,12 @@ mm_session_close(Session *s) debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); session_pty_cleanup2(s); } @@ -1217,7 +1217,7 @@ Index: openssh-7.8p1/monitor.c session_unused(s->self); } -@@ -1582,6 +1612,8 @@ mm_answer_term(int sock, struct sshbuf * +@@ -1586,6 +1616,8 @@ mm_answer_term(int sock, struct sshbuf * sshpam_cleanup(); #endif @@ -1226,7 +1226,7 @@ Index: openssh-7.8p1/monitor.c while (waitpid(pmonitor->m_pid, &status, 0) == -1) if (errno != EINTR) exit(1); -@@ -1628,14 +1660,50 @@ mm_answer_audit_command(int socket, stru +@@ -1632,14 +1664,50 @@ mm_answer_audit_command(int socket, stru { char *cmd; int r; @@ -1280,7 +1280,7 @@ Index: openssh-7.8p1/monitor.c } #endif /* SSH_AUDIT_EVENTS */ -@@ -1697,6 +1765,7 @@ monitor_apply_keystate(struct monitor *p +@@ -1701,6 +1769,7 @@ monitor_apply_keystate(struct monitor *p void mm_get_keystate(struct monitor *pmonitor) { @@ -1288,7 +1288,7 @@ Index: openssh-7.8p1/monitor.c debug3("%s: Waiting for new keys", __func__); if ((child_state = sshbuf_new()) == NULL) -@@ -1704,6 +1773,19 @@ mm_get_keystate(struct monitor *pmonitor +@@ -1708,6 +1777,19 @@ mm_get_keystate(struct monitor *pmonitor mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, child_state); debug3("%s: GOT new keys", __func__); @@ -1308,7 +1308,7 @@ Index: openssh-7.8p1/monitor.c } -@@ -1902,19 +1984,19 @@ mm_answer_gss_sign(int socket, struct ss +@@ -1906,19 +1988,19 @@ mm_answer_gss_sign(int socket, struct ss int r; if (!options.gss_authentication && !options.gss_keyex) @@ -1334,7 +1334,7 @@ Index: openssh-7.8p1/monitor.c } major = ssh_gssapi_sign(gsscontext, &data, &hash); -@@ -1962,3 +2044,102 @@ mm_answer_gss_updatecreds(int socket, st +@@ -1966,3 +2048,102 @@ mm_answer_gss_updatecreds(int socket, st } #endif /* GSSAPI */ @@ -1437,10 +1437,10 @@ Index: openssh-7.8p1/monitor.c + return 0; +} +#endif /* SSH_AUDIT_EVENTS */ -Index: openssh-7.8p1/monitor.h +Index: openssh-7.9p1/monitor.h =================================================================== ---- openssh-7.8p1.orig/monitor.h -+++ openssh-7.8p1/monitor.h +--- openssh-7.9p1.orig/monitor.h ++++ openssh-7.9p1/monitor.h @@ -61,7 +61,13 @@ enum monitor_reqtype { MONITOR_REQ_PAM_QUERY = 106, MONITOR_ANS_PAM_QUERY = 107, MONITOR_REQ_PAM_RESPOND = 108, MONITOR_ANS_PAM_RESPOND = 109, @@ -1456,10 +1456,10 @@ Index: openssh-7.8p1/monitor.h MONITOR_REQ_GSSSIGN = 201, MONITOR_ANS_GSSSIGN = 202, MONITOR_REQ_GSSUPCREDS = 203, MONITOR_ANS_GSSUPCREDS = 204, -Index: openssh-7.8p1/monitor_wrap.c +Index: openssh-7.9p1/monitor_wrap.c =================================================================== ---- openssh-7.8p1.orig/monitor_wrap.c -+++ openssh-7.8p1/monitor_wrap.c +--- openssh-7.9p1.orig/monitor_wrap.c ++++ openssh-7.9p1/monitor_wrap.c @@ -497,7 +497,7 @@ mm_key_allowed(enum mm_keytype type, con */ @@ -1637,10 +1637,10 @@ Index: openssh-7.8p1/monitor_wrap.c + sshbuf_free(m); +} +#endif /* SSH_AUDIT_EVENTS */ -Index: openssh-7.8p1/monitor_wrap.h +Index: openssh-7.9p1/monitor_wrap.h =================================================================== ---- openssh-7.8p1.orig/monitor_wrap.h -+++ openssh-7.8p1/monitor_wrap.h +--- openssh-7.9p1.orig/monitor_wrap.h ++++ openssh-7.9p1/monitor_wrap.h @@ -53,7 +53,9 @@ int mm_user_key_allowed(struct ssh *, st struct sshauthopt **); int mm_hostbased_key_allowed(struct passwd *, const char *, @@ -1666,10 +1666,10 @@ Index: openssh-7.8p1/monitor_wrap.h #endif struct Session; -Index: openssh-7.8p1/packet.c +Index: openssh-7.9p1/packet.c =================================================================== ---- openssh-7.8p1.orig/packet.c -+++ openssh-7.8p1/packet.c +--- openssh-7.9p1.orig/packet.c ++++ openssh-7.9p1/packet.c @@ -76,6 +76,7 @@ #include @@ -1829,20 +1829,20 @@ Index: openssh-7.8p1/packet.c /* Reset after_authentication and reset compression in post-auth privsep */ static int ssh_packet_set_postauth(struct ssh *ssh) -Index: openssh-7.8p1/packet.h +Index: openssh-7.9p1/packet.h =================================================================== ---- openssh-7.8p1.orig/packet.h -+++ openssh-7.8p1/packet.h +--- openssh-7.9p1.orig/packet.h ++++ openssh-7.9p1/packet.h @@ -219,4 +219,5 @@ extern struct ssh *active_state; # undef EC_POINT #endif +void packet_destroy_all(int, int); #endif /* PACKET_H */ -Index: openssh-7.8p1/session.c +Index: openssh-7.9p1/session.c =================================================================== ---- openssh-7.8p1.orig/session.c -+++ openssh-7.8p1/session.c +--- openssh-7.9p1.orig/session.c ++++ openssh-7.9p1/session.c @@ -139,7 +139,7 @@ extern char *__progname; extern int debug_flag; extern u_int utmp_len; @@ -1867,7 +1867,7 @@ Index: openssh-7.8p1/session.c /* Enter interactive session. */ s->ptymaster = ptymaster; packet_set_interactive(1, -@@ -739,15 +747,19 @@ do_exec(struct ssh *ssh, Session *s, con +@@ -741,15 +749,19 @@ do_exec(struct ssh *ssh, Session *s, con s->self); #ifdef SSH_AUDIT_EVENTS @@ -1889,7 +1889,7 @@ Index: openssh-7.8p1/session.c #endif if (s->ttyfd != -1) ret = do_exec_pty(ssh, s, command); -@@ -1551,8 +1563,11 @@ do_child(struct ssh *ssh, Session *s, co +@@ -1553,8 +1565,11 @@ do_child(struct ssh *ssh, Session *s, co int r = 0; /* remove hostkey from the child's memory */ @@ -1902,7 +1902,7 @@ Index: openssh-7.8p1/session.c /* Force a password change */ if (s->authctxt->force_pwchange) { -@@ -1759,6 +1774,9 @@ session_unused(int id) +@@ -1761,6 +1776,9 @@ session_unused(int id) sessions[id].ttyfd = -1; sessions[id].ptymaster = -1; sessions[id].x11_chanids = NULL; @@ -1912,7 +1912,7 @@ Index: openssh-7.8p1/session.c sessions[id].next_unused = sessions_first_unused; sessions_first_unused = id; } -@@ -1841,6 +1859,19 @@ session_open(Authctxt *authctxt, int cha +@@ -1843,6 +1861,19 @@ session_open(Authctxt *authctxt, int cha } Session * @@ -1932,7 +1932,7 @@ Index: openssh-7.8p1/session.c session_by_tty(char *tty) { int i; -@@ -2352,6 +2383,32 @@ session_exit_message(struct ssh *ssh, Se +@@ -2428,6 +2459,32 @@ session_exit_message(struct ssh *ssh, Se chan_write_failed(ssh, c); } @@ -1965,7 +1965,7 @@ Index: openssh-7.8p1/session.c void session_close(struct ssh *ssh, Session *s) { -@@ -2393,6 +2450,10 @@ session_close(struct ssh *ssh, Session * +@@ -2469,6 +2526,10 @@ session_close(struct ssh *ssh, Session * if (s->ttyfd != -1) session_pty_cleanup(s); @@ -1976,7 +1976,7 @@ Index: openssh-7.8p1/session.c free(s->term); free(s->display); free(s->x11_chanids); -@@ -2600,6 +2661,15 @@ do_authenticated2(struct ssh *ssh, Authc +@@ -2677,6 +2738,15 @@ do_authenticated2(struct ssh *ssh, Authc server_loop2(ssh, authctxt); } @@ -1992,7 +1992,7 @@ Index: openssh-7.8p1/session.c void do_cleanup(struct ssh *ssh, Authctxt *authctxt) { -@@ -2657,7 +2727,7 @@ do_cleanup(struct ssh *ssh, Authctxt *au +@@ -2734,7 +2804,7 @@ do_cleanup(struct ssh *ssh, Authctxt *au * or if running in monitor. */ if (!use_privsep || mm_is_monitor()) @@ -2001,11 +2001,11 @@ Index: openssh-7.8p1/session.c } /* Return a name for the remote host that fits inside utmp_size */ -Index: openssh-7.8p1/session.h +Index: openssh-7.9p1/session.h =================================================================== ---- openssh-7.8p1.orig/session.h -+++ openssh-7.8p1/session.h -@@ -60,6 +60,12 @@ struct Session { +--- openssh-7.9p1.orig/session.h ++++ openssh-7.9p1/session.h +@@ -61,6 +61,12 @@ struct Session { char *name; char *val; } *env; @@ -2018,7 +2018,7 @@ Index: openssh-7.8p1/session.h }; void do_authenticated(struct ssh *, Authctxt *); -@@ -72,8 +78,10 @@ void session_close_by_pid(struct ssh *s +@@ -73,8 +79,10 @@ void session_close_by_pid(struct ssh *s void session_close_by_channel(struct ssh *, int, void *); void session_destroy_all(struct ssh *, void (*)(Session *)); void session_pty_cleanup2(Session *); @@ -2029,10 +2029,10 @@ Index: openssh-7.8p1/session.h Session *session_by_tty(char *); void session_close(struct ssh *, Session *); void do_setusercontext(struct passwd *); -Index: openssh-7.8p1/sshd.c +Index: openssh-7.9p1/sshd.c =================================================================== ---- openssh-7.8p1.orig/sshd.c -+++ openssh-7.8p1/sshd.c +--- openssh-7.9p1.orig/sshd.c ++++ openssh-7.9p1/sshd.c @@ -124,6 +124,7 @@ #include "ssh-gss.h" #endif @@ -2117,30 +2117,28 @@ Index: openssh-7.8p1/sshd.c sshkey_free(sensitive_data.host_certificates[i]); sensitive_data.host_certificates[i] = NULL; } -@@ -513,9 +551,22 @@ demote_sensitive_data(void) +@@ -513,8 +551,21 @@ demote_sensitive_data(void) struct sshkey *tmp; u_int i; int r; +#ifdef SSH_AUDIT_EVENTS -+ pid_t pid; -+ uid_t uid; - -- for (i = 0; i < options.num_host_key_files; i++) { -+ pid = getpid(); -+ uid = getuid(); ++ pid_t pid; ++ uid_t uid; ++ ++ pid = getpid(); ++ uid = getuid(); +#endif + + for (i = 0; i < options.num_host_key_files; i++) { ++ char *fp; + -+ for (i = 0; i < options.num_host_key_files; i++) { ++ if (sshkey_is_private(sensitive_data.host_keys[i])) ++ fp = sshkey_fingerprint(sensitive_data.host_keys[i], options.fingerprint_hash, SSH_FP_HEX); ++ else ++ fp = NULL; if (sensitive_data.host_keys[i]) { -+ char *fp; -+ -+ if (sshkey_is_private(sensitive_data.host_keys[i])) -+ fp = sshkey_fingerprint(sensitive_data.host_keys[i], options.fingerprint_hash, SSH_FP_HEX); -+ else -+ fp = NULL; - if ((r = sshkey_demote(sensitive_data.host_keys[i], - &tmp)) != 0) - fatal("could not demote host %s key: %s", + if ((r = sshkey_from_private( + sensitive_data.host_keys[i], &tmp)) != 0) @@ -523,6 +574,12 @@ demote_sensitive_data(void) ssh_err(r)); sshkey_free(sensitive_data.host_keys[i]); @@ -2213,11 +2211,11 @@ Index: openssh-7.8p1/sshd.c audit_event(SSH_CONNECTION_ABANDON); #endif _exit(i); -Index: openssh-7.8p1/sshkey.c +Index: openssh-7.9p1/sshkey.c =================================================================== ---- openssh-7.8p1.orig/sshkey.c -+++ openssh-7.8p1/sshkey.c -@@ -326,6 +326,32 @@ sshkey_type_is_valid_ca(int type) +--- openssh-7.9p1.orig/sshkey.c ++++ openssh-7.9p1/sshkey.c +@@ -331,6 +331,32 @@ sshkey_type_is_valid_ca(int type) } int @@ -2250,11 +2248,11 @@ Index: openssh-7.8p1/sshkey.c sshkey_is_cert(const struct sshkey *k) { if (k == NULL) -Index: openssh-7.8p1/sshkey.h +Index: openssh-7.9p1/sshkey.h =================================================================== ---- openssh-7.8p1.orig/sshkey.h -+++ openssh-7.8p1/sshkey.h -@@ -148,6 +148,7 @@ u_int sshkey_size(const struct sshkey +--- openssh-7.9p1.orig/sshkey.h ++++ openssh-7.9p1/sshkey.h +@@ -147,6 +147,7 @@ u_int sshkey_size(const struct sshkey int sshkey_generate(int type, u_int bits, struct sshkey **keyp); int sshkey_from_private(const struct sshkey *, struct sshkey **); int sshkey_type_from_name(const char *); diff --git a/openssh-7.7p1-disable_short_DH_parameters.patch b/openssh-7.7p1-disable_short_DH_parameters.patch index 8347915..d64a17c 100644 --- a/openssh-7.7p1-disable_short_DH_parameters.patch +++ b/openssh-7.7p1-disable_short_DH_parameters.patch @@ -12,23 +12,23 @@ compliant) parameters. CVE-2015-4000 (LOGJAM) bsc#932483 -Index: openssh-7.8p1/dh.c +Index: openssh-7.9p1/dh.c =================================================================== ---- openssh-7.8p1.orig/dh.c -+++ openssh-7.8p1/dh.c -@@ -43,6 +43,8 @@ - #include "misc.h" - #include "ssherr.h" +--- openssh-7.9p1.orig/dh.c ++++ openssh-7.9p1/dh.c +@@ -45,6 +45,8 @@ + + #include "openbsd-compat/openssl-compat.h" +int dh_grp_min = DH_GRP_MIN; + static int parse_prime(int linenum, char *line, struct dhgroup *dhg) { -Index: openssh-7.8p1/dh.h +Index: openssh-7.9p1/dh.h =================================================================== ---- openssh-7.8p1.orig/dh.h -+++ openssh-7.8p1/dh.h +--- openssh-7.9p1.orig/dh.h ++++ openssh-7.9p1/dh.h @@ -50,6 +50,7 @@ u_int dh_estimate(int); * Max value from RFC4419. * Miniumum increased in light of DH precomputation attacks. @@ -37,11 +37,11 @@ Index: openssh-7.8p1/dh.h #define DH_GRP_MIN 2048 #define DH_GRP_MAX 8192 -Index: openssh-7.8p1/kexgexc.c +Index: openssh-7.9p1/kexgexc.c =================================================================== ---- openssh-7.8p1.orig/kexgexc.c -+++ openssh-7.8p1/kexgexc.c -@@ -51,6 +51,9 @@ +--- openssh-7.9p1.orig/kexgexc.c ++++ openssh-7.9p1/kexgexc.c +@@ -53,6 +53,9 @@ #include "sshbuf.h" #include "misc.h" @@ -51,7 +51,7 @@ Index: openssh-7.8p1/kexgexc.c static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *); static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *); -@@ -63,7 +66,7 @@ kexgex_client(struct ssh *ssh) +@@ -65,7 +68,7 @@ kexgex_client(struct ssh *ssh) nbits = dh_estimate(kex->dh_need * 8); @@ -60,7 +60,7 @@ Index: openssh-7.8p1/kexgexc.c kex->max = DH_GRP_MAX; kex->nbits = nbits; if (datafellows & SSH_BUG_DHGEX_LARGE) -@@ -108,6 +111,12 @@ input_kex_dh_gex_group(int type, u_int32 +@@ -111,6 +114,12 @@ input_kex_dh_gex_group(int type, u_int32 goto out; if ((bits = BN_num_bits(p)) < 0 || (u_int)bits < kex->min || (u_int)bits > kex->max) { @@ -73,11 +73,11 @@ Index: openssh-7.8p1/kexgexc.c r = SSH_ERR_DH_GEX_OUT_OF_RANGE; goto out; } -Index: openssh-7.8p1/kexgexs.c +Index: openssh-7.9p1/kexgexs.c =================================================================== ---- openssh-7.8p1.orig/kexgexs.c -+++ openssh-7.8p1/kexgexs.c -@@ -54,6 +54,9 @@ +--- openssh-7.9p1.orig/kexgexs.c ++++ openssh-7.9p1/kexgexs.c +@@ -56,6 +56,9 @@ #include "sshbuf.h" #include "misc.h" @@ -87,7 +87,7 @@ Index: openssh-7.8p1/kexgexs.c static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *); static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *); -@@ -82,13 +85,19 @@ input_kex_dh_gex_request(int type, u_int +@@ -85,13 +88,19 @@ input_kex_dh_gex_request(int type, u_int kex->nbits = nbits; kex->min = min; kex->max = max; @@ -109,10 +109,10 @@ Index: openssh-7.8p1/kexgexs.c r = SSH_ERR_DH_GEX_OUT_OF_RANGE; goto out; } -Index: openssh-7.8p1/readconf.c +Index: openssh-7.9p1/readconf.c =================================================================== ---- openssh-7.8p1.orig/readconf.c -+++ openssh-7.8p1/readconf.c +--- openssh-7.9p1.orig/readconf.c ++++ openssh-7.9p1/readconf.c @@ -67,6 +67,7 @@ #include "uidswap.h" #include "myproposal.h" @@ -130,7 +130,7 @@ Index: openssh-7.8p1/readconf.c oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys, -@@ -291,6 +292,7 @@ static struct { +@@ -292,6 +293,7 @@ static struct { { "remotecommand", oRemoteCommand }, { "visualhostkey", oVisualHostKey }, { "kexalgorithms", oKexAlgorithms }, @@ -138,7 +138,7 @@ Index: openssh-7.8p1/readconf.c { "ipqos", oIPQoS }, { "requesttty", oRequestTTY }, { "proxyusefdpass", oProxyUseFdpass }, -@@ -312,6 +314,9 @@ static struct { +@@ -313,6 +315,9 @@ static struct { { NULL, oBadOption } }; @@ -148,7 +148,7 @@ Index: openssh-7.8p1/readconf.c /* * Adds a local TCP/IP port forward to options. Never returns if there is an * error. -@@ -1206,6 +1211,10 @@ parse_int: +@@ -1216,6 +1221,10 @@ parse_int: options->kex_algorithms = xstrdup(arg); break; @@ -159,15 +159,15 @@ Index: openssh-7.8p1/readconf.c case oHostKeyAlgorithms: charptr = &options->hostkeyalgorithms; parse_keytypes: -@@ -1835,6 +1844,7 @@ initialize_options(Options * options) +@@ -1860,6 +1869,7 @@ initialize_options(Options * options) options->ciphers = NULL; options->macs = NULL; options->kex_algorithms = NULL; + options->kex_dhmin = -1; options->hostkeyalgorithms = NULL; + options->ca_sign_algorithms = NULL; options->num_identity_files = 0; - options->num_certificate_files = 0; -@@ -1988,6 +1998,13 @@ fill_default_options(Options * options) +@@ -2014,6 +2024,13 @@ fill_default_options(Options * options) options->connection_attempts = 1; if (options->number_of_password_prompts == -1) options->number_of_password_prompts = 3; @@ -181,22 +181,22 @@ Index: openssh-7.8p1/readconf.c /* options->hostkeyalgorithms, default set in myproposals.h */ if (options->add_keys_to_agent == -1) options->add_keys_to_agent = 0; -Index: openssh-7.8p1/readconf.h +Index: openssh-7.9p1/readconf.h =================================================================== ---- openssh-7.8p1.orig/readconf.h -+++ openssh-7.8p1/readconf.h -@@ -67,6 +67,7 @@ typedef struct { - char *macs; /* SSH2 macs in order of preference. */ +--- openssh-7.9p1.orig/readconf.h ++++ openssh-7.9p1/readconf.h +@@ -68,6 +68,7 @@ typedef struct { char *hostkeyalgorithms; /* SSH2 server key types in order of preference. */ char *kex_algorithms; /* SSH2 kex methods in order of preference. */ -+ int kex_dhmin; /* minimum bit length of the DH group parameter */ + char *ca_sign_algorithms; /* Allowed CA signature algorithms */ ++ int kex_dhmin; /* minimum bit length of the DH group parameter */ char *hostname; /* Real host to connect. */ char *host_key_alias; /* hostname alias for .ssh/known_hosts */ char *proxy_command; /* Proxy command for connecting the host. */ -Index: openssh-7.8p1/servconf.c +Index: openssh-7.9p1/servconf.c =================================================================== ---- openssh-7.8p1.orig/servconf.c -+++ openssh-7.8p1/servconf.c +--- openssh-7.9p1.orig/servconf.c ++++ openssh-7.9p1/servconf.c @@ -64,6 +64,10 @@ #include "auth.h" #include "myproposal.h" @@ -213,10 +213,10 @@ Index: openssh-7.8p1/servconf.c options->macs = NULL; options->kex_algorithms = NULL; + options->kex_dhmin = -1; + options->ca_sign_algorithms = NULL; options->fwd_opts.gateway_ports = -1; options->fwd_opts.streamlocal_bind_mask = (mode_t)-1; - options->fwd_opts.streamlocal_bind_unlink = -1; -@@ -263,6 +268,14 @@ fill_default_server_options(ServerOption +@@ -267,6 +272,14 @@ fill_default_server_options(ServerOption if (options->use_pam_check_locks == -1) options->use_pam_check_locks = 0; @@ -231,16 +231,16 @@ Index: openssh-7.8p1/servconf.c /* Standard Options */ if (options->num_host_key_files == 0) { /* fill default hostkeys for protocols */ -@@ -490,7 +503,7 @@ typedef enum { +@@ -494,7 +507,7 @@ typedef enum { sHostCertificate, sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, -- sKexAlgorithms, sIPQoS, sVersionAddendum, -+ sKexAlgorithms, sKexDHMin, sIPQoS, sVersionAddendum, +- sKexAlgorithms, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, ++ sKexAlgorithms, sKexDHMin, sCASignatureAlgorithms, sIPQoS, sVersionAddendum, sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, sAuthenticationMethods, sHostKeyAgent, sPermitUserRC, sStreamLocalBindMask, sStreamLocalBindUnlink, -@@ -631,6 +644,7 @@ static struct { +@@ -635,6 +648,7 @@ static struct { { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, @@ -248,7 +248,7 @@ Index: openssh-7.8p1/servconf.c { "ipqos", sIPQoS, SSHCFG_ALL }, { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, -@@ -1726,6 +1740,10 @@ process_server_config_line(ServerOptions +@@ -1735,6 +1749,10 @@ process_server_config_line(ServerOptions options->kex_algorithms = xstrdup(arg); break; @@ -259,7 +259,7 @@ Index: openssh-7.8p1/servconf.c case sSubsystem: if (options->num_subsystems >= MAX_SUBSYSTEMS) { fatal("%s line %d: too many subsystems defined.", -@@ -2540,6 +2558,7 @@ dump_config(ServerOptions *o) +@@ -2549,6 +2567,7 @@ dump_config(ServerOptions *o) dump_cfg_int(sClientAliveInterval, o->client_alive_interval); dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); dump_cfg_oct(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); @@ -267,10 +267,10 @@ Index: openssh-7.8p1/servconf.c /* formatted integer arguments */ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); -Index: openssh-7.8p1/servconf.h +Index: openssh-7.9p1/servconf.h =================================================================== ---- openssh-7.8p1.orig/servconf.h -+++ openssh-7.8p1/servconf.h +--- openssh-7.9p1.orig/servconf.h ++++ openssh-7.9p1/servconf.h @@ -103,6 +103,7 @@ typedef struct { char *ciphers; /* Supported SSH2 ciphers. */ char *macs; /* Supported SSH2 macs. */ @@ -279,10 +279,10 @@ Index: openssh-7.8p1/servconf.h struct ForwardOptions fwd_opts; /* forwarding options */ SyslogFacility log_facility; /* Facility for system logging. */ LogLevel log_level; /* Level for system logging. */ -Index: openssh-7.8p1/ssh_config +Index: openssh-7.9p1/ssh_config =================================================================== ---- openssh-7.8p1.orig/ssh_config -+++ openssh-7.8p1/ssh_config +--- openssh-7.9p1.orig/ssh_config ++++ openssh-7.9p1/ssh_config @@ -17,6 +17,11 @@ # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. @@ -295,11 +295,11 @@ Index: openssh-7.8p1/ssh_config Host * # ForwardAgent no # ForwardX11 no -Index: openssh-7.8p1/ssh_config.0 +Index: openssh-7.9p1/ssh_config.0 =================================================================== ---- openssh-7.8p1.orig/ssh_config.0 -+++ openssh-7.8p1/ssh_config.0 -@@ -595,6 +595,23 @@ DESCRIPTION +--- openssh-7.9p1.orig/ssh_config.0 ++++ openssh-7.9p1/ssh_config.0 +@@ -610,6 +610,23 @@ DESCRIPTION The list of available key exchange algorithms may also be obtained using "ssh -Q kex". @@ -323,11 +323,11 @@ Index: openssh-7.8p1/ssh_config.0 LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. The command string -Index: openssh-7.8p1/ssh_config.5 +Index: openssh-7.9p1/ssh_config.5 =================================================================== ---- openssh-7.8p1.orig/ssh_config.5 -+++ openssh-7.8p1/ssh_config.5 -@@ -1025,6 +1025,22 @@ diffie-hellman-group14-sha1 +--- openssh-7.9p1.orig/ssh_config.5 ++++ openssh-7.9p1/ssh_config.5 +@@ -1047,6 +1047,22 @@ diffie-hellman-group14-sha1 .Pp The list of available key exchange algorithms may also be obtained using .Qq ssh -Q kex . @@ -350,10 +350,10 @@ Index: openssh-7.8p1/ssh_config.5 .It Cm LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. -Index: openssh-7.8p1/sshd_config +Index: openssh-7.9p1/sshd_config =================================================================== ---- openssh-7.8p1.orig/sshd_config -+++ openssh-7.8p1/sshd_config +--- openssh-7.9p1.orig/sshd_config ++++ openssh-7.9p1/sshd_config @@ -19,6 +19,13 @@ #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key @@ -368,11 +368,11 @@ Index: openssh-7.8p1/sshd_config # Ciphers and keying #RekeyLimit default none -Index: openssh-7.8p1/sshd_config.0 +Index: openssh-7.9p1/sshd_config.0 =================================================================== ---- openssh-7.8p1.orig/sshd_config.0 -+++ openssh-7.8p1/sshd_config.0 -@@ -545,6 +545,23 @@ DESCRIPTION +--- openssh-7.9p1.orig/sshd_config.0 ++++ openssh-7.9p1/sshd_config.0 +@@ -555,6 +555,23 @@ DESCRIPTION The list of available key exchange algorithms may also be obtained using "ssh -Q kex". @@ -396,11 +396,11 @@ Index: openssh-7.8p1/sshd_config.0 ListenAddress Specifies the local addresses sshd(8) should listen on. The following forms may be used: -Index: openssh-7.8p1/sshd_config.5 +Index: openssh-7.9p1/sshd_config.5 =================================================================== ---- openssh-7.8p1.orig/sshd_config.5 -+++ openssh-7.8p1/sshd_config.5 -@@ -912,6 +912,22 @@ diffie-hellman-group14-sha256,diffie-hel +--- openssh-7.9p1.orig/sshd_config.5 ++++ openssh-7.9p1/sshd_config.5 +@@ -923,6 +923,22 @@ diffie-hellman-group14-sha256,diffie-hel .Pp The list of available key exchange algorithms may also be obtained using .Qq ssh -Q kex . diff --git a/openssh-7.7p1-fips.patch b/openssh-7.7p1-fips.patch index 9de361f..538aadd 100644 --- a/openssh-7.7p1-fips.patch +++ b/openssh-7.7p1-fips.patch @@ -3,10 +3,10 @@ FIPS 140-2 compliance. Perform selftests on start and use only FIPS approved algorithms. -Index: openssh-7.8p1/Makefile.in +Index: openssh-7.9p1/Makefile.in =================================================================== ---- openssh-7.8p1.orig/Makefile.in -+++ openssh-7.8p1/Makefile.in +--- openssh-7.9p1.orig/Makefile.in ++++ openssh-7.9p1/Makefile.in @@ -102,6 +102,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ platform-pledge.o platform-tracing.o platform-misc.o @@ -16,10 +16,10 @@ Index: openssh-7.8p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect2.o mux.o -Index: openssh-7.8p1/cipher-ctr.c +Index: openssh-7.9p1/cipher-ctr.c =================================================================== ---- openssh-7.8p1.orig/cipher-ctr.c -+++ openssh-7.8p1/cipher-ctr.c +--- openssh-7.9p1.orig/cipher-ctr.c ++++ openssh-7.9p1/cipher-ctr.c @@ -27,6 +27,8 @@ #include "xmalloc.h" #include "log.h" @@ -38,10 +38,10 @@ Index: openssh-7.8p1/cipher-ctr.c #endif return (&aes_ctr); } -Index: openssh-7.8p1/cipher.c +Index: openssh-7.9p1/cipher.c =================================================================== ---- openssh-7.8p1.orig/cipher.c -+++ openssh-7.8p1/cipher.c +--- openssh-7.9p1.orig/cipher.c ++++ openssh-7.9p1/cipher.c @@ -51,6 +51,8 @@ #include "openbsd-compat/openssl-compat.h" @@ -131,10 +131,10 @@ Index: openssh-7.8p1/cipher.c if (strcmp(c->name, name) == 0) return c; return NULL; -Index: openssh-7.8p1/dh.h +Index: openssh-7.9p1/dh.h =================================================================== ---- openssh-7.8p1.orig/dh.h -+++ openssh-7.8p1/dh.h +--- openssh-7.9p1.orig/dh.h ++++ openssh-7.9p1/dh.h @@ -52,6 +52,7 @@ u_int dh_estimate(int); */ #define DH_GRP_MIN_RFC 1024 @@ -143,10 +143,10 @@ Index: openssh-7.8p1/dh.h #define DH_GRP_MAX 8192 /* -Index: openssh-7.8p1/fips.c +Index: openssh-7.9p1/fips.c =================================================================== --- /dev/null -+++ openssh-7.8p1/fips.c ++++ openssh-7.9p1/fips.c @@ -0,0 +1,237 @@ +/* + * Copyright (c) 2012 Petr Cerny. All rights reserved. @@ -385,10 +385,10 @@ Index: openssh-7.8p1/fips.c + return dh; +} + -Index: openssh-7.8p1/fips.h +Index: openssh-7.9p1/fips.h =================================================================== --- /dev/null -+++ openssh-7.8p1/fips.h ++++ openssh-7.9p1/fips.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2012 Petr Cerny. All rights reserved. @@ -435,10 +435,10 @@ Index: openssh-7.8p1/fips.h + +#endif + -Index: openssh-7.8p1/hmac.c +Index: openssh-7.9p1/hmac.c =================================================================== ---- openssh-7.8p1.orig/hmac.c -+++ openssh-7.8p1/hmac.c +--- openssh-7.9p1.orig/hmac.c ++++ openssh-7.9p1/hmac.c @@ -144,7 +144,7 @@ hmac_test(void *key, size_t klen, void * size_t i; u_char digest[16]; @@ -448,10 +448,10 @@ Index: openssh-7.8p1/hmac.c printf("ssh_hmac_start failed"); if (ssh_hmac_init(ctx, key, klen) < 0 || ssh_hmac_update(ctx, m, mlen) < 0 || -Index: openssh-7.8p1/kex.c +Index: openssh-7.9p1/kex.c =================================================================== ---- openssh-7.8p1.orig/kex.c -+++ openssh-7.8p1/kex.c +--- openssh-7.9p1.orig/kex.c ++++ openssh-7.9p1/kex.c @@ -54,6 +54,8 @@ #include "sshbuf.h" #include "digest.h" @@ -547,11 +547,11 @@ Index: openssh-7.8p1/kex.c free(s); return 0; } -Index: openssh-7.8p1/kexgexc.c +Index: openssh-7.9p1/kexgexc.c =================================================================== ---- openssh-7.8p1.orig/kexgexc.c -+++ openssh-7.8p1/kexgexc.c -@@ -51,8 +51,7 @@ +--- openssh-7.9p1.orig/kexgexc.c ++++ openssh-7.9p1/kexgexc.c +@@ -53,8 +53,7 @@ #include "sshbuf.h" #include "misc.h" @@ -561,7 +561,7 @@ Index: openssh-7.8p1/kexgexc.c static int input_kex_dh_gex_group(int, u_int32_t, struct ssh *); static int input_kex_dh_gex_reply(int, u_int32_t, struct ssh *); -@@ -66,7 +65,7 @@ kexgex_client(struct ssh *ssh) +@@ -68,7 +67,7 @@ kexgex_client(struct ssh *ssh) nbits = dh_estimate(kex->dh_need * 8); @@ -570,11 +570,11 @@ Index: openssh-7.8p1/kexgexc.c kex->max = DH_GRP_MAX; kex->nbits = nbits; if (datafellows & SSH_BUG_DHGEX_LARGE) -Index: openssh-7.8p1/kexgexs.c +Index: openssh-7.9p1/kexgexs.c =================================================================== ---- openssh-7.8p1.orig/kexgexs.c -+++ openssh-7.8p1/kexgexs.c -@@ -54,8 +54,7 @@ +--- openssh-7.9p1.orig/kexgexs.c ++++ openssh-7.9p1/kexgexs.c +@@ -56,8 +56,7 @@ #include "sshbuf.h" #include "misc.h" @@ -584,7 +584,7 @@ Index: openssh-7.8p1/kexgexs.c static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *); static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *); -@@ -85,9 +84,9 @@ input_kex_dh_gex_request(int type, u_int +@@ -88,9 +87,9 @@ input_kex_dh_gex_request(int type, u_int kex->nbits = nbits; kex->min = min; kex->max = max; @@ -596,10 +596,10 @@ Index: openssh-7.8p1/kexgexs.c nbits = MINIMUM(DH_GRP_MAX, nbits); if (kex->max < kex->min || kex->nbits < kex->min || -Index: openssh-7.8p1/mac.c +Index: openssh-7.9p1/mac.c =================================================================== ---- openssh-7.8p1.orig/mac.c -+++ openssh-7.8p1/mac.c +--- openssh-7.9p1.orig/mac.c ++++ openssh-7.9p1/mac.c @@ -40,6 +40,9 @@ #include "openbsd-compat/openssl-compat.h" @@ -679,11 +679,11 @@ Index: openssh-7.8p1/mac.c if (strcmp(name, m->name) != 0) continue; if (mac != NULL) -Index: openssh-7.8p1/myproposal.h +Index: openssh-7.9p1/myproposal.h =================================================================== ---- openssh-7.8p1.orig/myproposal.h -+++ openssh-7.8p1/myproposal.h -@@ -141,6 +141,8 @@ +--- openssh-7.9p1.orig/myproposal.h ++++ openssh-7.9p1/myproposal.h +@@ -151,6 +151,8 @@ #else /* WITH_OPENSSL */ @@ -692,10 +692,10 @@ Index: openssh-7.8p1/myproposal.h #define KEX_SERVER_KEX \ "curve25519-sha256," \ "curve25519-sha256@libssh.org" -Index: openssh-7.8p1/readconf.c +Index: openssh-7.9p1/readconf.c =================================================================== ---- openssh-7.8p1.orig/readconf.c -+++ openssh-7.8p1/readconf.c +--- openssh-7.9p1.orig/readconf.c ++++ openssh-7.9p1/readconf.c @@ -68,6 +68,7 @@ #include "myproposal.h" #include "digest.h" @@ -704,7 +704,7 @@ Index: openssh-7.8p1/readconf.c /* Format of the configuration file: -@@ -1800,6 +1801,23 @@ option_clear_or_none(const char *o) +@@ -1825,6 +1826,23 @@ option_clear_or_none(const char *o) return o == NULL || strcasecmp(o, "none") == 0; } @@ -728,7 +728,7 @@ Index: openssh-7.8p1/readconf.c /* * Initializes options to special values that indicate that they have not yet * been set. Read_config_file will only set options with this value. Options -@@ -1999,9 +2017,9 @@ fill_default_options(Options * options) +@@ -2025,9 +2043,9 @@ fill_default_options(Options * options) if (options->number_of_password_prompts == -1) options->number_of_password_prompts = 3; if (options->kex_dhmin == -1) @@ -740,7 +740,7 @@ Index: openssh-7.8p1/readconf.c options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX); } dh_grp_min = options->kex_dhmin; -@@ -2086,6 +2104,8 @@ fill_default_options(Options * options) +@@ -2112,6 +2130,8 @@ fill_default_options(Options * options) options->canonicalize_hostname = SSH_CANONICALISE_NO; if (options->fingerprint_hash == -1) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; @@ -749,19 +749,19 @@ Index: openssh-7.8p1/readconf.c if (options->update_hostkeys == -1) options->update_hostkeys = 0; -@@ -2110,6 +2130,7 @@ fill_default_options(Options * options) - free(all_mac); - free(all_kex); +@@ -2594,6 +2614,7 @@ dump_client_config(Options *o, const cha + KEX_DEFAULT_PK_ALG, all_key) != 0) + fatal("%s: kex_assemble_names failed", __func__); free(all_key); + filter_fips_algorithms(options); - #define CLEAR_ON_NONE(v) \ - do { \ -Index: openssh-7.8p1/readconf.h + /* Most interesting options first: user, host, port */ + dump_cfg_string(oUser, o->user); +Index: openssh-7.9p1/readconf.h =================================================================== ---- openssh-7.8p1.orig/readconf.h -+++ openssh-7.8p1/readconf.h -@@ -197,6 +197,7 @@ typedef struct { +--- openssh-7.9p1.orig/readconf.h ++++ openssh-7.9p1/readconf.h +@@ -198,6 +198,7 @@ typedef struct { #define SSH_STRICT_HOSTKEY_YES 2 #define SSH_STRICT_HOSTKEY_ASK 3 @@ -769,10 +769,10 @@ Index: openssh-7.8p1/readconf.h void initialize_options(Options *); void fill_default_options(Options *); void fill_default_options_for_canonicalization(Options *); -Index: openssh-7.8p1/servconf.c +Index: openssh-7.9p1/servconf.c =================================================================== ---- openssh-7.8p1.orig/servconf.c -+++ openssh-7.8p1/servconf.c +--- openssh-7.9p1.orig/servconf.c ++++ openssh-7.9p1/servconf.c @@ -65,6 +65,7 @@ #include "myproposal.h" #include "digest.h" @@ -781,7 +781,7 @@ Index: openssh-7.8p1/servconf.c /* import from dh.c */ extern int dh_grp_min; -@@ -194,6 +195,23 @@ option_clear_or_none(const char *o) +@@ -195,6 +196,23 @@ option_clear_or_none(const char *o) return o == NULL || strcasecmp(o, "none") == 0; } @@ -805,16 +805,16 @@ Index: openssh-7.8p1/servconf.c static void assemble_algorithms(ServerOptions *o) { -@@ -220,6 +238,8 @@ assemble_algorithms(ServerOptions *o) - free(all_mac); +@@ -224,6 +242,8 @@ assemble_algorithms(ServerOptions *o) free(all_kex); free(all_key); + free(all_sig); + + filter_fips_algorithms_s(o); } static void -@@ -269,9 +289,9 @@ fill_default_server_options(ServerOption +@@ -273,9 +293,9 @@ fill_default_server_options(ServerOption options->use_pam_check_locks = 0; if (options->kex_dhmin == -1) @@ -826,7 +826,7 @@ Index: openssh-7.8p1/servconf.c options->kex_dhmin = MINIMUM(options->kex_dhmin, DH_GRP_MAX); } dh_grp_min = options->kex_dhmin; -@@ -419,6 +439,8 @@ fill_default_server_options(ServerOption +@@ -423,6 +443,8 @@ fill_default_server_options(ServerOption options->fwd_opts.streamlocal_bind_unlink = 0; if (options->fingerprint_hash == -1) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; @@ -835,10 +835,10 @@ Index: openssh-7.8p1/servconf.c if (options->disable_forwarding == -1) options->disable_forwarding = 0; if (options->expose_userauth_info == -1) -Index: openssh-7.8p1/ssh-keygen.c +Index: openssh-7.9p1/ssh-keygen.c =================================================================== ---- openssh-7.8p1.orig/ssh-keygen.c -+++ openssh-7.8p1/ssh-keygen.c +--- openssh-7.9p1.orig/ssh-keygen.c ++++ openssh-7.9p1/ssh-keygen.c @@ -61,6 +61,8 @@ #include "utf8.h" #include "authfd.h" @@ -848,7 +848,7 @@ Index: openssh-7.8p1/ssh-keygen.c #ifdef WITH_OPENSSL # define DEFAULT_KEY_TYPE_NAME "rsa" #else -@@ -965,11 +967,13 @@ do_fingerprint(struct passwd *pw) +@@ -996,11 +998,13 @@ do_fingerprint(struct passwd *pw) static void do_gen_all_hostkeys(struct passwd *pw) { @@ -864,7 +864,7 @@ Index: openssh-7.8p1/ssh-keygen.c #ifdef WITH_OPENSSL { "rsa", "RSA" ,_PATH_HOST_RSA_KEY_FILE }, { "dsa", "DSA", _PATH_HOST_DSA_KEY_FILE }, -@@ -984,6 +988,17 @@ do_gen_all_hostkeys(struct passwd *pw) +@@ -1015,6 +1019,17 @@ do_gen_all_hostkeys(struct passwd *pw) { NULL, NULL, NULL } }; @@ -882,7 +882,7 @@ Index: openssh-7.8p1/ssh-keygen.c int first = 0; struct stat st; struct sshkey *private, *public; -@@ -991,6 +1006,12 @@ do_gen_all_hostkeys(struct passwd *pw) +@@ -1022,6 +1037,12 @@ do_gen_all_hostkeys(struct passwd *pw) int i, type, fd, r; FILE *f; @@ -895,7 +895,7 @@ Index: openssh-7.8p1/ssh-keygen.c for (i = 0; key_types[i].key_type; i++) { public = private = NULL; prv_tmp = pub_tmp = prv_file = pub_file = NULL; -@@ -2727,6 +2748,15 @@ main(int argc, char **argv) +@@ -2817,6 +2838,15 @@ main(int argc, char **argv) key_type_name = DEFAULT_KEY_TYPE_NAME; type = sshkey_type_from_name(key_type_name); @@ -911,11 +911,11 @@ Index: openssh-7.8p1/ssh-keygen.c type_bits_valid(type, key_type_name, &bits); if (!quiet) -Index: openssh-7.8p1/ssh_config.0 +Index: openssh-7.9p1/ssh_config.0 =================================================================== ---- openssh-7.8p1.orig/ssh_config.0 -+++ openssh-7.8p1/ssh_config.0 -@@ -343,6 +343,9 @@ DESCRIPTION +--- openssh-7.9p1.orig/ssh_config.0 ++++ openssh-7.9p1/ssh_config.0 +@@ -353,6 +353,9 @@ DESCRIPTION Specifies the hash algorithm used when displaying key fingerprints. Valid options are: md5 and sha256 (the default). @@ -925,7 +925,7 @@ Index: openssh-7.8p1/ssh_config.0 ForwardAgent Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. The argument must -@@ -612,6 +615,9 @@ DESCRIPTION +@@ -627,6 +630,9 @@ DESCRIPTION resort and all efforts should be made to fix the (broken) counterparty. @@ -935,11 +935,11 @@ Index: openssh-7.8p1/ssh_config.0 LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. The command string -Index: openssh-7.8p1/ssh_config.5 +Index: openssh-7.9p1/ssh_config.5 =================================================================== ---- openssh-7.8p1.orig/ssh_config.5 -+++ openssh-7.8p1/ssh_config.5 -@@ -628,6 +628,8 @@ Valid options are: +--- openssh-7.9p1.orig/ssh_config.5 ++++ openssh-7.9p1/ssh_config.5 +@@ -642,6 +642,8 @@ Valid options are: and .Cm sha256 (the default). @@ -948,7 +948,7 @@ Index: openssh-7.8p1/ssh_config.5 .It Cm ForwardAgent Specifies whether the connection to the authentication agent (if any) will be forwarded to the remote machine. -@@ -1041,6 +1043,9 @@ maximum backward compatibility, using it +@@ -1063,6 +1065,9 @@ maximum backward compatibility, using it security and thus should be viewed as a temporary fix of last resort and all efforts should be made to fix the (broken) counterparty. @@ -958,10 +958,10 @@ Index: openssh-7.8p1/ssh_config.5 .It Cm LocalCommand Specifies a command to execute on the local machine after successfully connecting to the server. -Index: openssh-7.8p1/sshd.c +Index: openssh-7.9p1/sshd.c =================================================================== ---- openssh-7.8p1.orig/sshd.c -+++ openssh-7.8p1/sshd.c +--- openssh-7.9p1.orig/sshd.c ++++ openssh-7.9p1/sshd.c @@ -123,6 +123,8 @@ #include "version.h" #include "ssherr.h" @@ -971,11 +971,11 @@ Index: openssh-7.8p1/sshd.c /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) -Index: openssh-7.8p1/sshd_config.0 +Index: openssh-7.9p1/sshd_config.0 =================================================================== ---- openssh-7.8p1.orig/sshd_config.0 -+++ openssh-7.8p1/sshd_config.0 -@@ -338,6 +338,9 @@ DESCRIPTION +--- openssh-7.9p1.orig/sshd_config.0 ++++ openssh-7.9p1/sshd_config.0 +@@ -348,6 +348,9 @@ DESCRIPTION Specifies the hash algorithm used when logging key fingerprints. Valid options are: md5 and sha256. The default is sha256. @@ -985,7 +985,7 @@ Index: openssh-7.8p1/sshd_config.0 ForceCommand Forces the execution of the command specified by ForceCommand, ignoring any command supplied by the client and ~/.ssh/rc if -@@ -562,6 +565,9 @@ DESCRIPTION +@@ -572,6 +575,9 @@ DESCRIPTION resort and all efforts should be made to fix the (broken) counterparty. @@ -995,11 +995,11 @@ Index: openssh-7.8p1/sshd_config.0 ListenAddress Specifies the local addresses sshd(8) should listen on. The following forms may be used: -Index: openssh-7.8p1/sshd_config.5 +Index: openssh-7.9p1/sshd_config.5 =================================================================== ---- openssh-7.8p1.orig/sshd_config.5 -+++ openssh-7.8p1/sshd_config.5 -@@ -592,6 +592,8 @@ and +--- openssh-7.9p1.orig/sshd_config.5 ++++ openssh-7.9p1/sshd_config.5 +@@ -603,6 +603,8 @@ and .Cm sha256 . The default is .Cm sha256 . diff --git a/openssh-7.7p1-gssapi_key_exchange.patch b/openssh-7.7p1-gssapi_key_exchange.patch index eb36435..b6115f3 100644 --- a/openssh-7.7p1-gssapi_key_exchange.patch +++ b/openssh-7.7p1-gssapi_key_exchange.patch @@ -1,10 +1,10 @@ # HG changeset patch # Parent 6a2300496d25e85647e718287d4d9f37170f492a -Index: openssh-7.8p1/Makefile.in +Index: openssh-7.9p1/Makefile.in =================================================================== ---- openssh-7.8p1.orig/Makefile.in -+++ openssh-7.8p1/Makefile.in +--- openssh-7.9p1.orig/Makefile.in ++++ openssh-7.9p1/Makefile.in @@ -108,6 +108,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ LIBSSH_OBJS += fips.o @@ -14,10 +14,10 @@ Index: openssh-7.8p1/Makefile.in SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect2.o mux.o -Index: openssh-7.8p1/auth-krb5.c +Index: openssh-7.9p1/auth-krb5.c =================================================================== ---- openssh-7.8p1.orig/auth-krb5.c -+++ openssh-7.8p1/auth-krb5.c +--- openssh-7.9p1.orig/auth-krb5.c ++++ openssh-7.9p1/auth-krb5.c @@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, c len = strlen(authctxt->krb5_ticket_file) + 6; @@ -60,11 +60,11 @@ Index: openssh-7.8p1/auth-krb5.c return (krb5_cc_resolve(ctx, ccname, ccache)); } -Index: openssh-7.8p1/auth.c +Index: openssh-7.9p1/auth.c =================================================================== ---- openssh-7.8p1.orig/auth.c -+++ openssh-7.8p1/auth.c -@@ -395,6 +395,7 @@ auth_root_allowed(struct ssh *ssh, const +--- openssh-7.9p1.orig/auth.c ++++ openssh-7.9p1/auth.c +@@ -399,6 +399,7 @@ auth_root_allowed(struct ssh *ssh, const case PERMIT_NO_PASSWD: if (strcmp(method, "publickey") == 0 || strcmp(method, "hostbased") == 0 || @@ -72,10 +72,10 @@ Index: openssh-7.8p1/auth.c strcmp(method, "gssapi-with-mic") == 0) return 1; break; -Index: openssh-7.8p1/auth2-gss.c +Index: openssh-7.9p1/auth2-gss.c =================================================================== ---- openssh-7.8p1.orig/auth2-gss.c -+++ openssh-7.8p1/auth2-gss.c +--- openssh-7.9p1.orig/auth2-gss.c ++++ openssh-7.9p1/auth2-gss.c @@ -31,6 +31,7 @@ #include @@ -162,10 +162,10 @@ Index: openssh-7.8p1/auth2-gss.c Authmethod method_gssapi = { "gssapi-with-mic", userauth_gssapi, -Index: openssh-7.8p1/auth2.c +Index: openssh-7.9p1/auth2.c =================================================================== ---- openssh-7.8p1.orig/auth2.c -+++ openssh-7.8p1/auth2.c +--- openssh-7.9p1.orig/auth2.c ++++ openssh-7.9p1/auth2.c @@ -74,6 +74,7 @@ extern Authmethod method_passwd; extern Authmethod method_kbdint; extern Authmethod method_hostbased; @@ -182,10 +182,10 @@ Index: openssh-7.8p1/auth2.c &method_gssapi, #endif &method_passwd, -Index: openssh-7.8p1/clientloop.c +Index: openssh-7.9p1/clientloop.c =================================================================== ---- openssh-7.8p1.orig/clientloop.c -+++ openssh-7.8p1/clientloop.c +--- openssh-7.9p1.orig/clientloop.c ++++ openssh-7.9p1/clientloop.c @@ -112,6 +112,10 @@ #include "ssherr.h" #include "hostfile.h" @@ -197,7 +197,7 @@ Index: openssh-7.8p1/clientloop.c /* import options */ extern Options options; -@@ -1357,9 +1361,18 @@ client_loop(struct ssh *ssh, int have_pt +@@ -1370,9 +1374,18 @@ client_loop(struct ssh *ssh, int have_pt break; /* Do channel operations unless rekeying in progress. */ @@ -217,11 +217,11 @@ Index: openssh-7.8p1/clientloop.c /* Buffer input from the connection. */ client_process_net_input(readset); -Index: openssh-7.8p1/configure.ac +Index: openssh-7.9p1/configure.ac =================================================================== ---- openssh-7.8p1.orig/configure.ac -+++ openssh-7.8p1/configure.ac -@@ -673,6 +673,30 @@ main() { if (NSVersionOfRunTimeLibrary(" +--- openssh-7.9p1.orig/configure.ac ++++ openssh-7.9p1/configure.ac +@@ -664,6 +664,30 @@ main() { if (NSVersionOfRunTimeLibrary(" [Use tunnel device compatibility to OpenBSD]) AC_DEFINE([SSH_TUN_PREPEND_AF], [1], [Prepend the address family to IP tunnel traffic]) @@ -252,7 +252,7 @@ Index: openssh-7.8p1/configure.ac m4_pattern_allow([AU_IPv]) AC_CHECK_DECL([AU_IPv4], [], AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records]) -@@ -1853,9 +1877,9 @@ AC_RUN_IFELSE( +@@ -1844,9 +1868,9 @@ AC_RUN_IFELSE( ) AC_LINK_IFELSE( @@ -265,7 +265,7 @@ Index: openssh-7.8p1/configure.ac [AC_DEFINE([HAVE_ISBLANK], [1], [Define if you have isblank(3C).]) ]) -@@ -2161,7 +2185,7 @@ int snprintf(char *a, size_t b, const ch +@@ -2175,7 +2199,7 @@ int snprintf(char *a, size_t b, const ch ]])], [AC_MSG_RESULT([yes]) AC_DEFINE([SNPRINTF_CONST], [const], @@ -274,7 +274,7 @@ Index: openssh-7.8p1/configure.ac [AC_MSG_RESULT([no]) AC_DEFINE([SNPRINTF_CONST], [/* not const */])]) -@@ -2176,7 +2200,7 @@ if test "x$ac_cv_func_getpeereid" != "xy +@@ -2190,7 +2214,7 @@ if test "x$ac_cv_func_getpeereid" != "xy AC_DEFINE([HAVE_SO_PEERCRED], [1], [Have PEERCRED socket option]) ], [AC_MSG_RESULT([no]) NO_PEERCHECK=1 @@ -283,23 +283,7 @@ Index: openssh-7.8p1/configure.ac fi dnl see whether mkstemp() requires XXXXXX -@@ -2600,12 +2624,12 @@ if test "x$openssl" = "xyes" ; then - case "$ssl_library_ver" in - 10000*|0*) - AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) -- ;; -+ ;; - 100*) ;; # 1.0.x - 200*) ;; # LibreSSL -- *) -+ *) - AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")]) -- ;; -+ ;; - esac - AC_MSG_RESULT([$ssl_library_ver]) - ], -@@ -4473,7 +4497,7 @@ AC_ARG_WITH([maildir], +@@ -4601,7 +4625,7 @@ AC_ARG_WITH([maildir], if test "X$withval" != X && test "x$withval" != xno && \ test "x${withval}" != xyes; then AC_DEFINE_UNQUOTED([MAIL_DIRECTORY], ["$withval"], @@ -308,10 +292,10 @@ Index: openssh-7.8p1/configure.ac fi ],[ if test "X$maildir" != "X"; then -Index: openssh-7.8p1/gss-genr.c +Index: openssh-7.9p1/gss-genr.c =================================================================== ---- openssh-7.8p1.orig/gss-genr.c -+++ openssh-7.8p1/gss-genr.c +--- openssh-7.9p1.orig/gss-genr.c ++++ openssh-7.9p1/gss-genr.c @@ -41,12 +41,169 @@ #include "sshbuf.h" #include "log.h" @@ -657,10 +641,10 @@ Index: openssh-7.8p1/gss-genr.c +} + #endif /* GSSAPI */ -Index: openssh-7.8p1/gss-serv-krb5.c +Index: openssh-7.9p1/gss-serv-krb5.c =================================================================== ---- openssh-7.8p1.orig/gss-serv-krb5.c -+++ openssh-7.8p1/gss-serv-krb5.c +--- openssh-7.9p1.orig/gss-serv-krb5.c ++++ openssh-7.9p1/gss-serv-krb5.c @@ -120,7 +120,7 @@ ssh_gssapi_krb5_storecreds(ssh_gssapi_cl krb5_error_code problem; krb5_principal princ; @@ -788,10 +772,10 @@ Index: openssh-7.8p1/gss-serv-krb5.c }; #endif /* KRB5 */ -Index: openssh-7.8p1/gss-serv.c +Index: openssh-7.9p1/gss-serv.c =================================================================== ---- openssh-7.8p1.orig/gss-serv.c -+++ openssh-7.8p1/gss-serv.c +--- openssh-7.9p1.orig/gss-serv.c ++++ openssh-7.9p1/gss-serv.c @@ -44,17 +44,19 @@ #include "session.h" #include "misc.h" @@ -1073,10 +1057,10 @@ Index: openssh-7.8p1/gss-serv.c } /* Privileged */ -Index: openssh-7.8p1/kex.c +Index: openssh-7.9p1/kex.c =================================================================== ---- openssh-7.8p1.orig/kex.c -+++ openssh-7.8p1/kex.c +--- openssh-7.9p1.orig/kex.c ++++ openssh-7.9p1/kex.c @@ -56,6 +56,10 @@ #include "fips.h" @@ -1124,10 +1108,10 @@ Index: openssh-7.8p1/kex.c } return NULL; } -Index: openssh-7.8p1/kex.h +Index: openssh-7.9p1/kex.h =================================================================== ---- openssh-7.8p1.orig/kex.h -+++ openssh-7.8p1/kex.h +--- openssh-7.9p1.orig/kex.h ++++ openssh-7.9p1/kex.h @@ -100,6 +100,11 @@ enum kex_exchange { KEX_DH_GEX_SHA256, KEX_ECDH_SHA2, @@ -1164,10 +1148,10 @@ Index: openssh-7.8p1/kex.h int kex_dh_hash(int, const char *, const char *, const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, -Index: openssh-7.8p1/kexgssc.c +Index: openssh-7.9p1/kexgssc.c =================================================================== --- /dev/null -+++ openssh-7.8p1/kexgssc.c ++++ openssh-7.9p1/kexgssc.c @@ -0,0 +1,348 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. @@ -1517,10 +1501,10 @@ Index: openssh-7.8p1/kexgssc.c +} + +#endif /* GSSAPI */ -Index: openssh-7.8p1/kexgsss.c +Index: openssh-7.9p1/kexgsss.c =================================================================== --- /dev/null -+++ openssh-7.8p1/kexgsss.c ++++ openssh-7.9p1/kexgsss.c @@ -0,0 +1,307 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. @@ -1829,11 +1813,11 @@ Index: openssh-7.8p1/kexgsss.c + return 0; +} +#endif /* GSSAPI */ -Index: openssh-7.8p1/monitor.c +Index: openssh-7.9p1/monitor.c =================================================================== ---- openssh-7.8p1.orig/monitor.c -+++ openssh-7.8p1/monitor.c -@@ -143,6 +143,8 @@ int mm_answer_gss_setup_ctx(int, struct +--- openssh-7.9p1.orig/monitor.c ++++ openssh-7.9p1/monitor.c +@@ -145,6 +145,8 @@ int mm_answer_gss_setup_ctx(int, struct int mm_answer_gss_accept_ctx(int, struct sshbuf *); int mm_answer_gss_userok(int, struct sshbuf *); int mm_answer_gss_checkmic(int, struct sshbuf *); @@ -1842,7 +1826,7 @@ Index: openssh-7.8p1/monitor.c #endif #ifdef SSH_AUDIT_EVENTS -@@ -213,6 +215,7 @@ struct mon_table mon_dispatch_proto20[] +@@ -215,6 +217,7 @@ struct mon_table mon_dispatch_proto20[] {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx}, {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok}, {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic}, @@ -1850,7 +1834,7 @@ Index: openssh-7.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -229,6 +232,12 @@ struct mon_table mon_dispatch_postauth20 +@@ -231,6 +234,12 @@ struct mon_table mon_dispatch_postauth20 {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, #endif @@ -1863,7 +1847,7 @@ Index: openssh-7.8p1/monitor.c {0, 0, NULL} }; -@@ -287,7 +296,10 @@ monitor_child_preauth(Authctxt *_authctx +@@ -289,7 +298,10 @@ monitor_child_preauth(Authctxt *_authctx /* Permit requests for moduli and signatures */ monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); @@ -1875,7 +1859,7 @@ Index: openssh-7.8p1/monitor.c /* The first few requests do not require asynchronous access */ while (!authenticated) { partial = 0; -@@ -399,6 +411,10 @@ monitor_child_postauth(struct monitor *p +@@ -401,6 +413,10 @@ monitor_child_postauth(struct monitor *p monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); @@ -1886,7 +1870,7 @@ Index: openssh-7.8p1/monitor.c if (auth_opts->permit_pty_flag) { monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); -@@ -605,7 +621,7 @@ mm_answer_moduli(int sock, struct sshbuf +@@ -609,7 +625,7 @@ mm_answer_moduli(int sock, struct sshbuf int mm_answer_sign(int sock, struct sshbuf *m) { @@ -1895,7 +1879,7 @@ Index: openssh-7.8p1/monitor.c extern int auth_sock; /* XXX move to state struct? */ struct sshkey *key; struct sshbuf *sigbuf = NULL; -@@ -1643,7 +1659,7 @@ monitor_apply_keystate(struct monitor *p +@@ -1647,7 +1663,7 @@ monitor_apply_keystate(struct monitor *p debug3("%s: packet_set_state", __func__); if ((r = ssh_packet_set_state(ssh, child_state)) != 0) @@ -1904,7 +1888,7 @@ Index: openssh-7.8p1/monitor.c sshbuf_free(child_state); child_state = NULL; -@@ -1662,6 +1678,13 @@ monitor_apply_keystate(struct monitor *p +@@ -1666,6 +1682,13 @@ monitor_apply_keystate(struct monitor *p # endif #endif /* WITH_OPENSSL */ kex->kex[KEX_C25519_SHA256] = kexc25519_server; @@ -1918,7 +1902,7 @@ Index: openssh-7.8p1/monitor.c kex->load_host_public_key=&get_hostkey_public_by_type; kex->load_host_private_key=&get_hostkey_private_by_type; kex->host_key_index=&get_hostkey_index; -@@ -1752,8 +1775,8 @@ mm_answer_gss_setup_ctx(int sock, struct +@@ -1756,8 +1779,8 @@ mm_answer_gss_setup_ctx(int sock, struct u_char *p; int r; @@ -1929,7 +1913,7 @@ Index: openssh-7.8p1/monitor.c if ((r = sshbuf_get_string(m, &p, &len)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); -@@ -1785,7 +1808,7 @@ mm_answer_gss_accept_ctx(int sock, struc +@@ -1789,7 +1812,7 @@ mm_answer_gss_accept_ctx(int sock, struc OM_uint32 flags = 0; /* GSI needs this */ int r; @@ -1938,7 +1922,7 @@ Index: openssh-7.8p1/monitor.c fatal("%s: GSSAPI authentication not enabled", __func__); if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) -@@ -1806,6 +1829,7 @@ mm_answer_gss_accept_ctx(int sock, struc +@@ -1810,6 +1833,7 @@ mm_answer_gss_accept_ctx(int sock, struc monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); @@ -1946,7 +1930,7 @@ Index: openssh-7.8p1/monitor.c } return (0); } -@@ -1817,7 +1841,7 @@ mm_answer_gss_checkmic(int sock, struct +@@ -1821,7 +1845,7 @@ mm_answer_gss_checkmic(int sock, struct OM_uint32 ret; int r; @@ -1955,7 +1939,7 @@ Index: openssh-7.8p1/monitor.c fatal("%s: GSSAPI authentication not enabled", __func__); if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || -@@ -1847,10 +1871,11 @@ mm_answer_gss_userok(int sock, struct ss +@@ -1851,10 +1875,11 @@ mm_answer_gss_userok(int sock, struct ss int r, authenticated; const char *displayname; @@ -1969,7 +1953,7 @@ Index: openssh-7.8p1/monitor.c sshbuf_reset(m); if ((r = sshbuf_put_u32(m, authenticated)) != 0) -@@ -1867,5 +1892,73 @@ mm_answer_gss_userok(int sock, struct ss +@@ -1871,5 +1896,73 @@ mm_answer_gss_userok(int sock, struct ss /* Monitor loop will terminate if authenticated */ return (authenticated); } @@ -2044,10 +2028,10 @@ Index: openssh-7.8p1/monitor.c +} + +#endif /* GSSAPI */ -Index: openssh-7.8p1/monitor.h +Index: openssh-7.9p1/monitor.h =================================================================== ---- openssh-7.8p1.orig/monitor.h -+++ openssh-7.8p1/monitor.h +--- openssh-7.9p1.orig/monitor.h ++++ openssh-7.9p1/monitor.h @@ -63,6 +63,9 @@ enum monitor_reqtype { MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, @@ -2058,10 +2042,10 @@ Index: openssh-7.8p1/monitor.h }; struct monitor { -Index: openssh-7.8p1/monitor_wrap.c +Index: openssh-7.9p1/monitor_wrap.c =================================================================== ---- openssh-7.8p1.orig/monitor_wrap.c -+++ openssh-7.8p1/monitor_wrap.c +--- openssh-7.9p1.orig/monitor_wrap.c ++++ openssh-7.9p1/monitor_wrap.c @@ -984,7 +984,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss } @@ -2124,10 +2108,10 @@ Index: openssh-7.8p1/monitor_wrap.c + return (ok); +} #endif /* GSSAPI */ -Index: openssh-7.8p1/monitor_wrap.h +Index: openssh-7.9p1/monitor_wrap.h =================================================================== ---- openssh-7.8p1.orig/monitor_wrap.h -+++ openssh-7.8p1/monitor_wrap.h +--- openssh-7.9p1.orig/monitor_wrap.h ++++ openssh-7.9p1/monitor_wrap.h @@ -60,8 +60,10 @@ int mm_sshkey_verify(const struct sshkey OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, @@ -2140,10 +2124,10 @@ Index: openssh-7.8p1/monitor_wrap.h #endif #ifdef USE_PAM -Index: openssh-7.8p1/readconf.c +Index: openssh-7.9p1/readconf.c =================================================================== ---- openssh-7.8p1.orig/readconf.c -+++ openssh-7.8p1/readconf.c +--- openssh-7.9p1.orig/readconf.c ++++ openssh-7.9p1/readconf.c @@ -163,6 +163,8 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, @@ -2174,7 +2158,7 @@ Index: openssh-7.8p1/readconf.c #endif #ifdef ENABLE_PKCS11 { "smartcarddevice", oPKCS11Provider }, -@@ -979,10 +991,30 @@ parse_time: +@@ -980,10 +992,30 @@ parse_time: intptr = &options->gss_authentication; goto parse_flag; @@ -2205,7 +2189,7 @@ Index: openssh-7.8p1/readconf.c case oBatchMode: intptr = &options->batch_mode; goto parse_flag; -@@ -1844,7 +1876,12 @@ initialize_options(Options * options) +@@ -1869,7 +1901,12 @@ initialize_options(Options * options) options->pubkey_authentication = -1; options->challenge_response_authentication = -1; options->gss_authentication = -1; @@ -2218,7 +2202,7 @@ Index: openssh-7.8p1/readconf.c options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->kbd_interactive_devices = NULL; -@@ -1990,8 +2027,14 @@ fill_default_options(Options * options) +@@ -2016,8 +2053,14 @@ fill_default_options(Options * options) options->challenge_response_authentication = 1; if (options->gss_authentication == -1) options->gss_authentication = 0; @@ -2233,10 +2217,10 @@ Index: openssh-7.8p1/readconf.c if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) -Index: openssh-7.8p1/readconf.h +Index: openssh-7.9p1/readconf.h =================================================================== ---- openssh-7.8p1.orig/readconf.h -+++ openssh-7.8p1/readconf.h +--- openssh-7.9p1.orig/readconf.h ++++ openssh-7.9p1/readconf.h @@ -40,7 +40,12 @@ typedef struct { int challenge_response_authentication; /* Try S/Key or TIS, authentication. */ @@ -2250,10 +2234,10 @@ Index: openssh-7.8p1/readconf.h int password_authentication; /* Try password * authentication. */ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -Index: openssh-7.8p1/regress/cert-hostkey.sh +Index: openssh-7.9p1/regress/cert-hostkey.sh =================================================================== ---- openssh-7.8p1.orig/regress/cert-hostkey.sh -+++ openssh-7.8p1/regress/cert-hostkey.sh +--- openssh-7.9p1.orig/regress/cert-hostkey.sh ++++ openssh-7.9p1/regress/cert-hostkey.sh @@ -66,7 +66,7 @@ touch $OBJ/host_revoked_plain touch $OBJ/host_revoked_cert cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca @@ -2263,10 +2247,10 @@ Index: openssh-7.8p1/regress/cert-hostkey.sh if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512" -Index: openssh-7.8p1/regress/cert-userkey.sh +Index: openssh-7.9p1/regress/cert-userkey.sh =================================================================== ---- openssh-7.8p1.orig/regress/cert-userkey.sh -+++ openssh-7.8p1/regress/cert-userkey.sh +--- openssh-7.9p1.orig/regress/cert-userkey.sh ++++ openssh-7.9p1/regress/cert-userkey.sh @@ -7,7 +7,7 @@ rm -f $OBJ/authorized_keys_$USER $OBJ/us cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak @@ -2276,10 +2260,10 @@ Index: openssh-7.8p1/regress/cert-userkey.sh EXTRA_TYPES="" if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then -Index: openssh-7.8p1/regress/kextype.sh +Index: openssh-7.9p1/regress/kextype.sh =================================================================== ---- openssh-7.8p1.orig/regress/kextype.sh -+++ openssh-7.8p1/regress/kextype.sh +--- openssh-7.9p1.orig/regress/kextype.sh ++++ openssh-7.9p1/regress/kextype.sh @@ -14,6 +14,9 @@ echo "KexAlgorithms=$KEXOPT" >> $OBJ/ssh tries="1 2 3 4" @@ -2290,10 +2274,10 @@ Index: openssh-7.8p1/regress/kextype.sh verbose "kex $k" for i in $tries; do ${SSH} -F $OBJ/ssh_proxy -o KexAlgorithms=$k x true -Index: openssh-7.8p1/regress/rekey.sh +Index: openssh-7.9p1/regress/rekey.sh =================================================================== ---- openssh-7.8p1.orig/regress/rekey.sh -+++ openssh-7.8p1/regress/rekey.sh +--- openssh-7.9p1.orig/regress/rekey.sh ++++ openssh-7.9p1/regress/rekey.sh @@ -38,6 +38,9 @@ increase_datafile_size 300 opts="" @@ -2314,10 +2298,10 @@ Index: openssh-7.8p1/regress/rekey.sh verbose "client rekey $c $kex" ssh_data_rekeying "KexAlgorithms=$kex" -oRekeyLimit=256k -oCiphers=$c done -Index: openssh-7.8p1/servconf.c +Index: openssh-7.9p1/servconf.c =================================================================== ---- openssh-7.8p1.orig/servconf.c -+++ openssh-7.8p1/servconf.c +--- openssh-7.9p1.orig/servconf.c ++++ openssh-7.9p1/servconf.c @@ -130,8 +130,10 @@ initialize_server_options(ServerOptions options->kerberos_ticket_cleanup = -1; options->kerberos_get_afs_token = -1; @@ -2329,7 +2313,7 @@ Index: openssh-7.8p1/servconf.c options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; -@@ -369,10 +371,14 @@ fill_default_server_options(ServerOption +@@ -373,10 +375,14 @@ fill_default_server_options(ServerOption options->kerberos_get_afs_token = 0; if (options->gss_authentication == -1) options->gss_authentication = 0; @@ -2344,7 +2328,7 @@ Index: openssh-7.8p1/servconf.c if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) -@@ -519,6 +525,7 @@ typedef enum { +@@ -523,6 +529,7 @@ typedef enum { sHostKeyAlgorithms, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, @@ -2352,7 +2336,7 @@ Index: openssh-7.8p1/servconf.c sAcceptEnv, sSetEnv, sPermitTunnel, sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, -@@ -596,11 +603,17 @@ static struct { +@@ -600,11 +607,17 @@ static struct { { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, @@ -2370,7 +2354,7 @@ Index: openssh-7.8p1/servconf.c { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, -@@ -1503,6 +1516,10 @@ process_server_config_line(ServerOptions +@@ -1512,6 +1525,10 @@ process_server_config_line(ServerOptions intptr = &options->gss_authentication; goto parse_flag; @@ -2381,7 +2365,7 @@ Index: openssh-7.8p1/servconf.c case sGssCleanupCreds: intptr = &options->gss_cleanup_creds; goto parse_flag; -@@ -1511,6 +1528,10 @@ process_server_config_line(ServerOptions +@@ -1520,6 +1537,10 @@ process_server_config_line(ServerOptions intptr = &options->gss_strict_acceptor; goto parse_flag; @@ -2392,7 +2376,7 @@ Index: openssh-7.8p1/servconf.c case sPasswordAuthentication: intptr = &options->password_authentication; goto parse_flag; -@@ -2304,6 +2325,10 @@ copy_set_server_options(ServerOptions *d +@@ -2313,6 +2334,10 @@ copy_set_server_options(ServerOptions *d M_CP_INTOPT(password_authentication); M_CP_INTOPT(gss_authentication); @@ -2403,7 +2387,7 @@ Index: openssh-7.8p1/servconf.c M_CP_INTOPT(pubkey_authentication); M_CP_INTOPT(kerberos_authentication); M_CP_INTOPT(hostbased_authentication); -@@ -2600,7 +2625,10 @@ dump_config(ServerOptions *o) +@@ -2609,7 +2634,10 @@ dump_config(ServerOptions *o) #endif #ifdef GSSAPI dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); @@ -2414,10 +2398,10 @@ Index: openssh-7.8p1/servconf.c #endif dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); dump_cfg_fmtint(sKbdInteractiveAuthentication, -Index: openssh-7.8p1/servconf.h +Index: openssh-7.9p1/servconf.h =================================================================== ---- openssh-7.8p1.orig/servconf.h -+++ openssh-7.8p1/servconf.h +--- openssh-7.9p1.orig/servconf.h ++++ openssh-7.9p1/servconf.h @@ -16,6 +16,8 @@ #ifndef SERVCONF_H #define SERVCONF_H @@ -2427,7 +2411,7 @@ Index: openssh-7.8p1/servconf.h #define MAX_PORTS 256 /* Max # ports. */ #define MAX_SUBSYSTEMS 256 /* Max # subsystems. */ -@@ -125,8 +127,10 @@ typedef struct { +@@ -126,8 +128,10 @@ typedef struct { int kerberos_get_afs_token; /* If true, try to get AFS token if * authenticated with Kerberos. */ int gss_authentication; /* If true, permit GSSAPI authentication */ @@ -2438,10 +2422,10 @@ Index: openssh-7.8p1/servconf.h int password_authentication; /* If true, permit password * authentication. */ int kbd_interactive_authentication; /* If true, permit */ -Index: openssh-7.8p1/ssh-gss.h +Index: openssh-7.9p1/ssh-gss.h =================================================================== ---- openssh-7.8p1.orig/ssh-gss.h -+++ openssh-7.8p1/ssh-gss.h +--- openssh-7.9p1.orig/ssh-gss.h ++++ openssh-7.9p1/ssh-gss.h @@ -61,10 +61,22 @@ #define SSH_GSS_OIDTYPE 0x06 @@ -2532,10 +2516,10 @@ Index: openssh-7.8p1/ssh-gss.h #endif /* GSSAPI */ #endif /* _SSH_GSS_H */ -Index: openssh-7.8p1/ssh_config +Index: openssh-7.9p1/ssh_config =================================================================== ---- openssh-7.8p1.orig/ssh_config -+++ openssh-7.8p1/ssh_config +--- openssh-7.9p1.orig/ssh_config ++++ openssh-7.9p1/ssh_config @@ -45,6 +45,8 @@ Host * # HostbasedAuthentication no # GSSAPIAuthentication no @@ -2545,11 +2529,11 @@ Index: openssh-7.8p1/ssh_config # BatchMode no # CheckHostIP yes # AddressFamily any -Index: openssh-7.8p1/ssh_config.0 +Index: openssh-7.9p1/ssh_config.0 =================================================================== ---- openssh-7.8p1.orig/ssh_config.0 -+++ openssh-7.8p1/ssh_config.0 -@@ -410,9 +410,40 @@ DESCRIPTION +--- openssh-7.9p1.orig/ssh_config.0 ++++ openssh-7.9p1/ssh_config.0 +@@ -422,9 +422,40 @@ DESCRIPTION Specifies whether user authentication based on GSSAPI is allowed. The default is no. @@ -2590,11 +2574,11 @@ Index: openssh-7.8p1/ssh_config.0 HashKnownHosts Indicates that ssh(1) should hash host names and addresses when they are added to ~/.ssh/known_hosts. These hashed names may be -Index: openssh-7.8p1/ssh_config.5 +Index: openssh-7.9p1/ssh_config.5 =================================================================== ---- openssh-7.8p1.orig/ssh_config.5 -+++ openssh-7.8p1/ssh_config.5 -@@ -720,10 +720,40 @@ The default is +--- openssh-7.9p1.orig/ssh_config.5 ++++ openssh-7.9p1/ssh_config.5 +@@ -738,10 +738,40 @@ The default is Specifies whether user authentication based on GSSAPI is allowed. The default is .Cm no . @@ -2635,10 +2619,10 @@ Index: openssh-7.8p1/ssh_config.5 .It Cm HashKnownHosts Indicates that .Xr ssh 1 -Index: openssh-7.8p1/sshconnect2.c +Index: openssh-7.9p1/sshconnect2.c =================================================================== ---- openssh-7.8p1.orig/sshconnect2.c -+++ openssh-7.8p1/sshconnect2.c +--- openssh-7.9p1.orig/sshconnect2.c ++++ openssh-7.9p1/sshconnect2.c @@ -82,6 +82,124 @@ extern char *client_version_string; extern char *server_version_string; extern Options options; @@ -2871,7 +2855,7 @@ Index: openssh-7.8p1/sshconnect2.c {"gssapi-with-mic", userauth_gssapi, NULL, -@@ -657,19 +840,31 @@ userauth_gssapi(Authctxt *authctxt) +@@ -686,19 +869,31 @@ userauth_gssapi(Authctxt *authctxt) static u_int mech = 0; OM_uint32 min; int r, ok = 0; @@ -2905,7 +2889,7 @@ Index: openssh-7.8p1/sshconnect2.c ok = 1; /* Mechanism works */ } else { mech++; -@@ -906,6 +1101,51 @@ input_gssapi_error(int type, u_int32_t p +@@ -935,6 +1130,51 @@ input_gssapi_error(int type, u_int32_t p free(lang); return r; } @@ -2957,7 +2941,7 @@ Index: openssh-7.8p1/sshconnect2.c #endif /* GSSAPI */ int -@@ -1443,8 +1683,8 @@ key_type_allowed_by_config(struct sshkey +@@ -1473,8 +1713,8 @@ key_type_allowed_by_config(struct sshkey /* * try keys in the following order: @@ -2968,10 +2952,10 @@ Index: openssh-7.8p1/sshconnect2.c * 3. agent keys that are found in the config file * 4. other agent keys * 5. keys that are only listed in the config file -Index: openssh-7.8p1/sshd.c +Index: openssh-7.9p1/sshd.c =================================================================== ---- openssh-7.8p1.orig/sshd.c -+++ openssh-7.8p1/sshd.c +--- openssh-7.9p1.orig/sshd.c ++++ openssh-7.9p1/sshd.c @@ -131,6 +131,10 @@ #include "fips.h" @@ -2983,16 +2967,17 @@ Index: openssh-7.8p1/sshd.c /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) -@@ -555,7 +559,7 @@ privsep_preauth_child(void) +@@ -555,7 +559,8 @@ privsep_preauth_child(void) #ifdef GSSAPI /* Cache supported mechanism OIDs for later use */ -- if (options.gss_authentication) +- ssh_gssapi_prepare_supported_oids(); + if (options.gss_authentication || options.gss_keyex) - ssh_gssapi_prepare_supported_oids(); ++ ssh_gssapi_prepare_supported_oids(); #endif -@@ -898,8 +902,9 @@ notify_hostkeys(struct ssh *ssh) + reseed_prngs(); +@@ -897,8 +902,9 @@ notify_hostkeys(struct ssh *ssh) } debug3("%s: sent %u hostkeys", __func__, nkeys); if (nkeys == 0) @@ -3004,7 +2989,7 @@ Index: openssh-7.8p1/sshd.c sshbuf_free(buf); } -@@ -1838,7 +1843,12 @@ main(int ac, char **av) +@@ -1837,7 +1843,12 @@ main(int ac, char **av) free(fp); } accumulate_host_timing_secret(cfg, NULL); @@ -3017,7 +3002,7 @@ Index: openssh-7.8p1/sshd.c logit("sshd: no hostkeys available -- exiting."); exit(1); } -@@ -2016,6 +2026,60 @@ main(int ac, char **av) +@@ -2015,6 +2026,60 @@ main(int ac, char **av) /* This is the child processing a new connection. */ setproctitle("%s", "[accepted]"); @@ -3078,7 +3063,7 @@ Index: openssh-7.8p1/sshd.c /* * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. We don't -@@ -2137,6 +2201,60 @@ main(int ac, char **av) +@@ -2136,6 +2201,60 @@ main(int ac, char **av) rdomain == NULL ? "" : "\""); free(laddr); @@ -3139,7 +3124,7 @@ Index: openssh-7.8p1/sshd.c /* * We don't want to listen forever unless the other side * successfully authenticates itself. So we set up an alarm which is -@@ -2320,6 +2438,48 @@ do_ssh2_kex(void) +@@ -2319,6 +2438,48 @@ do_ssh2_kex(void) myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( list_hostkey_types()); @@ -3188,7 +3173,7 @@ Index: openssh-7.8p1/sshd.c /* start key exchange */ if ((r = kex_setup(active_state, myproposal)) != 0) fatal("kex_setup: %s", ssh_err(r)); -@@ -2337,6 +2497,13 @@ do_ssh2_kex(void) +@@ -2336,6 +2497,13 @@ do_ssh2_kex(void) # endif #endif kex->kex[KEX_C25519_SHA256] = kexc25519_server; @@ -3202,10 +3187,10 @@ Index: openssh-7.8p1/sshd.c kex->server = 1; kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; -Index: openssh-7.8p1/sshd_config +Index: openssh-7.9p1/sshd_config =================================================================== ---- openssh-7.8p1.orig/sshd_config -+++ openssh-7.8p1/sshd_config +--- openssh-7.9p1.orig/sshd_config ++++ openssh-7.9p1/sshd_config @@ -76,6 +76,8 @@ AuthorizedKeysFile .ssh/authorized_keys # GSSAPI options #GSSAPIAuthentication no @@ -3215,11 +3200,11 @@ Index: openssh-7.8p1/sshd_config # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -Index: openssh-7.8p1/sshd_config.5 +Index: openssh-7.9p1/sshd_config.5 =================================================================== ---- openssh-7.8p1.orig/sshd_config.5 -+++ openssh-7.8p1/sshd_config.5 -@@ -644,6 +644,11 @@ Specifies whether to automatically destr +--- openssh-7.9p1.orig/sshd_config.5 ++++ openssh-7.9p1/sshd_config.5 +@@ -655,6 +655,11 @@ Specifies whether to automatically destr on logout. The default is .Cm yes . @@ -3231,7 +3216,7 @@ Index: openssh-7.8p1/sshd_config.5 .It Cm GSSAPIStrictAcceptorCheck Determines whether to be strict about the identity of the GSSAPI acceptor a client authenticates against. -@@ -658,6 +663,11 @@ machine's default store. +@@ -669,6 +674,11 @@ machine's default store. This facility is provided to assist with operation on multi homed machines. The default is .Cm yes . @@ -3243,7 +3228,7 @@ Index: openssh-7.8p1/sshd_config.5 .It Cm HostbasedAcceptedKeyTypes Specifies the key types that will be accepted for hostbased authentication as a list of comma-separated patterns. -@@ -1632,16 +1642,16 @@ as a non-root user. +@@ -1643,16 +1653,16 @@ as a non-root user. The default is .Cm no . .It Cm UsePAMCheckLocks @@ -3263,11 +3248,11 @@ Index: openssh-7.8p1/sshd_config.5 .Dq no . .It Cm VersionAddendum Optionally specifies additional text to append to the SSH protocol banner -Index: openssh-7.8p1/sshkey.c +Index: openssh-7.9p1/sshkey.c =================================================================== ---- openssh-7.8p1.orig/sshkey.c -+++ openssh-7.8p1/sshkey.c -@@ -140,6 +140,7 @@ static const struct keytype keytypes[] = +--- openssh-7.9p1.orig/sshkey.c ++++ openssh-7.9p1/sshkey.c +@@ -135,6 +135,7 @@ static const struct keytype keytypes[] = # endif /* OPENSSL_HAS_NISTP521 */ # endif /* OPENSSL_HAS_ECC */ #endif /* WITH_OPENSSL */ @@ -3275,11 +3260,11 @@ Index: openssh-7.8p1/sshkey.c { NULL, NULL, NULL, -1, -1, 0, 0 } }; -Index: openssh-7.8p1/sshkey.h +Index: openssh-7.9p1/sshkey.h =================================================================== ---- openssh-7.8p1.orig/sshkey.h -+++ openssh-7.8p1/sshkey.h -@@ -63,6 +63,7 @@ enum sshkey_types { +--- openssh-7.9p1.orig/sshkey.h ++++ openssh-7.9p1/sshkey.h +@@ -64,6 +64,7 @@ enum sshkey_types { KEY_ED25519_CERT, KEY_XMSS, KEY_XMSS_CERT, @@ -3287,11 +3272,11 @@ Index: openssh-7.8p1/sshkey.h KEY_UNSPEC }; -Index: openssh-7.8p1/sshd_config.0 +Index: openssh-7.9p1/sshd_config.0 =================================================================== ---- openssh-7.8p1.orig/sshd_config.0 -+++ openssh-7.8p1/sshd_config.0 -@@ -370,6 +370,12 @@ DESCRIPTION +--- openssh-7.9p1.orig/sshd_config.0 ++++ openssh-7.9p1/sshd_config.0 +@@ -380,6 +380,12 @@ DESCRIPTION Specifies whether user authentication based on GSSAPI is allowed. The default is no. @@ -3304,7 +3289,7 @@ Index: openssh-7.8p1/sshd_config.0 GSSAPICleanupCredentials Specifies whether to automatically destroy the user's credentials cache on logout. The default is yes. -@@ -383,6 +388,12 @@ DESCRIPTION +@@ -393,6 +399,12 @@ DESCRIPTION facility is provided to assist with operation on multi homed machines. The default is yes. diff --git a/openssh-7.7p1-openssl_1.1.0.patch b/openssh-7.7p1-openssl_1.1.0.patch deleted file mode 100644 index 4cedd9a..0000000 --- a/openssh-7.7p1-openssl_1.1.0.patch +++ /dev/null @@ -1,3102 +0,0 @@ -# HG changeset patch -# Parent 6e5e3cb13cb379ca302c54a1f21156364781f8b6 -OpenSSL 1.1.0 API shims and crutches -modified from RH patch - -Index: openssh-7.8p1/Makefile.in -=================================================================== ---- openssh-7.8p1.orig/Makefile.in -+++ openssh-7.8p1/Makefile.in -@@ -112,6 +112,8 @@ LIBSSH_OBJS += kexgssc.o kexgsss.o - - LIBSSH_OBJS += auditstub.o - -+LIBSSH_OBJS += libcrypto-compat.o -+ - SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ - sshconnect.o sshconnect2.o mux.o - -Index: openssh-7.8p1/auth-pam.c -=================================================================== ---- openssh-7.8p1.orig/auth-pam.c -+++ openssh-7.8p1/auth-pam.c -@@ -128,6 +128,10 @@ extern u_int utmp_len; - typedef pthread_t sp_pthread_t; - #else - typedef pid_t sp_pthread_t; -+# define pthread_create(a, b, c, d) _ssh_compat_pthread_create(a, b, c, d) -+# define pthread_exit(a) _ssh_compat_pthread_exit(a) -+# define pthread_cancel(a) _ssh_compat_pthread_cancel(a) -+# define pthread_join(a, b) _ssh_compat_pthread_join(a, b) - #endif - - struct pam_ctxt { -Index: openssh-7.8p1/cavstest-ctr.c -=================================================================== ---- openssh-7.8p1.orig/cavstest-ctr.c -+++ openssh-7.8p1/cavstest-ctr.c -@@ -150,7 +150,7 @@ main(int argc, char *argv[]) - usage(); - } - -- SSLeay_add_all_algorithms(); -+ OpenSSL_add_all_algorithms(); - - c = cipher_by_name(algo); - if (c == NULL) { -Index: openssh-7.8p1/cipher.c -=================================================================== ---- openssh-7.8p1.orig/cipher.c -+++ openssh-7.8p1/cipher.c -@@ -299,7 +299,7 @@ cipher_init(struct sshcipher_ctx **ccp, - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv, -+ if (EVP_CipherInit(cc->evp, type, (u_char *)key, (u_char *)iv, - (do_encrypt == CIPHER_ENCRYPT)) == 0) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; -@@ -317,10 +317,6 @@ cipher_init(struct sshcipher_ctx **ccp, - goto out; - } - } -- if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) { -- ret = SSH_ERR_LIBCRYPTO_ERROR; -- goto out; -- } - ret = 0; - #endif /* WITH_OPENSSL */ - out: -@@ -503,7 +499,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c - len, iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else -- memcpy(iv, cc->evp->iv, len); -+ memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len); - #endif - return 0; - } -@@ -537,14 +533,14 @@ cipher_set_keyiv(struct sshcipher_ctx *c - EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else -- memcpy(cc->evp->iv, iv, evplen); -+ memcpy(EVP_CIPHER_CTX_iv_noconst(cc->evp), iv, evplen); - #endif - return 0; - } - - #ifdef WITH_OPENSSL --#define EVP_X_STATE(evp) (evp)->cipher_data --#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size -+#define EVP_X_STATE(evp) EVP_CIPHER_CTX_get_cipher_data(evp) -+#define EVP_X_STATE_LEN(evp) EVP_CIPHER_impl_ctx_size(EVP_CIPHER_CTX_cipher(evp)) - #endif - - int -Index: openssh-7.8p1/configure.ac -=================================================================== ---- openssh-7.8p1.orig/configure.ac -+++ openssh-7.8p1/configure.ac -@@ -2626,6 +2626,7 @@ if test "x$openssl" = "xyes" ; then - AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) - ;; - 100*) ;; # 1.0.x -+ 101*) ;; # 1.1.x is supported by this patch too - 200*) ;; # LibreSSL - *) - AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")]) -Index: openssh-7.8p1/dh.c -=================================================================== ---- openssh-7.8p1.orig/dh.c -+++ openssh-7.8p1/dh.c -@@ -218,14 +218,15 @@ choose_dh(int min, int wantbits, int max - /* diffie-hellman-groupN-sha1 */ - - int --dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) -+dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) - { - int i; - int n = BN_num_bits(dh_pub); - int bits_set = 0; - BIGNUM *tmp; -+ const BIGNUM *p; - -- if (dh_pub->neg) { -+ if (BN_is_negative(dh_pub)) { - logit("invalid public DH value: negative"); - return 0; - } -@@ -238,7 +239,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) - error("%s: BN_new failed", __func__); - return 0; - } -- if (!BN_sub(tmp, dh->p, BN_value_one()) || -+ DH_get0_pqg(dh, &p, NULL, NULL); -+ if (!BN_sub(tmp, p, BN_value_one()) || - BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ - BN_clear_free(tmp); - logit("invalid public DH value: >= p-1"); -@@ -249,14 +251,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) - for (i = 0; i <= n; i++) - if (BN_is_bit_set(dh_pub, i)) - bits_set++; -- debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); -+ debug2("bits set: %d/%d", bits_set, BN_num_bits(p)); - - /* - * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial - */ - if (bits_set < 4) { - logit("invalid public DH value (%d/%d)", -- bits_set, BN_num_bits(dh->p)); -+ bits_set, BN_num_bits(p)); - return 0; - } - return 1; -@@ -266,9 +268,11 @@ int - dh_gen_key(DH *dh, int need) - { - int pbits; -+ const BIGNUM *p, *pub_key; - -- if (need < 0 || dh->p == NULL || -- (pbits = BN_num_bits(dh->p)) <= 0 || -+ DH_get0_pqg(dh, &p, NULL, NULL); -+ if (need < 0 || p == NULL || -+ (pbits = BN_num_bits(p)) <= 0 || - need > INT_MAX / 2 || 2 * need > pbits) - return SSH_ERR_INVALID_ARGUMENT; - if (need < 256) -@@ -277,11 +281,11 @@ dh_gen_key(DH *dh, int need) - * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), - * so double requested need here. - */ -- dh->length = MINIMUM(need * 2, pbits - 1); -- if (DH_generate_key(dh) == 0 || -- !dh_pub_is_valid(dh, dh->pub_key)) { -- BN_clear_free(dh->priv_key); -- dh->priv_key = NULL; -+ DH_set_length(dh, MINIMUM(need * 2, pbits - 1)); -+ if (DH_generate_key(dh) == 0) -+ return SSH_ERR_LIBCRYPTO_ERROR; -+ DH_get0_key(dh, &pub_key, NULL); -+ if (!dh_pub_is_valid(dh, pub_key)) { - return SSH_ERR_LIBCRYPTO_ERROR; - } - return 0; -@@ -291,15 +295,22 @@ DH * - dh_new_group_asc(const char *gen, const char *modulus) - { - DH *dh; -+ BIGNUM *p = NULL, *g = NULL; - -- if ((dh = DH_new()) == NULL) -- return NULL; -- if (BN_hex2bn(&dh->p, modulus) == 0 || -- BN_hex2bn(&dh->g, gen) == 0) { -- DH_free(dh); -- return NULL; -- } -+ if ((dh = DH_new()) == NULL || -+ (p = BN_new()) == NULL || -+ (g = BN_new()) == NULL) -+ goto err; -+ if (BN_hex2bn(&p, modulus) == 0 || -+ BN_hex2bn(&g, gen) == 0 || -+ DH_set0_pqg(dh, p, NULL, g) == 0) -+ goto err; - return (dh); -+err: -+ DH_free(dh); -+ BN_free(p); -+ BN_free(g); -+ return NULL; - } - - /* -@@ -314,8 +325,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu - - if ((dh = DH_new()) == NULL) - return NULL; -- dh->p = modulus; -- dh->g = gen; -+ DH_set0_pqg(dh, modulus, NULL, gen); - - return (dh); - } -Index: openssh-7.8p1/dh.h -=================================================================== ---- openssh-7.8p1.orig/dh.h -+++ openssh-7.8p1/dh.h -@@ -42,7 +42,7 @@ DH *dh_new_group18(void); - DH *dh_new_group_fallback(int); - - int dh_gen_key(DH *, int); --int dh_pub_is_valid(DH *, BIGNUM *); -+int dh_pub_is_valid(const DH *, const BIGNUM *); - - u_int dh_estimate(int); - -Index: openssh-7.8p1/digest-openssl.c -=================================================================== ---- openssh-7.8p1.orig/digest-openssl.c -+++ openssh-7.8p1/digest-openssl.c -@@ -43,7 +43,7 @@ - - struct ssh_digest_ctx { - int alg; -- EVP_MD_CTX mdctx; -+ EVP_MD_CTX *mdctx; - }; - - struct ssh_digest { -@@ -106,7 +106,7 @@ ssh_digest_bytes(int alg) - size_t - ssh_digest_blocksize(struct ssh_digest_ctx *ctx) - { -- return EVP_MD_CTX_block_size(&ctx->mdctx); -+ return EVP_MD_CTX_block_size(ctx->mdctx); - } - - struct ssh_digest_ctx * -@@ -118,8 +118,10 @@ ssh_digest_start(int alg) - if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) - return NULL; - ret->alg = alg; -- EVP_MD_CTX_init(&ret->mdctx); -- if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) { -+ ret->mdctx = EVP_MD_CTX_new(); -+ if (ret->mdctx == NULL || -+ EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) { -+ EVP_MD_CTX_free(ret->mdctx); - free(ret); - return NULL; - } -@@ -132,7 +134,7 @@ ssh_digest_copy_state(struct ssh_digest_ - if (from->alg != to->alg) - return SSH_ERR_INVALID_ARGUMENT; - /* we have bcopy-style order while openssl has memcpy-style */ -- if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) -+ if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx)) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; - } -@@ -140,7 +142,7 @@ ssh_digest_copy_state(struct ssh_digest_ - int - ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) - { -- if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) -+ if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; - } -@@ -161,7 +163,7 @@ ssh_digest_final(struct ssh_digest_ctx * - return SSH_ERR_INVALID_ARGUMENT; - if (dlen < digest->digest_len) /* No truncation allowed */ - return SSH_ERR_INVALID_ARGUMENT; -- if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) -+ if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1) - return SSH_ERR_LIBCRYPTO_ERROR; - if (l != digest->digest_len) /* sanity */ - return SSH_ERR_INTERNAL_ERROR; -@@ -172,7 +174,7 @@ void - ssh_digest_free(struct ssh_digest_ctx *ctx) - { - if (ctx != NULL) { -- EVP_MD_CTX_cleanup(&ctx->mdctx); -+ EVP_MD_CTX_free(ctx->mdctx); - explicit_bzero(ctx, sizeof(*ctx)); - free(ctx); - } -Index: openssh-7.8p1/gss-genr.c -=================================================================== ---- openssh-7.8p1.orig/gss-genr.c -+++ openssh-7.8p1/gss-genr.c -@@ -87,12 +87,12 @@ ssh_gssapi_client_mechanisms(const char - return NULL; - - return(ssh_gssapi_kex_mechs(gss_supported, ssh_gssapi_check_mechanism, -- host, client)); -+ host, client, kex)); - } - - char * - ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, -- const char *host, const char *client) { -+ const char *host, const char *client, const char *kex) { - struct sshbuf *buf; - size_t i; - int oidpos, enclen, r; -@@ -100,7 +100,8 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup - u_char digest[EVP_MAX_MD_SIZE]; - char deroid[2]; - const EVP_MD *evp_md = EVP_md5(); -- EVP_MD_CTX md; -+ EVP_MD_CTX *md; -+ char *s, *cp, *p; - - if (gss_enc2oid != NULL) { - for (i = 0; gss_enc2oid[i].encoded != NULL; i++) -@@ -114,7 +115,9 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup - if ((buf = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); - -+ md = EVP_MD_CTX_new(); - oidpos = 0; -+ s = cp = xstrdup(kex); - for (i = 0; i < gss_supported->count; i++) { - if (gss_supported->elements[i].length < 128 && - (*check)(NULL, &(gss_supported->elements[i]), host, client)) { -@@ -122,26 +125,27 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup - deroid[0] = SSH_GSS_OIDTYPE; - deroid[1] = gss_supported->elements[i].length; - -- EVP_DigestInit(&md, evp_md); -- EVP_DigestUpdate(&md, deroid, 2); -- EVP_DigestUpdate(&md, -+ EVP_MD_CTX_reset(md); -+ EVP_DigestInit(md, evp_md); -+ EVP_DigestUpdate(md, deroid, 2); -+ EVP_DigestUpdate(md, - gss_supported->elements[i].elements, - gss_supported->elements[i].length); -- EVP_DigestFinal(&md, digest, NULL); -+ EVP_DigestFinal(md, digest, NULL); - - encoded = xmalloc(EVP_MD_size(evp_md) * 2); - enclen = __b64_ntop(digest, EVP_MD_size(evp_md), - encoded, EVP_MD_size(evp_md) * 2); - - cp = strncpy(s, kex, strlen(kex)); -- for ((p = strsep(&cp, ",")); p && *p != '\0'; -+ for ((p = strsep(&cp, ",")); p && *p != '\0'; - (p = strsep(&cp, ","))) { - if (sshbuf_len(buf) != 0) - if ((r = sshbuf_put_u8(buf, ',')) !=0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - if ((r = sshbuf_put(buf, p, strlen(p))) != 0 || -- (r = sshbuf_put(buf, encoded, enclen)) != 0) -+ (r = sshbuf_put(buf, encoded, enclen)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - } -@@ -151,7 +155,8 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_sup - oidpos++; - } - } -- free(s); -+ free(s); -+ EVP_MD_CTX_free(md); - gss_enc2oid[oidpos].oid = NULL; - gss_enc2oid[oidpos].encoded = NULL; - -Index: openssh-7.8p1/includes.h -=================================================================== ---- openssh-7.8p1.orig/includes.h -+++ openssh-7.8p1/includes.h -@@ -166,6 +166,7 @@ - - #ifdef WITH_OPENSSL - #include /* For OPENSSL_VERSION_NUMBER */ -+#include "libcrypto-compat.h" - #endif - - #include "defines.h" -Index: openssh-7.8p1/kexdhc.c -=================================================================== ---- openssh-7.8p1.orig/kexdhc.c -+++ openssh-7.8p1/kexdhc.c -@@ -56,6 +56,7 @@ kexdh_client(struct ssh *ssh) - { - struct kex *kex = ssh->kex; - int r; -+ const BIGNUM *pub_key; - - /* generate and send 'e', client DH public key */ - switch (kex->kex_type) { -@@ -81,21 +82,27 @@ kexdh_client(struct ssh *ssh) - goto out; - } - debug("sending SSH2_MSG_KEXDH_INIT"); -- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || -- (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || -+ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) -+ goto out; -+ DH_get0_key(kex->dh, &pub_key, NULL); -+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - #ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, kex->dh); - fprintf(stderr, "pub= "); -- BN_print_fp(stderr, kex->dh->pub_key); -+ BN_print_fp(stderr, pub_key); - fprintf(stderr, "\n"); - #endif - debug("expecting SSH2_MSG_KEXDH_REPLY"); - ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_REPLY, &input_kex_dh); - r = 0; - out: -+ if (r != 0) { -+ DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -109,6 +116,7 @@ input_kex_dh(int type, u_int32_t seq, st - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t klen = 0, slen, sbloblen, hashlen; - int kout, r; -+ const BIGNUM *pub_key; - - if (kex->verify_host_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; -@@ -168,6 +176,7 @@ input_kex_dh(int type, u_int32_t seq, st - #endif - - /* calc and verify H */ -+ DH_get0_key(kex->dh, &pub_key, NULL); - hashlen = sizeof(hash); - if ((r = kex_dh_hash( - kex->hash_alg, -@@ -176,7 +185,7 @@ input_kex_dh(int type, u_int32_t seq, st - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, -- kex->dh->pub_key, -+ pub_key, - dh_server_pub, - shared_secret, - hash, &hashlen)) != 0) -Index: openssh-7.8p1/kexdhs.c -=================================================================== ---- openssh-7.8p1.orig/kexdhs.c -+++ openssh-7.8p1/kexdhs.c -@@ -87,6 +87,10 @@ kexdh_server(struct ssh *ssh) - ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); - r = 0; - out: -+ if (r != 0) { -+ DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -101,6 +105,7 @@ input_kex_dh_init(int type, u_int32_t se - size_t sbloblen, slen; - size_t klen = 0, hashlen; - int kout, r; -+ const BIGNUM *pub_key; - - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { -@@ -163,6 +168,7 @@ input_kex_dh_init(int type, u_int32_t se - goto out; - /* calc H */ - hashlen = sizeof(hash); -+ DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = kex_dh_hash( - kex->hash_alg, - kex->client_version_string, -@@ -171,7 +177,7 @@ input_kex_dh_init(int type, u_int32_t se - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - dh_client_pub, -- kex->dh->pub_key, -+ pub_key, - shared_secret, - hash, &hashlen)) != 0) - goto out; -@@ -197,7 +203,7 @@ input_kex_dh_init(int type, u_int32_t se - /* send server hostkey, DH pubkey 'f' and signed H */ - if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; -Index: openssh-7.8p1/kexgexc.c -=================================================================== ---- openssh-7.8p1.orig/kexgexc.c -+++ openssh-7.8p1/kexgexc.c -@@ -96,6 +96,7 @@ input_kex_dh_gex_group(int type, u_int32 - struct kex *kex = ssh->kex; - BIGNUM *p = NULL, *g = NULL; - int r, bits; -+ const BIGNUM *pub_key; - - debug("got SSH2_MSG_KEX_DH_GEX_GROUP"); - -@@ -126,16 +127,18 @@ input_kex_dh_gex_group(int type, u_int32 - p = g = NULL; /* belong to kex->dh now */ - - /* generate and send 'e', client DH public key */ -- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || -- (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || -+ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) -+ goto out; -+ DH_get0_key(kex->dh, &pub_key, NULL); -+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); - #ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, kex->dh); - fprintf(stderr, "pub= "); -- BN_print_fp(stderr, kex->dh->pub_key); -+ BN_print_fp(stderr, pub_key); - fprintf(stderr, "\n"); - #endif - ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL); -@@ -144,6 +147,10 @@ input_kex_dh_gex_group(int type, u_int32 - out: - BN_clear_free(p); - BN_clear_free(g); -+ if (r != 0) { -+ DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -157,6 +164,7 @@ input_kex_dh_gex_reply(int type, u_int32 - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t klen = 0, slen, sbloblen, hashlen; - int kout, r; -+ const BIGNUM *p, *g, *pub_key; - - debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); - if (kex->verify_host_key == NULL) { -@@ -219,6 +227,8 @@ input_kex_dh_gex_reply(int type, u_int32 - kex->min = kex->max = -1; - - /* calc and verify H */ -+ DH_get0_pqg(kex->dh, &p, NULL, &g); -+ DH_get0_key(kex->dh, &pub_key, NULL); - hashlen = sizeof(hash); - if ((r = kexgex_hash( - kex->hash_alg, -@@ -228,8 +238,8 @@ input_kex_dh_gex_reply(int type, u_int32 - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, - kex->min, kex->nbits, kex->max, -- kex->dh->p, kex->dh->g, -- kex->dh->pub_key, -+ p, g, -+ pub_key, - dh_server_pub, - shared_secret, - hash, &hashlen)) != 0) -Index: openssh-7.8p1/kexgexs.c -=================================================================== ---- openssh-7.8p1.orig/kexgexs.c -+++ openssh-7.8p1/kexgexs.c -@@ -74,6 +74,7 @@ input_kex_dh_gex_request(int type, u_int - struct kex *kex = ssh->kex; - int r; - u_int min = 0, max = 0, nbits = 0; -+ const BIGNUM *p, *g; - - debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); - if ((r = sshpkt_get_u32(ssh, &min)) != 0 || -@@ -109,9 +110,10 @@ input_kex_dh_gex_request(int type, u_int - goto out; - } - debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); -+ DH_get0_pqg(kex->dh, &p, NULL, &g); - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, p)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, g)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - -@@ -123,6 +125,10 @@ input_kex_dh_gex_request(int type, u_int - ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); - r = 0; - out: -+ if (r != 0) { -+ DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -137,6 +143,7 @@ input_kex_dh_gex_init(int type, u_int32_ - size_t sbloblen, slen; - size_t klen = 0, hashlen; - int kout, r; -+ const BIGNUM *p, *g, *pub_key; - - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { -@@ -199,6 +206,8 @@ input_kex_dh_gex_init(int type, u_int32_ - goto out; - /* calc H */ - hashlen = sizeof(hash); -+ DH_get0_pqg(kex->dh, &p, NULL, &g); -+ DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = kexgex_hash( - kex->hash_alg, - kex->client_version_string, -@@ -207,9 +216,9 @@ input_kex_dh_gex_init(int type, u_int32_ - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - kex->min, kex->nbits, kex->max, -- kex->dh->p, kex->dh->g, -+ p, g, - dh_client_pub, -- kex->dh->pub_key, -+ pub_key, - shared_secret, - hash, &hashlen)) != 0) - goto out; -@@ -235,7 +244,7 @@ input_kex_dh_gex_init(int type, u_int32_ - /* send server hostkey, DH pubkey 'f' and signed H */ - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; -Index: openssh-7.8p1/kexgssc.c -=================================================================== ---- openssh-7.8p1.orig/kexgssc.c -+++ openssh-7.8p1/kexgssc.c -@@ -61,6 +61,7 @@ kexgss_client(struct ssh *ssh) - BIGNUM *shared_secret = NULL; - BIGNUM *p = NULL; - BIGNUM *g = NULL; -+ const BIGNUM *pub_key, *p1, *g1; - u_char *kbuf; - u_char *serverhostkey = NULL; - u_char *empty = ""; -@@ -126,6 +127,7 @@ kexgss_client(struct ssh *ssh) - - /* Step 1 - e is dh->pub_key */ - dh_gen_key(dh, ssh->kex->we_need * 8); -+ DH_get0_key(dh, &pub_key, NULL); - - /* This is f, we initialise it now to make life easier */ - dh_server_pub = BN_new(); -@@ -173,7 +175,7 @@ kexgss_client(struct ssh *ssh) - packet_start(SSH2_MSG_KEXGSS_INIT); - packet_put_string(send_tok.value, - send_tok.length); -- packet_put_bignum2(dh->pub_key); -+ packet_put_bignum2((BIGNUM *)pub_key); - first = 0; - } else { - packet_start(SSH2_MSG_KEXGSS_CONTINUE); -@@ -284,13 +286,14 @@ kexgss_client(struct ssh *ssh) - sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my), - sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer), - (serverhostkey ? serverhostkey : empty), slen, -- dh->pub_key, /* e */ -+ pub_key, /* e */ - dh_server_pub, /* f */ - shared_secret, /* K */ - hash, &hashlen - ); - break; - case KEX_GSS_GEX_SHA1: -+ DH_get0_pqg(dh, &p1, NULL, &g1); - kexgex_hash( - ssh->kex->hash_alg, - ssh->kex->client_version_string, -@@ -299,8 +302,8 @@ kexgss_client(struct ssh *ssh) - sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer), - (serverhostkey ? serverhostkey : empty), slen, - min, nbits, max, -- dh->p, dh->g, -- dh->pub_key, -+ p1, g1, -+ pub_key, - dh_server_pub, - shared_secret, - hash, &hashlen -Index: openssh-7.8p1/kexgsss.c -=================================================================== ---- openssh-7.8p1.orig/kexgsss.c -+++ openssh-7.8p1/kexgsss.c -@@ -78,6 +78,7 @@ kexgss_server(struct ssh *ssh) - char *mechs; - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t hashlen; -+ const BIGNUM *p, *g, *pub_key; - - /* Initialise GSSAPI */ - -@@ -130,9 +131,10 @@ kexgss_server(struct ssh *ssh) - if (dh == NULL) - packet_disconnect("Protocol error: no matching group found"); - -+ DH_get0_pqg(dh, &p, NULL, &g); - packet_start(SSH2_MSG_KEXGSS_GROUP); -- packet_put_bignum2(dh->p); -- packet_put_bignum2(dh->g); -+ packet_put_bignum2((BIGNUM *)p); -+ packet_put_bignum2((BIGNUM *)g); - packet_send(); - - packet_write_wait(); -@@ -224,6 +226,7 @@ kexgss_server(struct ssh *ssh) - memset(kbuf, 0, klen); - free(kbuf); - -+ DH_get0_key(dh, &pub_key, NULL); - hashlen = sizeof(hash); - switch (ssh->kex->kex_type) { - case KEX_GSS_GRP1_SHA1: -@@ -234,7 +237,7 @@ kexgss_server(struct ssh *ssh) - sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer), - sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my), - NULL, 0, /* Change this if we start sending host keys */ -- dh_client_pub, dh->pub_key, shared_secret, -+ dh_client_pub, pub_key, shared_secret, - hash, &hashlen - ); - break; -@@ -246,9 +249,9 @@ kexgss_server(struct ssh *ssh) - sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my), - NULL, 0, - cmin, nbits, cmax, -- dh->p, dh->g, -+ p, g, - dh_client_pub, -- dh->pub_key, -+ pub_key, - shared_secret, - hash, &hashlen - ); -@@ -272,7 +275,7 @@ kexgss_server(struct ssh *ssh) - fatal("Couldn't get MIC"); - - packet_start(SSH2_MSG_KEXGSS_COMPLETE); -- packet_put_bignum2(dh->pub_key); -+ packet_put_bignum2((BIGNUM *)pub_key); - packet_put_string(msg_tok.value,msg_tok.length); - - if (send_tok.length != 0) { -Index: openssh-7.8p1/libcrypto-compat.c -=================================================================== ---- /dev/null -+++ openssh-7.8p1/libcrypto-compat.c -@@ -0,0 +1,428 @@ -+/* -+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include "includes.h" -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ -+#include -+#include -+ -+static void *OPENSSL_zalloc(size_t num) -+{ -+ void *ret = OPENSSL_malloc(num); -+ -+ if (ret != NULL) -+ memset(ret, 0, num); -+ return ret; -+} -+ -+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) -+{ -+ /* If the fields n and e in r are NULL, the corresponding input -+ * parameters MUST be non-NULL for n and e. d may be -+ * left NULL (in case only the public key is used). -+ */ -+ if ((r->n == NULL && n == NULL) -+ || (r->e == NULL && e == NULL)) -+ return 0; -+ -+ if (n != NULL) { -+ BN_clear_free(r->n); -+ r->n = n; -+ } -+ if (e != NULL) { -+ BN_clear_free(r->e); -+ r->e = e; -+ } -+ if (d != NULL) { -+ BN_clear_free(r->d); -+ r->d = d; -+ } -+ -+ return 1; -+} -+ -+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) -+{ -+ /* If the fields p and q in r are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((r->p == NULL && p == NULL) -+ || (r->q == NULL && q == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_clear_free(r->p); -+ r->p = p; -+ } -+ if (q != NULL) { -+ BN_clear_free(r->q); -+ r->q = q; -+ } -+ -+ return 1; -+} -+ -+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) -+{ -+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((r->dmp1 == NULL && dmp1 == NULL) -+ || (r->dmq1 == NULL && dmq1 == NULL) -+ || (r->iqmp == NULL && iqmp == NULL)) -+ return 0; -+ -+ if (dmp1 != NULL) { -+ BN_clear_free(r->dmp1); -+ r->dmp1 = dmp1; -+ } -+ if (dmq1 != NULL) { -+ BN_clear_free(r->dmq1); -+ r->dmq1 = dmq1; -+ } -+ if (iqmp != NULL) { -+ BN_clear_free(r->iqmp); -+ r->iqmp = iqmp; -+ } -+ -+ return 1; -+} -+ -+void RSA_get0_key(const RSA *r, -+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) -+{ -+ if (n != NULL) -+ *n = r->n; -+ if (e != NULL) -+ *e = r->e; -+ if (d != NULL) -+ *d = r->d; -+} -+ -+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) -+{ -+ if (p != NULL) -+ *p = r->p; -+ if (q != NULL) -+ *q = r->q; -+} -+ -+void RSA_get0_crt_params(const RSA *r, -+ const BIGNUM **dmp1, const BIGNUM **dmq1, -+ const BIGNUM **iqmp) -+{ -+ if (dmp1 != NULL) -+ *dmp1 = r->dmp1; -+ if (dmq1 != NULL) -+ *dmq1 = r->dmq1; -+ if (iqmp != NULL) -+ *iqmp = r->iqmp; -+} -+ -+void DSA_get0_pqg(const DSA *d, -+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -+{ -+ if (p != NULL) -+ *p = d->p; -+ if (q != NULL) -+ *q = d->q; -+ if (g != NULL) -+ *g = d->g; -+} -+ -+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p, q and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((d->p == NULL && p == NULL) -+ || (d->q == NULL && q == NULL) -+ || (d->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_clear_free(d->p); -+ d->p = p; -+ } -+ if (q != NULL) { -+ BN_clear_free(d->q); -+ d->q = q; -+ } -+ if (g != NULL) { -+ BN_clear_free(d->g); -+ d->g = g; -+ } -+ -+ return 1; -+} -+ -+void DSA_get0_key(const DSA *d, -+ const BIGNUM **pub_key, const BIGNUM **priv_key) -+{ -+ if (pub_key != NULL) -+ *pub_key = d->pub_key; -+ if (priv_key != NULL) -+ *priv_key = d->priv_key; -+} -+ -+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) -+{ -+ /* If the field pub_key in d is NULL, the corresponding input -+ * parameters MUST be non-NULL. The priv_key field may -+ * be left NULL. -+ */ -+ if (d->pub_key == NULL && pub_key == NULL) -+ return 0; -+ -+ if (pub_key != NULL) { -+ BN_clear_free(d->pub_key); -+ d->pub_key = pub_key; -+ } -+ if (priv_key != NULL) { -+ BN_clear_free(d->priv_key); -+ d->priv_key = priv_key; -+ } -+ -+ return 1; -+} -+ -+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -+{ -+ if (pr != NULL) -+ *pr = sig->r; -+ if (ps != NULL) -+ *ps = sig->s; -+} -+ -+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) -+{ -+ if (r == NULL || s == NULL) -+ return 0; -+ BN_clear_free(sig->r); -+ BN_clear_free(sig->s); -+ sig->r = r; -+ sig->s = s; -+ return 1; -+} -+ -+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -+{ -+ if (pr != NULL) -+ *pr = sig->r; -+ if (ps != NULL) -+ *ps = sig->s; -+} -+ -+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) -+{ -+ if (r == NULL || s == NULL) -+ return 0; -+ BN_clear_free(sig->r); -+ BN_clear_free(sig->s); -+ sig->r = r; -+ sig->s = s; -+ return 1; -+} -+ -+void DH_get0_pqg(const DH *dh, -+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -+{ -+ if (p != NULL) -+ *p = dh->p; -+ if (q != NULL) -+ *q = dh->q; -+ if (g != NULL) -+ *g = dh->g; -+} -+ -+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. q may remain NULL. -+ */ -+ if ((dh->p == NULL && p == NULL) -+ || (dh->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_clear_free(dh->p); -+ dh->p = p; -+ } -+ if (q != NULL) { -+ BN_clear_free(dh->q); -+ dh->q = q; -+ } -+ if (g != NULL) { -+ BN_clear_free(dh->g); -+ dh->g = g; -+ } -+ -+ if (q != NULL) { -+ dh->length = BN_num_bits(q); -+ } -+ -+ return 1; -+} -+ -+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) -+{ -+ if (pub_key != NULL) -+ *pub_key = dh->pub_key; -+ if (priv_key != NULL) -+ *priv_key = dh->priv_key; -+} -+ -+int DH_set_length(DH *dh, long length) -+{ -+ dh->length = length; -+ return 1; -+} -+ -+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) -+{ -+ return ctx->iv; -+} -+ -+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) -+{ -+ return ctx->iv; -+} -+ -+EVP_MD_CTX *EVP_MD_CTX_new(void) -+{ -+ return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); -+} -+ -+static void OPENSSL_clear_free(void *str, size_t num) -+{ -+ if (str == NULL) -+ return; -+ if (num) -+ OPENSSL_cleanse(str, num); -+ OPENSSL_free(str); -+} -+ -+/* This call frees resources associated with the context */ -+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) -+{ -+ if (ctx == NULL) -+ return 1; -+ -+ /* -+ * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because -+ * sometimes only copies of the context are ever finalised. -+ */ -+ if (ctx->digest && ctx->digest->cleanup -+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) -+ ctx->digest->cleanup(ctx); -+ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data -+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { -+ OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); -+ } -+ EVP_PKEY_CTX_free(ctx->pctx); -+#ifndef OPENSSL_NO_ENGINE -+ ENGINE_finish(ctx->engine); -+#endif -+ OPENSSL_cleanse(ctx, sizeof(*ctx)); -+ -+ return 1; -+} -+ -+void EVP_MD_CTX_free(EVP_MD_CTX *ctx) -+{ -+ EVP_MD_CTX_reset(ctx); -+ OPENSSL_free(ctx); -+} -+ -+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) -+{ -+ RSA_METHOD *ret; -+ -+ ret = OPENSSL_malloc(sizeof(RSA_METHOD)); -+ -+ if (ret != NULL) { -+ memcpy(ret, meth, sizeof(*meth)); -+ ret->name = OPENSSL_strdup(meth->name); -+ if (ret->name == NULL) { -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ } -+ -+ return ret; -+} -+ -+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) -+{ -+ char *tmpname; -+ -+ tmpname = OPENSSL_strdup(name); -+ if (tmpname == NULL) { -+ return 0; -+ } -+ -+ OPENSSL_free((char *)meth->name); -+ meth->name = tmpname; -+ -+ return 1; -+} -+ -+int RSA_meth_set_priv_enc(RSA_METHOD *meth, -+ int (*priv_enc) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, -+ int padding)) -+{ -+ meth->rsa_priv_enc = priv_enc; -+ return 1; -+} -+ -+int RSA_meth_set_priv_dec(RSA_METHOD *meth, -+ int (*priv_dec) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, -+ int padding)) -+{ -+ meth->rsa_priv_dec = priv_dec; -+ return 1; -+} -+ -+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) -+{ -+ meth->finish = finish; -+ return 1; -+} -+ -+void RSA_meth_free(RSA_METHOD *meth) -+{ -+ if (meth != NULL) { -+ OPENSSL_free((char *)meth->name); -+ OPENSSL_free(meth); -+ } -+} -+ -+int RSA_bits(const RSA *r) -+{ -+ return (BN_num_bits(r->n)); -+} -+ -+int DSA_bits(const DSA *dsa) -+{ -+ return BN_num_bits(dsa->p); -+} -+ -+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) -+{ -+ if (pkey->type != EVP_PKEY_RSA) { -+ return NULL; -+ } -+ return pkey->pkey.rsa; -+} -+ -+#endif /* OPENSSL_VERSION_NUMBER */ -Index: openssh-7.8p1/libcrypto-compat.h -=================================================================== ---- /dev/null -+++ openssh-7.8p1/libcrypto-compat.h -@@ -0,0 +1,59 @@ -+#ifndef LIBCRYPTO_COMPAT_H -+#define LIBCRYPTO_COMPAT_H -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ -+#include -+#include -+#include -+#include -+#include -+ -+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); -+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); -+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); -+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); -+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); -+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); -+ -+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); -+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); -+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); -+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); -+ -+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); -+ -+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); -+ -+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); -+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); -+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); -+int DH_set_length(DH *dh, long length); -+ -+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); -+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); -+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); -+EVP_MD_CTX *EVP_MD_CTX_new(void); -+void EVP_MD_CTX_free(EVP_MD_CTX *ctx); -+#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size -+#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data -+ -+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); -+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); -+#define RSA_meth_get_finish(meth) meth->finish -+int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); -+int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); -+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)); -+void RSA_meth_free(RSA_METHOD *meth); -+ -+int RSA_bits(const RSA *r); -+int DSA_bits(const DSA *d); -+ -+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); -+ -+#endif /* OPENSSL_VERSION_NUMBER */ -+ -+#endif /* LIBCRYPTO_COMPAT_H */ -+ -Index: openssh-7.8p1/monitor.c -=================================================================== ---- openssh-7.8p1.orig/monitor.c -+++ openssh-7.8p1/monitor.c -@@ -624,9 +624,12 @@ mm_answer_moduli(int sock, struct sshbuf - return (0); - } else { - /* Send first bignum */ -+ const BIGNUM *p, *g; -+ -+ DH_get0_pqg(dh, &p, NULL, &g); - if ((r = sshbuf_put_u8(m, 1)) != 0 || -- (r = sshbuf_put_bignum2(m, dh->p)) != 0 || -- (r = sshbuf_put_bignum2(m, dh->g)) != 0) -+ (r = sshbuf_put_bignum2(m, p)) != 0 || -+ (r = sshbuf_put_bignum2(m, g)) != 0) - fatal("%s: buffer error: %s", __func__, ssh_err(r)); - - DH_free(dh); -Index: openssh-7.8p1/openbsd-compat/openssl-compat.c -=================================================================== ---- openssh-7.8p1.orig/openbsd-compat/openssl-compat.c -+++ openssh-7.8p1/openbsd-compat/openssl-compat.c -@@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, l - void - ssh_OpenSSL_add_all_algorithms(void) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - OpenSSL_add_all_algorithms(); - - /* Enable use of crypto hardware */ - ENGINE_load_builtin_engines(); -+#if OPENSSL_VERSION_NUMBER < 0x10001000L - ENGINE_register_all_complete(); -+#endif - OPENSSL_config(NULL); -+#else -+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS | -+ OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); -+#endif - } - #endif - -Index: openssh-7.8p1/regress/unittests/sshkey/test_file.c -=================================================================== ---- openssh-7.8p1.orig/regress/unittests/sshkey/test_file.c -+++ openssh-7.8p1/regress/unittests/sshkey/test_file.c -@@ -46,6 +46,7 @@ sshkey_file_tests(void) - struct sshbuf *buf, *pw; - BIGNUM *a, *b, *c; - char *cp; -+ const BIGNUM *n, *p, *q, *g, *pub_key, *priv_key; - - TEST_START("load passphrase"); - pw = load_text_file("pw"); -@@ -60,9 +61,11 @@ sshkey_file_tests(void) - a = load_bignum("rsa_1.param.n"); - b = load_bignum("rsa_1.param.p"); - c = load_bignum("rsa_1.param.q"); -- ASSERT_BIGNUM_EQ(k1->rsa->n, a); -- ASSERT_BIGNUM_EQ(k1->rsa->p, b); -- ASSERT_BIGNUM_EQ(k1->rsa->q, c); -+ RSA_get0_key(k1->rsa, &n, NULL, NULL); -+ RSA_get0_factors(k1->rsa, &p, &q); -+ ASSERT_BIGNUM_EQ(n, a); -+ ASSERT_BIGNUM_EQ(p, b); -+ ASSERT_BIGNUM_EQ(q, c); - BN_free(a); - BN_free(b); - BN_free(c); -@@ -151,9 +154,11 @@ sshkey_file_tests(void) - a = load_bignum("dsa_1.param.g"); - b = load_bignum("dsa_1.param.priv"); - c = load_bignum("dsa_1.param.pub"); -- ASSERT_BIGNUM_EQ(k1->dsa->g, a); -- ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); -- ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); -+ DSA_get0_pqg(k1->dsa, NULL, NULL, &g); -+ DSA_get0_key(k1->dsa, &pub_key, &priv_key); -+ ASSERT_BIGNUM_EQ(g, a); -+ ASSERT_BIGNUM_EQ(priv_key, b); -+ ASSERT_BIGNUM_EQ(pub_key, c); - BN_free(a); - BN_free(b); - BN_free(c); -Index: openssh-7.8p1/regress/unittests/sshkey/test_sshkey.c -=================================================================== ---- openssh-7.8p1.orig/regress/unittests/sshkey/test_sshkey.c -+++ openssh-7.8p1/regress/unittests/sshkey/test_sshkey.c -@@ -197,9 +197,6 @@ sshkey_tests(void) - k1 = sshkey_new(KEY_RSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_EQ(k1->rsa->p, NULL); - sshkey_free(k1); - TEST_DONE(); - -@@ -207,8 +204,6 @@ sshkey_tests(void) - k1 = sshkey_new(KEY_DSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->dsa, NULL); -- ASSERT_PTR_NE(k1->dsa->g, NULL); -- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); - sshkey_free(k1); - TEST_DONE(); - -@@ -234,9 +229,6 @@ sshkey_tests(void) - k1 = sshkey_new_private(KEY_RSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_NE(k1->rsa->p, NULL); - ASSERT_INT_EQ(sshkey_add_private(k1), 0); - sshkey_free(k1); - TEST_DONE(); -@@ -245,8 +237,6 @@ sshkey_tests(void) - k1 = sshkey_new_private(KEY_DSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->dsa, NULL); -- ASSERT_PTR_NE(k1->dsa->g, NULL); -- ASSERT_PTR_NE(k1->dsa->priv_key, NULL); - ASSERT_INT_EQ(sshkey_add_private(k1), 0); - sshkey_free(k1); - TEST_DONE(); -@@ -285,18 +275,13 @@ sshkey_tests(void) - ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0); - ASSERT_PTR_NE(kr, NULL); - ASSERT_PTR_NE(kr->rsa, NULL); -- ASSERT_PTR_NE(kr->rsa->n, NULL); -- ASSERT_PTR_NE(kr->rsa->e, NULL); -- ASSERT_PTR_NE(kr->rsa->p, NULL); -- ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024); -+ ASSERT_INT_EQ(RSA_bits(kr->rsa), 1024); - TEST_DONE(); - - TEST_START("generate KEY_DSA"); - ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); - ASSERT_PTR_NE(kd, NULL); - ASSERT_PTR_NE(kd->dsa, NULL); -- ASSERT_PTR_NE(kd->dsa->g, NULL); -- ASSERT_PTR_NE(kd->dsa->priv_key, NULL); - TEST_DONE(); - - #ifdef OPENSSL_HAS_ECC -@@ -323,9 +308,6 @@ sshkey_tests(void) - ASSERT_PTR_NE(kr, k1); - ASSERT_INT_EQ(k1->type, KEY_RSA); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_EQ(k1->rsa->p, NULL); - TEST_DONE(); - - TEST_START("equal KEY_RSA/demoted KEY_RSA"); -@@ -339,8 +321,6 @@ sshkey_tests(void) - ASSERT_PTR_NE(kd, k1); - ASSERT_INT_EQ(k1->type, KEY_DSA); - ASSERT_PTR_NE(k1->dsa, NULL); -- ASSERT_PTR_NE(k1->dsa->g, NULL); -- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); - TEST_DONE(); - - TEST_START("equal KEY_DSA/demoted KEY_DSA"); -Index: openssh-7.8p1/ssh-dss.c -=================================================================== ---- openssh-7.8p1.orig/ssh-dss.c -+++ openssh-7.8p1/ssh-dss.c -@@ -55,6 +55,7 @@ ssh_dss_sign(const struct sshkey *key, u - size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); - struct sshbuf *b = NULL; - int ret = SSH_ERR_INVALID_ARGUMENT; -+ const BIGNUM *r, *s; - - if (lenp != NULL) - *lenp = 0; -@@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u - goto out; - } - -- rlen = BN_num_bytes(sig->r); -- slen = BN_num_bytes(sig->s); -+ DSA_SIG_get0(sig, &r, &s); -+ rlen = BN_num_bytes(r); -+ slen = BN_num_bytes(s); - if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { - ret = SSH_ERR_INTERNAL_ERROR; - goto out; - } - explicit_bzero(sigblob, SIGBLOB_LEN); -- BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); -- BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); -+ BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); -+ BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen); - - if ((b = sshbuf_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; -@@ -123,6 +125,7 @@ ssh_dss_verify(const struct sshkey *key, - int ret = SSH_ERR_INTERNAL_ERROR; - struct sshbuf *b = NULL; - char *ktype = NULL; -+ BIGNUM *r = NULL, *s = NULL; - - if (key == NULL || key->dsa == NULL || - sshkey_type_plain(key->type) != KEY_DSA || -@@ -155,16 +158,19 @@ ssh_dss_verify(const struct sshkey *key, - - /* parse signature */ - if ((sig = DSA_SIG_new()) == NULL || -- (sig->r = BN_new()) == NULL || -- (sig->s = BN_new()) == NULL) { -+ (r = BN_new()) == NULL || -+ (s = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || -- (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) { -+ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || -+ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL) || -+ (DSA_SIG_set0(sig, r, s) == 0)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } -+ r = NULL; -+ s = NULL; - - /* sha1 the data */ - if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, -@@ -185,6 +191,8 @@ ssh_dss_verify(const struct sshkey *key, - - out: - explicit_bzero(digest, sizeof(digest)); -+ BN_free(r); -+ BN_free(s); - DSA_SIG_free(sig); - sshbuf_free(b); - free(ktype); -Index: openssh-7.8p1/ssh-ecdsa.c -=================================================================== ---- openssh-7.8p1.orig/ssh-ecdsa.c -+++ openssh-7.8p1/ssh-ecdsa.c -@@ -54,6 +54,7 @@ ssh_ecdsa_sign(const struct sshkey *key, - size_t len, dlen; - struct sshbuf *b = NULL, *bb = NULL; - int ret = SSH_ERR_INTERNAL_ERROR; -+ const BIGNUM *r, *s; - - if (lenp != NULL) - *lenp = 0; -@@ -80,8 +81,9 @@ ssh_ecdsa_sign(const struct sshkey *key, - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 || -- (ret = sshbuf_put_bignum2(bb, sig->s)) != 0) -+ ECDSA_SIG_get0(sig, &r, &s); -+ if ((ret = sshbuf_put_bignum2(bb, r)) != 0 || -+ (ret = sshbuf_put_bignum2(bb, s)) != 0) - goto out; - if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || - (ret = sshbuf_put_stringb(b, bb)) != 0) -@@ -118,6 +120,7 @@ ssh_ecdsa_verify(const struct sshkey *ke - int ret = SSH_ERR_INTERNAL_ERROR; - struct sshbuf *b = NULL, *sigbuf = NULL; - char *ktype = NULL; -+ BIGNUM *r = NULL, *s = NULL; - - if (key == NULL || key->ecdsa == NULL || - sshkey_type_plain(key->type) != KEY_ECDSA || -@@ -146,15 +149,23 @@ ssh_ecdsa_verify(const struct sshkey *ke - } - - /* parse signature */ -- if ((sig = ECDSA_SIG_new()) == NULL) { -+ if ((sig = ECDSA_SIG_new()) == NULL || -+ (r = BN_new()) == NULL || -+ (s = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 || -- sshbuf_get_bignum2(sigbuf, sig->s) != 0) { -+ if (sshbuf_get_bignum2(sigbuf, r) != 0 || -+ sshbuf_get_bignum2(sigbuf, s) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } -+ if (ECDSA_SIG_set0(sig, r, s) == 0) { -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+ goto out; -+ } -+ r = NULL; -+ s = NULL; - if (sshbuf_len(sigbuf) != 0) { - ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; - goto out; -@@ -179,6 +190,8 @@ ssh_ecdsa_verify(const struct sshkey *ke - explicit_bzero(digest, sizeof(digest)); - sshbuf_free(sigbuf); - sshbuf_free(b); -+ BN_free(r); -+ BN_free(s); - ECDSA_SIG_free(sig); - free(ktype); - return ret; -Index: openssh-7.8p1/ssh-keygen.c -=================================================================== ---- openssh-7.8p1.orig/ssh-keygen.c -+++ openssh-7.8p1/ssh-keygen.c -@@ -495,40 +495,67 @@ do_convert_private_ssh2_from_blob(u_char - free(type); - - switch (key->type) { -- case KEY_DSA: -- buffer_get_bignum_bits(b, key->dsa->p); -- buffer_get_bignum_bits(b, key->dsa->g); -- buffer_get_bignum_bits(b, key->dsa->q); -- buffer_get_bignum_bits(b, key->dsa->pub_key); -- buffer_get_bignum_bits(b, key->dsa->priv_key); -+ case KEY_DSA: { -+ BIGNUM *p = NULL, *g = NULL, *q = NULL, *pub_key = NULL, *priv_key = NULL; -+ -+ if ((p = BN_new()) == NULL || -+ (g = BN_new()) == NULL || -+ (q = BN_new()) == NULL || -+ (pub_key = BN_new()) == NULL || -+ (priv_key = BN_new()) == NULL) -+ fatal("BN_new() failed"); -+ buffer_get_bignum_bits(b, p); -+ buffer_get_bignum_bits(b, g); -+ buffer_get_bignum_bits(b, q); -+ buffer_get_bignum_bits(b, pub_key); -+ buffer_get_bignum_bits(b, priv_key); -+ if (DSA_set0_pqg(key->dsa, p, q, g) == 0 || -+ DSA_set0_key(key->dsa, pub_key, priv_key) == 0) { -+ fatal("failed to set DSA key"); -+ } -+ } - break; -- case KEY_RSA: -- if ((r = sshbuf_get_u8(b, &e1)) != 0 || -- (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) || -- (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0)) -- fatal("%s: buffer error: %s", __func__, ssh_err(r)); -- e = e1; -- debug("e %lx", e); -- if (e < 30) { -- e <<= 8; -- e += e2; -- debug("e %lx", e); -- e <<= 8; -- e += e3; -+ case KEY_RSA: { -+ BIGNUM *bn_e = NULL, *bn_d = NULL, *bn_n = NULL, *bn_iqmp = NULL, *bn_p = NULL, *bn_q = NULL; -+ -+ if ((bn_e = BN_new()) == NULL || -+ (bn_d = BN_new()) == NULL || -+ (bn_n = BN_new()) == NULL || -+ (bn_iqmp = BN_new()) == NULL || -+ (bn_p = BN_new()) == NULL || -+ (bn_q = BN_new()) == NULL) -+ fatal("BN_new() failed"); -+ -+ if ((r = sshbuf_get_u8(b, &e1)) != 0 || -+ (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) || -+ (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0)) -+ fatal("%s: buffer error: %s", __func__, ssh_err(r)); -+ e = e1; - debug("e %lx", e); -+ if (e < 30) { -+ e <<= 8; -+ e += e2; -+ debug("e %lx", e); -+ e <<= 8; -+ e += e3; -+ debug("e %lx", e); -+ } -+ if (!BN_set_word(bn_e, e)) { -+ sshbuf_free(b); -+ sshkey_free(key); -+ return NULL; -+ } -+ buffer_get_bignum_bits(b, bn_d); -+ buffer_get_bignum_bits(b, bn_n); -+ buffer_get_bignum_bits(b, bn_iqmp); -+ buffer_get_bignum_bits(b, bn_q); -+ buffer_get_bignum_bits(b, bn_p); -+ if (RSA_set0_key(key->rsa, bn_n, bn_e, bn_d) == 0 || -+ RSA_set0_factors(key->rsa, bn_p, bn_q) == 0) -+ fatal("Failed to set RSA parameters"); -+ if ((r = ssh_rsa_generate_additional_parameters(key, bn_iqmp)) != 0) -+ fatal("generate RSA parameters failed: %s", ssh_err(r)); - } -- if (!BN_set_word(key->rsa->e, e)) { -- sshbuf_free(b); -- sshkey_free(key); -- return NULL; -- } -- buffer_get_bignum_bits(b, key->rsa->d); -- buffer_get_bignum_bits(b, key->rsa->n); -- buffer_get_bignum_bits(b, key->rsa->iqmp); -- buffer_get_bignum_bits(b, key->rsa->q); -- buffer_get_bignum_bits(b, key->rsa->p); -- if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) -- fatal("generate RSA parameters failed: %s", ssh_err(r)); - break; - } - rlen = sshbuf_len(b); -@@ -636,7 +663,7 @@ do_convert_from_pkcs8(struct sshkey **k, - identity_file); - } - fclose(fp); -- switch (EVP_PKEY_type(pubkey->type)) { -+ switch (EVP_PKEY_base_id(pubkey)) { - case EVP_PKEY_RSA: - if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); -@@ -660,7 +687,7 @@ do_convert_from_pkcs8(struct sshkey **k, - #endif - default: - fatal("%s: unsupported pubkey type %d", __func__, -- EVP_PKEY_type(pubkey->type)); -+ EVP_PKEY_base_id(pubkey)); - } - EVP_PKEY_free(pubkey); - return; -@@ -1806,6 +1833,7 @@ do_ca_sign(struct passwd *pw, int argc, - #ifdef ENABLE_PKCS11 - pkcs11_terminate(); - #endif -+ free(ca); - exit(0); - } - -Index: openssh-7.8p1/ssh-pkcs11-client.c -=================================================================== ---- openssh-7.8p1.orig/ssh-pkcs11-client.c -+++ openssh-7.8p1/ssh-pkcs11-client.c -@@ -156,12 +156,16 @@ pkcs11_rsa_private_encrypt(int flen, con - static int - wrap_key(RSA *rsa) - { -- static RSA_METHOD helper_rsa; -+ static RSA_METHOD *helper_rsa; - -- memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa)); -- helper_rsa.name = "ssh-pkcs11-helper"; -- helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt; -- RSA_set_method(rsa, &helper_rsa); -+ if (helper_rsa == NULL) { -+ helper_rsa = RSA_meth_dup(RSA_get_default_method()); -+ if (helper_rsa == NULL) -+ error("RSA_meth_dup failed"); -+ RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper"); -+ RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt); -+ } -+ RSA_set_method(rsa, helper_rsa); - return (0); - } - -Index: openssh-7.8p1/ssh-pkcs11.c -=================================================================== ---- openssh-7.8p1.orig/ssh-pkcs11.c -+++ openssh-7.8p1/ssh-pkcs11.c -@@ -67,7 +67,7 @@ struct pkcs11_key { - struct pkcs11_provider *provider; - CK_ULONG slotidx; - int (*orig_finish)(RSA *rsa); -- RSA_METHOD rsa_method; -+ RSA_METHOD *rsa_method; - char *keyid; - int keyid_len; - }; -@@ -183,6 +183,7 @@ pkcs11_rsa_finish(RSA *rsa) - if (k11->provider) - pkcs11_provider_unref(k11->provider); - free(k11->keyid); -+ RSA_meth_free(k11->rsa_method); - free(k11); - } - return (rv); -@@ -326,13 +327,21 @@ pkcs11_rsa_wrap(struct pkcs11_provider * - k11->keyid = xmalloc(k11->keyid_len); - memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); - } -- k11->orig_finish = def->finish; -- memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method)); -- k11->rsa_method.name = "pkcs11"; -- k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt; -- k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt; -- k11->rsa_method.finish = pkcs11_rsa_finish; -- RSA_set_method(rsa, &k11->rsa_method); -+ k11->orig_finish = RSA_meth_get_finish(def); -+ if ((k11->rsa_method = RSA_meth_dup(def)) == NULL || -+ RSA_meth_set1_name(k11->rsa_method, "pkcs11") == 0 || -+ RSA_meth_set_priv_enc(k11->rsa_method, pkcs11_rsa_private_encrypt) == 0 || -+ RSA_meth_set_priv_dec(k11->rsa_method, pkcs11_rsa_private_decrypt) == 0 || -+ RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish) == 0) { -+ RSA_meth_free(k11->rsa_method); -+ k11->rsa_method = NULL; -+ pkcs11_provider_unref(k11->provider); -+ free(k11->keyid); -+ free(k11); -+ return (-1); -+ } -+ -+ RSA_set_method(rsa, k11->rsa_method); - RSA_set_app_data(rsa, k11); - return (0); - } -@@ -460,6 +469,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_p - CK_ULONG nfound; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST *f; -+ const BIGNUM *n, *e; - - f = p->function_list; - session = p->slotinfo[slotidx].session; -@@ -512,10 +522,16 @@ pkcs11_fetch_keys_filter(struct pkcs11_p - if ((rsa = RSA_new()) == NULL) { - error("RSA_new failed"); - } else { -- rsa->n = BN_bin2bn(attribs[1].pValue, -+ BIGNUM *rsa_n, *rsa_e; -+ -+ rsa_n = BN_bin2bn(attribs[1].pValue, - attribs[1].ulValueLen, NULL); -- rsa->e = BN_bin2bn(attribs[2].pValue, -+ rsa_e = BN_bin2bn(attribs[2].pValue, - attribs[2].ulValueLen, NULL); -+ if (rsa_n == NULL || rsa_e == NULL) -+ error("BN_bin2bn failed"); -+ if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) == 0) -+ error("RSA_set0_key failed"); - } - } else { - cp = attribs[2].pValue; -@@ -525,16 +541,18 @@ pkcs11_fetch_keys_filter(struct pkcs11_p - == NULL) { - error("d2i_X509 failed"); - } else if ((evp = X509_get_pubkey(x509)) == NULL || -- evp->type != EVP_PKEY_RSA || -- evp->pkey.rsa == NULL) { -+ EVP_PKEY_id(evp) != EVP_PKEY_RSA || -+ EVP_PKEY_get0_RSA(evp) == NULL) { - debug("X509_get_pubkey failed or no rsa"); -- } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa)) -+ } else if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) - == NULL) { - error("RSAPublicKey_dup"); - } - X509_free(x509); - } -- if (rsa && rsa->n && rsa->e && -+ if (rsa) -+ RSA_get0_key(rsa, &n, &e, NULL); -+ if (rsa && n && e && - pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { - if ((key = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); -Index: openssh-7.8p1/ssh-rsa.c -=================================================================== ---- openssh-7.8p1.orig/ssh-rsa.c -+++ openssh-7.8p1/ssh-rsa.c -@@ -104,38 +104,50 @@ rsa_hash_alg_nid(int type) - } - - int --ssh_rsa_generate_additional_parameters(struct sshkey *key) -+ssh_rsa_generate_additional_parameters(struct sshkey *key, BIGNUM *iqmp) - { - BIGNUM *aux = NULL; - BN_CTX *ctx = NULL; -- BIGNUM d; -+ BIGNUM *d = NULL; - int r; -+ const BIGNUM *p, *q, *rsa_d; -+ BIGNUM *dmp1 = NULL, *dmq1 = NULL; - - if (key == NULL || key->rsa == NULL || - sshkey_type_plain(key->type) != KEY_RSA) - return SSH_ERR_INVALID_ARGUMENT; - -- if ((ctx = BN_CTX_new()) == NULL) -- return SSH_ERR_ALLOC_FAIL; -- if ((aux = BN_new()) == NULL) { -+ RSA_get0_factors(key->rsa, &p, &q); -+ RSA_get0_key(key->rsa, NULL, NULL, &rsa_d); -+ -+ if ((ctx = BN_CTX_new()) == NULL || -+ (aux = BN_new()) == NULL || -+ (d = BN_new()) == NULL || -+ (dmp1 = BN_new()) == NULL || -+ (dmq1 = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - BN_set_flags(aux, BN_FLG_CONSTTIME); - -- BN_init(&d); -- BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME); -+ BN_with_flags(d, rsa_d, BN_FLG_CONSTTIME); - -- if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) || -- (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) || -- (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) || -- (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) { -+ if ((BN_sub(aux, q, BN_value_one()) == 0) || -+ (BN_mod(dmq1, d, aux, ctx) == 0) || -+ (BN_sub(aux, p, BN_value_one()) == 0) || -+ (BN_mod(dmp1, d, aux, ctx) == 0) || -+ (RSA_set0_crt_params(key->rsa, dmp1, dmq1, iqmp) == 0)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } -+ dmp1 = NULL; -+ dmq1 = NULL; - r = 0; - out: -+ BN_free(d); - BN_clear_free(aux); -+ BN_clear_free(dmp1); -+ BN_clear_free(dmq1); - BN_CTX_free(ctx); - return r; - } -@@ -163,7 +175,7 @@ ssh_rsa_sign(const struct sshkey *key, u - if (key == NULL || key->rsa == NULL || hash_alg == -1 || - sshkey_type_plain(key->type) != KEY_RSA) - return SSH_ERR_INVALID_ARGUMENT; -- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) -+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) - return SSH_ERR_KEY_LENGTH; - slen = RSA_size(key->rsa); - if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) -@@ -235,7 +247,7 @@ ssh_rsa_verify(const struct sshkey *key, - sshkey_type_plain(key->type) != KEY_RSA || - sig == NULL || siglen == 0) - return SSH_ERR_INVALID_ARGUMENT; -- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) -+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) - return SSH_ERR_KEY_LENGTH; - - if ((b = sshbuf_from(sig, siglen)) == NULL) -Index: openssh-7.8p1/sshconnect.c -=================================================================== ---- openssh-7.8p1.orig/sshconnect.c -+++ openssh-7.8p1/sshconnect.c -@@ -1399,6 +1399,7 @@ ssh_login(Sensitive *sensitive, const ch - char *server_user, *local_user; - - local_user = xstrdup(pw->pw_name); -+ free(pw); - server_user = options.user ? options.user : local_user; - - /* Convert the user-supplied hostname into all lowercase. */ -Index: openssh-7.8p1/sshkey.c -=================================================================== ---- openssh-7.8p1.orig/sshkey.c -+++ openssh-7.8p1/sshkey.c -@@ -293,10 +293,10 @@ sshkey_size(const struct sshkey *k) - #ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: -- return BN_num_bits(k->rsa->n); -+ return RSA_bits(k->rsa); - case KEY_DSA: - case KEY_DSA_CERT: -- return BN_num_bits(k->dsa->p); -+ return DSA_bits(k->dsa); - case KEY_ECDSA: - case KEY_ECDSA_CERT: - return sshkey_curve_nid_to_bits(k->ecdsa_nid); -@@ -325,6 +325,31 @@ sshkey_type_is_valid_ca(int type) - } - } - -+ -+static int -+sshkey_is_private_rsa(const RSA *r) -+{ -+ const BIGNUM *d; -+ int rv; -+ -+ RSA_get0_key(r, NULL, NULL, &d); -+ rv = (d != NULL); -+ d = NULL; -+ return rv; -+} -+ -+static int -+sshkey_is_private_dsa(const DSA *d) -+{ -+ const BIGNUM *priv_key; -+ int rv; -+ -+ DSA_get0_key(d, NULL, &priv_key); -+ rv = (priv_key != NULL); -+ priv_key = NULL; -+ return rv; -+} -+ - int - sshkey_is_private(const struct sshkey *k) - { -@@ -332,10 +357,10 @@ sshkey_is_private(const struct sshkey *k - #ifdef WITH_OPENSSL - case KEY_RSA_CERT: - case KEY_RSA: -- return k->rsa->d != NULL; -+ return sshkey_is_private_rsa(k->rsa); - case KEY_DSA_CERT: - case KEY_DSA: -- return k->dsa->priv_key != NULL; -+ return sshkey_is_private_dsa(k->dsa); - #ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: -@@ -527,10 +552,7 @@ sshkey_new(int type) - #ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: -- if ((rsa = RSA_new()) == NULL || -- (rsa->n = BN_new()) == NULL || -- (rsa->e = BN_new()) == NULL) { -- RSA_free(rsa); -+ if ((rsa = RSA_new()) == NULL) { - free(k); - return NULL; - } -@@ -538,12 +560,7 @@ sshkey_new(int type) - break; - case KEY_DSA: - case KEY_DSA_CERT: -- if ((dsa = DSA_new()) == NULL || -- (dsa->p = BN_new()) == NULL || -- (dsa->q = BN_new()) == NULL || -- (dsa->g = BN_new()) == NULL || -- (dsa->pub_key = BN_new()) == NULL) { -- DSA_free(dsa); -+ if ((dsa = DSA_new()) == NULL) { - free(k); - return NULL; - } -@@ -584,21 +601,10 @@ sshkey_add_private(struct sshkey *k) - #ifdef WITH_OPENSSL - case KEY_RSA: - case KEY_RSA_CERT: --#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) -- if (bn_maybe_alloc_failed(k->rsa->d) || -- bn_maybe_alloc_failed(k->rsa->iqmp) || -- bn_maybe_alloc_failed(k->rsa->q) || -- bn_maybe_alloc_failed(k->rsa->p) || -- bn_maybe_alloc_failed(k->rsa->dmq1) || -- bn_maybe_alloc_failed(k->rsa->dmp1)) -- return SSH_ERR_ALLOC_FAIL; - break; - case KEY_DSA: - case KEY_DSA_CERT: -- if (bn_maybe_alloc_failed(k->dsa->priv_key)) -- return SSH_ERR_ALLOC_FAIL; - break; --#undef bn_maybe_alloc_failed - case KEY_ECDSA: - case KEY_ECDSA_CERT: - /* Cannot do anything until we know the group */ -@@ -721,17 +727,31 @@ sshkey_equal_public(const struct sshkey - switch (a->type) { - #ifdef WITH_OPENSSL - case KEY_RSA_CERT: -- case KEY_RSA: -- return a->rsa != NULL && b->rsa != NULL && -- BN_cmp(a->rsa->e, b->rsa->e) == 0 && -- BN_cmp(a->rsa->n, b->rsa->n) == 0; -+ case KEY_RSA: { -+ const BIGNUM *a_e, *a_n, *b_e, *b_n; -+ -+ if (a->rsa == NULL || b->rsa == NULL) -+ return 0; -+ RSA_get0_key(a->rsa, &a_n, &a_e, NULL); -+ RSA_get0_key(b->rsa, &b_n, &b_e, NULL); -+ return BN_cmp(a_e, b_e) == 0 && BN_cmp(a_n, b_n) == 0; -+ } - case KEY_DSA_CERT: -- case KEY_DSA: -- return a->dsa != NULL && b->dsa != NULL && -- BN_cmp(a->dsa->p, b->dsa->p) == 0 && -- BN_cmp(a->dsa->q, b->dsa->q) == 0 && -- BN_cmp(a->dsa->g, b->dsa->g) == 0 && -- BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; -+ case KEY_DSA: { -+ const BIGNUM *a_p, *a_q, *a_g, *a_pub_key; -+ const BIGNUM *b_p, *b_q, *b_g, *b_pub_key; -+ -+ if (a->dsa == NULL || b->dsa == NULL) -+ return 0; -+ DSA_get0_pqg(a->dsa, &a_p, &a_q, &a_g); -+ DSA_get0_key(a->dsa, &a_pub_key, NULL); -+ DSA_get0_pqg(b->dsa, &b_p, &b_q, &b_g); -+ DSA_get0_key(b->dsa, &b_pub_key, NULL); -+ return BN_cmp(a_p, b_p) == 0 && -+ BN_cmp(a_q, b_q) == 0 && -+ BN_cmp(a_g, b_g) == 0 && -+ BN_cmp(a_pub_key, b_pub_key) == 0; -+ } - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: -@@ -817,15 +837,21 @@ to_blob_buf(const struct sshkey *key, st - return ret; - break; - #ifdef WITH_OPENSSL -- case KEY_DSA: -- if (key->dsa == NULL) -- return SSH_ERR_INVALID_ARGUMENT; -- if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0) -- return ret; -+ case KEY_DSA: { -+ const BIGNUM *p, *q, *g, *pub_key; -+ -+ if (key->dsa == NULL) -+ return SSH_ERR_INVALID_ARGUMENT; -+ -+ DSA_get0_pqg(key->dsa, &p, &q, &g); -+ DSA_get0_key(key->dsa, &pub_key, NULL); -+ if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -+ (ret = sshbuf_put_bignum2(b, p)) != 0 || -+ (ret = sshbuf_put_bignum2(b, q)) != 0 || -+ (ret = sshbuf_put_bignum2(b, g)) != 0 || -+ (ret = sshbuf_put_bignum2(b, pub_key)) != 0) -+ return ret; -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: -@@ -838,13 +864,18 @@ to_blob_buf(const struct sshkey *key, st - return ret; - break; - # endif -- case KEY_RSA: -- if (key->rsa == NULL) -- return SSH_ERR_INVALID_ARGUMENT; -- if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0) -- return ret; -+ case KEY_RSA: { -+ const BIGNUM *e, *n; -+ -+ if (key->rsa == NULL) -+ return SSH_ERR_INVALID_ARGUMENT; -+ -+ RSA_get0_key(key->rsa, &n, &e, NULL); -+ if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -+ (ret = sshbuf_put_bignum2(b, e)) != 0 || -+ (ret = sshbuf_put_bignum2(b, n)) != 0) -+ return ret; -+ } - break; - #endif /* WITH_OPENSSL */ - case KEY_ED25519: -@@ -1782,15 +1813,32 @@ sshkey_from_private(const struct sshkey - switch (k->type) { - #ifdef WITH_OPENSSL - case KEY_DSA: -- case KEY_DSA_CERT: -- if ((n = sshkey_new(k->type)) == NULL) -- return SSH_ERR_ALLOC_FAIL; -- if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || -- (BN_copy(n->dsa->q, k->dsa->q) == NULL) || -- (BN_copy(n->dsa->g, k->dsa->g) == NULL) || -- (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) { -- sshkey_free(n); -- return SSH_ERR_ALLOC_FAIL; -+ case KEY_DSA_CERT: { -+ const BIGNUM *k_p, *k_q, *k_g, *k_pub_key; -+ BIGNUM *n_p = NULL, *n_q = NULL, *n_g = NULL, *n_pub_key = NULL; -+ -+ if ((n = sshkey_new(k->type)) == NULL) -+ return SSH_ERR_ALLOC_FAIL; -+ -+ DSA_get0_pqg(k->dsa, &k_p, &k_q, &k_g); -+ DSA_get0_key(k->dsa, &k_pub_key, NULL); -+ -+ if (((n_p = BN_dup(k_p)) == NULL) || -+ ((n_q = BN_dup(k_q)) == NULL) || -+ ((n_g = BN_dup(k_g)) == NULL) || -+ (DSA_set0_pqg(n->dsa, n_p, n_q, n_g) == 0)) { -+ sshkey_free(n); -+ BN_free(n_p); -+ BN_free(n_q); -+ BN_free(n_g); -+ return SSH_ERR_ALLOC_FAIL; -+ } -+ if (((n_pub_key = BN_dup(k_pub_key)) == NULL) || -+ (DSA_set0_key(n->dsa, n_pub_key, NULL) == 0)) { -+ sshkey_free(n); -+ BN_free(n_pub_key); -+ return SSH_ERR_ALLOC_FAIL; -+ } - } - break; - # ifdef OPENSSL_HAS_ECC -@@ -1812,13 +1860,22 @@ sshkey_from_private(const struct sshkey - break; - # endif /* OPENSSL_HAS_ECC */ - case KEY_RSA: -- case KEY_RSA_CERT: -- if ((n = sshkey_new(k->type)) == NULL) -- return SSH_ERR_ALLOC_FAIL; -- if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || -- (BN_copy(n->rsa->e, k->rsa->e) == NULL)) { -- sshkey_free(n); -- return SSH_ERR_ALLOC_FAIL; -+ case KEY_RSA_CERT: { -+ const BIGNUM *k_n, *k_e; -+ BIGNUM *n_n = NULL, *n_e = NULL; -+ -+ if ((n = sshkey_new(k->type)) == NULL) -+ return SSH_ERR_ALLOC_FAIL; -+ -+ RSA_get0_key(k->rsa, &k_n, &k_e, NULL); -+ if (((n_n = BN_dup(k_n)) == NULL) || -+ ((n_e = BN_dup(k_e)) == NULL) || -+ RSA_set0_key(n->rsa, n_n, n_e, NULL) == 0) { -+ sshkey_free(n); -+ BN_free(n_n); -+ BN_free(n_e); -+ return SSH_ERR_ALLOC_FAIL; -+ } - } - break; - #endif /* WITH_OPENSSL */ -@@ -2040,12 +2097,22 @@ sshkey_from_blob_internal(struct sshbuf - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if (sshbuf_get_bignum2(b, key->rsa->e) != 0 || -- sshbuf_get_bignum2(b, key->rsa->n) != 0) { -- ret = SSH_ERR_INVALID_FORMAT; -- goto out; -+ { -+ BIGNUM *e, *n; -+ -+ e = BN_new(); -+ n = BN_new(); -+ if (e == NULL || n == NULL || -+ sshbuf_get_bignum2(b, e) != 0 || -+ sshbuf_get_bignum2(b, n) != 0 || -+ RSA_set0_key(key->rsa, n, e, NULL) == 0) { -+ BN_free(e); -+ BN_free(n); -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto out; -+ } - } -- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { -+ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - ret = SSH_ERR_KEY_LENGTH; - goto out; - } -@@ -2065,12 +2132,34 @@ sshkey_from_blob_internal(struct sshbuf - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if (sshbuf_get_bignum2(b, key->dsa->p) != 0 || -- sshbuf_get_bignum2(b, key->dsa->q) != 0 || -- sshbuf_get_bignum2(b, key->dsa->g) != 0 || -- sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) { -- ret = SSH_ERR_INVALID_FORMAT; -- goto out; -+ { -+ BIGNUM *p, *q, *g, *pub_key; -+ -+ p = BN_new(); -+ q = BN_new(); -+ g = BN_new(); -+ pub_key = BN_new(); -+ -+ if (p == NULL || q == NULL || g == NULL || -+ pub_key == NULL || -+ sshbuf_get_bignum2(b, p) != 0 || -+ sshbuf_get_bignum2(b, q) != 0 || -+ sshbuf_get_bignum2(b, g) != 0 || -+ sshbuf_get_bignum2(b, pub_key) != 0 || -+ DSA_set0_pqg(key->dsa, p, q, g) == 0) { -+ BN_free(p); -+ BN_free(q); -+ BN_free(g); -+ BN_free(pub_key); -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto out; -+ } -+ -+ if (DSA_set0_key(key->dsa, pub_key, NULL) == 0) { -+ BN_free(pub_key); -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+ goto out; -+ } - } - #ifdef DEBUG_PK - DSA_print_fp(stderr, key->dsa, 8); -@@ -2415,26 +2504,53 @@ sshkey_demote(const struct sshkey *k, st - if ((ret = sshkey_cert_copy(k, pk)) != 0) - goto fail; - /* FALLTHROUGH */ -- case KEY_RSA: -- if ((pk->rsa = RSA_new()) == NULL || -- (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || -- (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) { -- ret = SSH_ERR_ALLOC_FAIL; -- goto fail; -+ case KEY_RSA: { -+ const BIGNUM *k_e, *k_n; -+ BIGNUM *pk_e = NULL, *pk_n = NULL; -+ -+ RSA_get0_key(k->rsa, &k_n, &k_e, NULL); -+ if ((pk->rsa = RSA_new()) == NULL || -+ (pk_e = BN_dup(k_e)) == NULL || -+ (pk_n = BN_dup(k_n)) == NULL || -+ RSA_set0_key(pk->rsa, pk_n, pk_e, NULL) == 0) { -+ BN_free(pk_e); -+ BN_free(pk_n); -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto fail; - } -+ } - break; - case KEY_DSA_CERT: - if ((ret = sshkey_cert_copy(k, pk)) != 0) - goto fail; - /* FALLTHROUGH */ -- case KEY_DSA: -- if ((pk->dsa = DSA_new()) == NULL || -- (pk->dsa->p = BN_dup(k->dsa->p)) == NULL || -- (pk->dsa->q = BN_dup(k->dsa->q)) == NULL || -- (pk->dsa->g = BN_dup(k->dsa->g)) == NULL || -- (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) { -- ret = SSH_ERR_ALLOC_FAIL; -- goto fail; -+ case KEY_DSA: { -+ const BIGNUM *k_p, *k_q, *k_g, *k_pub_key; -+ BIGNUM *pk_p = NULL, *pk_q = NULL, *pk_g = NULL; -+ BIGNUM *pk_pub_key = NULL; -+ -+ DSA_get0_pqg(k->dsa, &k_p, &k_q, &k_g); -+ DSA_get0_key(k->dsa, &k_pub_key, NULL); -+ -+ if ((pk->dsa = DSA_new()) == NULL || -+ (pk_p = BN_dup(k_p)) == NULL || -+ (pk_q = BN_dup(k_q)) == NULL || -+ (pk_g = BN_dup(k_g)) == NULL || -+ (pk_pub_key = BN_dup(k_pub_key)) == NULL || -+ DSA_set0_pqg(pk->dsa, pk_p, pk_q, pk_g) == 0) { -+ BN_free(pk_p); -+ BN_free(pk_q); -+ BN_free(pk_g); -+ BN_free(pk_pub_key); -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto fail; -+ } -+ -+ if (DSA_set0_key(pk->dsa, pk_pub_key, NULL) == 0) { -+ BN_free(pk_pub_key); -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+ goto fail; -+ } - } - break; - case KEY_ECDSA_CERT: -@@ -2584,12 +2700,17 @@ sshkey_certify_custom(struct sshkey *k, - /* XXX this substantially duplicates to_blob(); refactor */ - switch (k->type) { - #ifdef WITH_OPENSSL -- case KEY_DSA_CERT: -- if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0) -- goto out; -+ case KEY_DSA_CERT: { -+ const BIGNUM *p, *q, *g, *pub_key; -+ -+ DSA_get0_pqg(k->dsa, &p, &q, &g); -+ DSA_get0_key(k->dsa, &pub_key, NULL); -+ if ((ret = sshbuf_put_bignum2(cert, p)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, q)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, g)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, pub_key)) != 0) -+ goto out; -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: -@@ -2601,10 +2722,15 @@ sshkey_certify_custom(struct sshkey *k, - goto out; - break; - # endif /* OPENSSL_HAS_ECC */ -- case KEY_RSA_CERT: -- if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) -- goto out; -+ case KEY_RSA_CERT: { -+ const BIGNUM *e, *n; -+ -+ RSA_get0_key(k->rsa, &n, &e, NULL); -+ if (e == NULL || n == NULL || -+ (ret = sshbuf_put_bignum2(cert, e)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, n)) != 0) -+ goto out; -+ } - break; - #endif /* WITH_OPENSSL */ - case KEY_ED25519_CERT: -@@ -2790,43 +2916,65 @@ sshkey_private_serialize_opt(const struc - goto out; - switch (key->type) { - #ifdef WITH_OPENSSL -- case KEY_RSA: -- if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) -- goto out; -+ case KEY_RSA: { -+ const BIGNUM *n, *e, *d, *iqmp, *p, *q; -+ RSA_get0_key(key->rsa, &n, &e, &d); -+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); -+ RSA_get0_factors(key->rsa, &p, &q); -+ if ((r = sshbuf_put_bignum2(b, n)) != 0 || -+ (r = sshbuf_put_bignum2(b, e)) != 0 || -+ (r = sshbuf_put_bignum2(b, d)) != 0 || -+ (r = sshbuf_put_bignum2(b, iqmp)) != 0 || -+ (r = sshbuf_put_bignum2(b, p)) != 0 || -+ (r = sshbuf_put_bignum2(b, q)) != 0) -+ goto out; -+ } - break; - case KEY_RSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } -- if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) -- goto out; -+ { -+ const BIGNUM *d, *iqmp, *p, *q; -+ -+ RSA_get0_key(key->rsa, NULL, NULL, &d); -+ RSA_get0_factors(key->rsa, &p, &q); -+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); -+ if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -+ (r = sshbuf_put_bignum2(b, d)) != 0 || -+ (r = sshbuf_put_bignum2(b, iqmp)) != 0 || -+ (r = sshbuf_put_bignum2(b, p)) != 0 || -+ (r = sshbuf_put_bignum2(b, q)) != 0) -+ goto out; -+ } - break; -- case KEY_DSA: -- if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) -- goto out; -+ case KEY_DSA: { -+ const BIGNUM *p, *q, *g, *pub_key, *priv_key; -+ -+ DSA_get0_pqg(key->dsa, &p, &q, &g); -+ DSA_get0_key(key->dsa, &pub_key, &priv_key); -+ if ((r = sshbuf_put_bignum2(b, p)) != 0 || -+ (r = sshbuf_put_bignum2(b, q)) != 0 || -+ (r = sshbuf_put_bignum2(b, g)) != 0 || -+ (r = sshbuf_put_bignum2(b, pub_key)) != 0 || -+ (r = sshbuf_put_bignum2(b, priv_key)) != 0) -+ goto out; -+ } - break; - case KEY_DSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } -- if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) -- goto out; -+ { -+ const BIGNUM *priv_key; -+ -+ DSA_get0_key(key->dsa, NULL, &priv_key); -+ if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -+ (r = sshbuf_put_bignum2(b, priv_key)) != 0) -+ goto out; -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: -@@ -2940,18 +3088,51 @@ sshkey_private_deserialize(struct sshbuf - r = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) -- goto out; -+ { -+ BIGNUM *p, *q, *g, *pub_key, *priv_key; -+ -+ p = BN_new(); -+ q = BN_new(); -+ g = BN_new(); -+ pub_key = BN_new(); -+ priv_key = BN_new(); -+ if (p == NULL || q == NULL || g == NULL || -+ pub_key == NULL || priv_key == NULL || -+ (r = sshbuf_get_bignum2(buf, p)) != 0 || -+ (r = sshbuf_get_bignum2(buf, q)) != 0 || -+ (r = sshbuf_get_bignum2(buf, g)) != 0 || -+ (r = sshbuf_get_bignum2(buf, pub_key)) != 0 || -+ (r = sshbuf_get_bignum2(buf, priv_key)) != 0 || -+ (r = ((DSA_set0_pqg(k->dsa, p, q, g) == 0) -+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) { -+ BN_free(p); -+ BN_free(q); -+ BN_free(g); -+ BN_free(pub_key); -+ BN_free(priv_key); -+ goto out; -+ } -+ if (DSA_set0_key(k->dsa, pub_key, priv_key) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_free(pub_key); -+ BN_free(priv_key); -+ goto out; -+ } -+ } - break; -- case KEY_DSA_CERT: -- if ((r = sshkey_froms(buf, &k)) != 0 || -- (r = sshkey_add_private(k)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) -- goto out; -+ case KEY_DSA_CERT: { -+ BIGNUM *priv_key = BN_new(); -+ -+ if (priv_key == NULL || -+ (r = sshkey_froms(buf, &k)) != 0 || -+ (r = sshkey_add_private(k)) != 0 || -+ (r = sshbuf_get_bignum2(buf, priv_key)) != 0 || -+ (r = ((DSA_set0_key(k->dsa, NULL, priv_key) == 0) -+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) { -+ BN_free(priv_key); -+ goto out; -+ } -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: -@@ -3010,29 +3191,89 @@ sshkey_private_deserialize(struct sshbuf - r = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || -- (r = ssh_rsa_generate_additional_parameters(k)) != 0) -- goto out; -- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { -+ { -+ BIGNUM *n, *e, *d, *iqmp, *p, *q; -+ -+ n = BN_new(); -+ e = BN_new(); -+ d = BN_new(); -+ iqmp = BN_new(); -+ p = BN_new(); -+ q = BN_new(); -+ -+ if (n == NULL || e == NULL || d == NULL || -+ iqmp == NULL || p == NULL || q == NULL || -+ (r = sshbuf_get_bignum2(buf, n)) != 0 || -+ (r = sshbuf_get_bignum2(buf, e)) != 0 || -+ (r = sshbuf_get_bignum2(buf, d)) != 0 || -+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || -+ (r = sshbuf_get_bignum2(buf, p)) != 0 || -+ (r = sshbuf_get_bignum2(buf, q)) != 0 || -+ (r = ((RSA_set0_key(k->rsa, n, e, d) == 0) -+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) { -+ BN_free(n); -+ BN_free(e); -+ BN_free(d); -+ BN_free(iqmp); -+ BN_free(p); -+ BN_free(q); -+ goto out; -+ } -+ if (RSA_set0_factors(k->rsa, p, q) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_free(iqmp); -+ BN_free(p); -+ BN_free(q); -+ goto out; -+ } -+ if ((r = ssh_rsa_generate_additional_parameters(k, iqmp)) != 0) { -+ BN_free(iqmp); -+ goto out; -+ } -+ } -+ if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - r = SSH_ERR_KEY_LENGTH; - goto out; - } - break; -- case KEY_RSA_CERT: -- if ((r = sshkey_froms(buf, &k)) != 0 || -- (r = sshkey_add_private(k)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || -- (r = ssh_rsa_generate_additional_parameters(k)) != 0) -- goto out; -- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { -+ case KEY_RSA_CERT: { -+ BIGNUM *d, *iqmp, *p, *q; -+ -+ /* N and E are already set so make sure we will not overwrite them */ -+ d = BN_new(); -+ iqmp = BN_new(); -+ p = BN_new(); -+ q = BN_new(); -+ -+ if (d == NULL || iqmp == NULL || p == NULL || -+ q == NULL || -+ (r = sshkey_froms(buf, &k)) != 0 || -+ (r = sshkey_add_private(k)) != 0 || -+ (r = sshbuf_get_bignum2(buf, d)) != 0 || -+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || -+ (r = sshbuf_get_bignum2(buf, p)) != 0 || -+ (r = sshbuf_get_bignum2(buf, q)) != 0 || -+ (r = ((RSA_set0_key(k->rsa, NULL, NULL, d) == 0) -+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) { -+ BN_free(d); -+ BN_free(iqmp); -+ BN_free(p); -+ BN_free(q); -+ goto out; -+ } -+ if (RSA_set0_factors(k->rsa, p, q) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_free(p); -+ BN_free(q); -+ goto out; -+ } -+ if (ssh_rsa_generate_additional_parameters(k, iqmp) != 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ free(iqmp); -+ goto out; -+ } -+ } -+ if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - r = SSH_ERR_KEY_LENGTH; - goto out; - } -@@ -3796,7 +4037,9 @@ translate_libcrypto_error(unsigned long - switch (pem_reason) { - case EVP_R_BAD_DECRYPT: - return SSH_ERR_KEY_WRONG_PASSPHRASE; -+#ifdef EVP_R_BN_DECODE_ERROR - case EVP_R_BN_DECODE_ERROR: -+#endif - case EVP_R_DECODE_ERROR: - #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR - case EVP_R_PRIVATE_KEY_DECODE_ERROR: -@@ -3861,7 +4104,7 @@ sshkey_parse_private_pem_fileblob(struct - r = convert_libcrypto_error(); - goto out; - } -- if (pk->type == EVP_PKEY_RSA && -+ if (EVP_PKEY_id(pk) == EVP_PKEY_RSA && - (type == KEY_UNSPEC || type == KEY_RSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; -@@ -3876,11 +4119,11 @@ sshkey_parse_private_pem_fileblob(struct - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } -- if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { -+ if (RSA_bits(prv->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { - r = SSH_ERR_KEY_LENGTH; - goto out; - } -- } else if (pk->type == EVP_PKEY_DSA && -+ } else if (EVP_PKEY_id(pk) == EVP_PKEY_DSA && - (type == KEY_UNSPEC || type == KEY_DSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; -@@ -3892,7 +4135,7 @@ sshkey_parse_private_pem_fileblob(struct - DSA_print_fp(stderr, prv->dsa, 8); - #endif - #ifdef OPENSSL_HAS_ECC -- } else if (pk->type == EVP_PKEY_EC && -+ } else if (EVP_PKEY_id(pk) == EVP_PKEY_EC && - (type == KEY_UNSPEC || type == KEY_ECDSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; -Index: openssh-7.8p1/sshkey.h -=================================================================== ---- openssh-7.8p1.orig/sshkey.h -+++ openssh-7.8p1/sshkey.h -@@ -220,7 +220,7 @@ int sshkey_parse_private_fileblob_type(s - const char *passphrase, struct sshkey **keyp, char **commentp); - - /* XXX should be internal, but used by ssh-keygen */ --int ssh_rsa_generate_additional_parameters(struct sshkey *); -+int ssh_rsa_generate_additional_parameters(struct sshkey *, BIGNUM *iqmp); - - /* stateful keys (e.g. XMSS) */ - #ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS -Index: openssh-7.8p1/ssh.c -=================================================================== ---- openssh-7.8p1.orig/ssh.c -+++ openssh-7.8p1/ssh.c -@@ -1332,6 +1332,7 @@ main(int ac, char **av) - (char *)NULL); - free(cp); - } -+ free(host_arg); - - if (config_test) { - dump_client_config(&options, host); -Index: openssh-7.8p1/gss-serv.c -=================================================================== ---- openssh-7.8p1.orig/gss-serv.c -+++ openssh-7.8p1/gss-serv.c -@@ -148,7 +148,8 @@ ssh_gssapi_server_mechanisms() { - if (supported_oids == NULL) - ssh_gssapi_prepare_supported_oids(); - return (ssh_gssapi_kex_mechs(supported_oids, -- &ssh_gssapi_server_check_mech, NULL, NULL)); -+ ssh_gssapi_server_check_mech, NULL, NULL, -+ options.gss_kex_algorithms)); - } - - /* Unprivileged */ -Index: openssh-7.8p1/kex.c -=================================================================== ---- openssh-7.8p1.orig/kex.c -+++ openssh-7.8p1/kex.c -@@ -49,6 +49,7 @@ - #include "misc.h" - #include "dispatch.h" - #include "monitor.h" -+#include "xmalloc.h" - - #include "ssherr.h" - #include "sshbuf.h" -@@ -359,6 +360,28 @@ kex_assemble_names(char **listp, const c - return r; - } - -+/* Validate GSS KEX method name list */ -+int -+gss_kex_names_valid(const char *names) -+{ -+ char *s, *cp, *p; -+ if (names == NULL || *names == '\0') -+ return 0; -+ s = cp = xstrdup(names); -+ for ((p = strsep(&cp, ",")); p && *p != '\0'; -+ (p = strsep(&cp, ","))) { -+ if (strncmp(p, "gss-", 4) != 0 -+ || kex_alg_by_name(p) == NULL) { -+ error("Unsupported KEX algorithm \"%.100s\"", p); -+ free(s); -+ return 0; -+ } -+ } -+ debug3("gss kex names ok: [%s]", names); -+ free(s); -+ return 1; -+} -+ - /* put algorithm proposal into buffer */ - int - kex_prop2buf(struct sshbuf *b, char *proposal[PROPOSAL_MAX]) -@@ -795,7 +818,7 @@ choose_mac(struct ssh *ssh, struct sshma - #ifdef SSH_AUDIT_EVENTS - audit_unsupported(SSH_AUDIT_UNSUPPORTED_MAC); - #endif -- return SSH_ERR_NO_MAC_ALG_MATCH; -+ return SSH_ERR_NO_MAC_ALG_MATCH; - } - if (mac_setup(mac, name) < 0) { - free(name); -Index: openssh-7.8p1/kex.h -=================================================================== ---- openssh-7.8p1.orig/kex.h -+++ openssh-7.8p1/kex.h -@@ -182,6 +182,7 @@ int kex_names_valid(const char *); - char *kex_alg_list(char); - char *kex_names_cat(const char *, const char *); - int kex_assemble_names(char **, const char *, const char *); -+int gss_kex_names_valid(const char *); - - int kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **); - int kex_setup(struct ssh *, char *[PROPOSAL_MAX]); -Index: openssh-7.8p1/readconf.c -=================================================================== ---- openssh-7.8p1.orig/readconf.c -+++ openssh-7.8p1/readconf.c -@@ -69,6 +69,7 @@ - #include "digest.h" - #include "dh.h" - #include "fips.h" -+#include "ssh-gss.h" - - /* Format of the configuration file: - -@@ -164,7 +165,7 @@ typedef enum { - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, - oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey, -- oGssServerIdentity, -+ oGssServerIdentity, oGssKexAlgorithms, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oSetEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, -@@ -211,6 +212,7 @@ static struct { - { "gssapiclientidentity", oGssClientIdentity }, - { "gssapiserveridentity", oGssServerIdentity }, - { "gssapirenewalforcesrekey", oGssRenewalRekey }, -+ { "gssapikexalgorithms", oGssKexAlgorithms }, - # else - { "gssapiauthentication", oUnsupported }, - { "gssapikeyexchange", oUnsupported }, -@@ -219,6 +221,7 @@ static struct { - { "gssapiclientidentity", oUnsupported }, - { "gssapiserveridentity", oUnsupported }, - { "gssapirenewalforcesrekey", oUnsupported }, -+ { "gssapikexalgorithms", oUnsupported }, - #endif - #ifdef ENABLE_PKCS11 - { "smartcarddevice", oPKCS11Provider }, -@@ -1015,6 +1018,18 @@ parse_time: - intptr = &options->gss_renewal_rekey; - goto parse_flag; - -+ case oGssKexAlgorithms: -+ arg = strdelim(&s); -+ if (!arg || *arg == '\0') -+ fatal("%.200s line %d: Missing argument.", -+ filename, linenum); -+ if (!gss_kex_names_valid(arg)) -+ fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.", -+ filename, linenum, arg ? arg : ""); -+ if (*activep && options->gss_kex_algorithms == NULL) -+ options->gss_kex_algorithms = xstrdup(arg); -+ break; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1879,9 +1894,10 @@ initialize_options(Options * options) - options->gss_keyex = -1; - options->gss_deleg_creds = -1; - options->gss_trust_dns = -1; -- options->gss_renewal_rekey = -1; -- options->gss_client_identity = NULL; -- options->gss_server_identity = NULL; -+ options->gss_renewal_rekey = -1; -+ options->gss_client_identity = NULL; -+ options->gss_server_identity = NULL; -+ options->gss_kex_algorithms = NULL; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -2035,6 +2051,10 @@ fill_default_options(Options * options) - options->gss_trust_dns = 0; - if (options->gss_renewal_rekey == -1) - options->gss_renewal_rekey = 0; -+#ifdef GSSAPI -+ if (options->gss_kex_algorithms == NULL) -+ options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX); -+#endif - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -Index: openssh-7.8p1/readconf.h -=================================================================== ---- openssh-7.8p1.orig/readconf.h -+++ openssh-7.8p1/readconf.h -@@ -46,6 +46,7 @@ typedef struct { - int gss_renewal_rekey; /* Credential renewal forces rekey */ - char *gss_client_identity; /* Principal to initiate GSSAPI with */ - char *gss_server_identity; /* GSSAPI target principal */ -+ char *gss_kex_algorithms; /* GSSAPI kex methods to be offered by client. */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ -Index: openssh-7.8p1/servconf.c -=================================================================== ---- openssh-7.8p1.orig/servconf.c -+++ openssh-7.8p1/servconf.c -@@ -64,6 +64,7 @@ - #include "auth.h" - #include "myproposal.h" - #include "digest.h" -+#include "ssh-gss.h" - #include "dh.h" - #include "fips.h" - -@@ -134,6 +135,7 @@ initialize_server_options(ServerOptions - options->gss_cleanup_creds = -1; - options->gss_strict_acceptor = -1; - options->gss_store_rekey = -1; -+ options->gss_kex_algorithms = NULL; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->challenge_response_authentication = -1; -@@ -379,6 +381,10 @@ fill_default_server_options(ServerOption - options->gss_strict_acceptor = 1; - if (options->gss_store_rekey == -1) - options->gss_store_rekey = 0; -+#ifdef GSSAPI -+ if (options->gss_kex_algorithms == NULL) -+ options->gss_kex_algorithms = strdup(GSS_KEX_DEFAULT_KEX); -+#endif - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) -@@ -525,8 +531,7 @@ typedef enum { - sHostKeyAlgorithms, - sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, - sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, -- sGssKeyEx, sGssStoreRekey, -- sAcceptEnv, sSetEnv, sPermitTunnel, -+ sGssKeyEx, sGssStoreRekey, sGssKexAlgorithms, sAcceptEnv, sSetEnv, sPermitTunnel, - sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, - sUsePrivilegeSeparation, sAllowAgentForwarding, - sHostCertificate, -@@ -605,12 +610,14 @@ static struct { - { "gssapistrictacceptorcheck", sGssStrictAcceptor, SSHCFG_GLOBAL }, - { "gssapikeyexchange", sGssKeyEx, SSHCFG_GLOBAL }, - { "gssapistorecredentialsonrekey", sGssStoreRekey, SSHCFG_GLOBAL }, -+ { "gssapikexalgorithms", sGssKexAlgorithms, SSHCFG_GLOBAL }, - #else - { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, - { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, - { "gssapistrictacceptorcheck", sUnsupported, SSHCFG_GLOBAL }, - { "gssapikeyexchange", sUnsupported, SSHCFG_GLOBAL }, - { "gssapistorecredentialsonrekey", sUnsupported, SSHCFG_GLOBAL }, -+ { "gssapikexalgorithms", sUnsupported, SSHCFG_GLOBAL }, - #endif - { "gssusesessionccache", sUnsupported, SSHCFG_GLOBAL }, - { "gssapiusesessioncredcache", sUnsupported, SSHCFG_GLOBAL }, -@@ -1532,6 +1539,18 @@ process_server_config_line(ServerOptions - intptr = &options->gss_store_rekey; - goto parse_flag; - -+ case sGssKexAlgorithms: -+ arg = strdelim(&cp); -+ if (!arg || *arg == '\0') -+ fatal("%.200s line %d: Missing argument.", -+ filename, linenum); -+ if (!gss_kex_names_valid(arg)) -+ fatal("%.200s line %d: Bad GSSAPI KexAlgorithms '%s'.", -+ filename, linenum, arg ? arg : ""); -+ if (*activep && options->gss_kex_algorithms == NULL) -+ options->gss_kex_algorithms = xstrdup(arg); -+ break; -+ - case sPasswordAuthentication: - intptr = &options->password_authentication; - goto parse_flag; -@@ -2629,6 +2648,7 @@ dump_config(ServerOptions *o) - dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); - dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); - dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); -+ dump_cfg_string(sGssKexAlgorithms, o->gss_kex_algorithms); - #endif - dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); - dump_cfg_fmtint(sKbdInteractiveAuthentication, -Index: openssh-7.8p1/servconf.h -=================================================================== ---- openssh-7.8p1.orig/servconf.h -+++ openssh-7.8p1/servconf.h -@@ -131,6 +131,7 @@ typedef struct { - int gss_cleanup_creds; /* If true, destroy cred cache on logout */ - int gss_strict_acceptor; /* If true, restrict the GSSAPI acceptor name */ - int gss_store_rekey; -+ char *gss_kex_algorithms; /* GSSAPI kex methods to be offered by client. */ - int password_authentication; /* If true, permit password - * authentication. */ - int kbd_interactive_authentication; /* If true, permit */ -Index: openssh-7.8p1/ssh-gss.h -=================================================================== ---- openssh-7.8p1.orig/ssh-gss.h -+++ openssh-7.8p1/ssh-gss.h -@@ -72,6 +72,10 @@ - #define KEX_GSS_GRP14_SHA1_ID "gss-group14-sha1-" - #define KEX_GSS_GEX_SHA1_ID "gss-gex-sha1-" - -+#define GSS_KEX_DEFAULT_KEX \ -+ KEX_GSS_GEX_SHA1_ID "," \ -+ KEX_GSS_GRP14_SHA1_ID -+ - typedef struct { - char *filename; - char *envvar; -@@ -148,7 +152,7 @@ int ssh_gssapi_credentials_updated(Gssct - typedef int ssh_gssapi_check_fn(Gssctxt **, gss_OID, const char *, const char *); - char *ssh_gssapi_client_mechanisms(const char *, const char *, const char *); - char *ssh_gssapi_kex_mechs(gss_OID_set, ssh_gssapi_check_fn *, const char *, -- const char *); -+ const char *, const char *); - gss_OID ssh_gssapi_id_kex(Gssctxt *, char *, int); - int ssh_gssapi_server_check_mech(Gssctxt **, gss_OID, const char *, const char *); - OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID); -Index: openssh-7.8p1/ssh.1 -=================================================================== ---- openssh-7.8p1.orig/ssh.1 -+++ openssh-7.8p1/ssh.1 -@@ -489,6 +489,7 @@ For full details of the options listed b - .It GlobalKnownHostsFile - .It GSSAPIAuthentication - .It GSSAPIDelegateCredentials -+.It GSSAPIKexAlgorithms - .It HashKnownHosts - .It Host - .It HostbasedAuthentication -Index: openssh-7.8p1/ssh_config.5 -=================================================================== ---- openssh-7.8p1.orig/ssh_config.5 -+++ openssh-7.8p1/ssh_config.5 -@@ -754,6 +754,18 @@ the name of the host being connected to. - command line will be passed untouched to the GSSAPI library. - The default is - .Dq no . -+.It Cm GSSAPIKexAlgorithms -+The list of key exchange algorithms that are offered for GSSAPI -+key exchange. Possible values are -+.Bd -literal -offset 3n -+gss-gex-sha1-, -+gss-group1-sha1-, -+gss-group14-sha1- -+.Ed -+.Pp -+The default is -+.Dq gss-gex-sha1-,gss-group14-sha1- . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 -Index: openssh-7.8p1/sshconnect2.c -=================================================================== ---- openssh-7.8p1.orig/sshconnect2.c -+++ openssh-7.8p1/sshconnect2.c -@@ -301,8 +301,9 @@ ssh_kex2(char *host, struct sockaddr *ho - else - gss_host = host; - -- gss = ssh_gssapi_client_mechanisms(gss_host, options.gss_client_identity, -- options.kex_algorithms); -+ gss = ssh_gssapi_client_mechanisms(gss_host, -+ options.gss_client_identity, -+ options.kex_algorithms); - if (gss) { - debug("Offering GSSAPI proposal: %s", gss); - xasprintf(&options.kex_algorithms, -Index: openssh-7.8p1/sshd_config.5 -=================================================================== ---- openssh-7.8p1.orig/sshd_config.5 -+++ openssh-7.8p1/sshd_config.5 -@@ -668,6 +668,18 @@ Controls whether the user's GSSAPI crede - successful connection rekeying. This option can be used to accepted renewed - or updated credentials from a compatible client. The default is - .Dq no . -+.It Cm GSSAPIKexAlgorithms -+The list of key exchange algorithms that are accepted by GSSAPI -+key exchange. Possible values are -+.Bd -literal -offset 3n -+gss-gex-sha1-, -+gss-group1-sha1-, -+gss-group14-sha1- -+.Ed -+.Pp -+The default is -+.Dq gss-gex-sha1-,gss-group14-sha1- . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HostbasedAcceptedKeyTypes - Specifies the key types that will be accepted for hostbased authentication - as a list of comma-separated patterns. diff --git a/openssh-7.7p1-seccomp_ipc_flock.patch b/openssh-7.7p1-seccomp_ipc_flock.patch index 4607628..2191edb 100644 --- a/openssh-7.7p1-seccomp_ipc_flock.patch +++ b/openssh-7.7p1-seccomp_ipc_flock.patch @@ -15,15 +15,11 @@ this is only need on s390 architecture. Signed-off-by: Eduardo Barretto -diff --git a/openssh-7.7p1/sandbox-seccomp-filter.c b/openssh-7.7p1/sandbox-seccomp-filter.c ---- openssh-7.7p1/sandbox-seccomp-filter.c -+++ openssh-7.7p1/sandbox-seccomp-filter.c -@@ -167,16 +167,19 @@ static const struct sock_filter preauth_ - SC_ALLOW(__NR_exit_group), - #endif - #ifdef __NR_geteuid - SC_ALLOW(__NR_geteuid), - #endif +Index: openssh-7.9p1/sandbox-seccomp-filter.c +=================================================================== +--- openssh-7.9p1.orig/sandbox-seccomp-filter.c ++++ openssh-7.9p1/sandbox-seccomp-filter.c +@@ -175,6 +175,9 @@ static const struct sock_filter preauth_ #ifdef __NR_geteuid32 SC_ALLOW(__NR_geteuid32), #endif @@ -33,17 +29,7 @@ diff --git a/openssh-7.7p1/sandbox-seccomp-filter.c b/openssh-7.7p1/sandbox-secc #ifdef __NR_getpgid SC_ALLOW(__NR_getpgid), #endif - #ifdef __NR_getpid - SC_ALLOW(__NR_getpid), - #endif - #ifdef __NR_getrandom - SC_ALLOW(__NR_getrandom), -@@ -185,16 +188,19 @@ static const struct sock_filter preauth_ - SC_ALLOW(__NR_gettimeofday), - #endif - #ifdef __NR_getuid - SC_ALLOW(__NR_getuid), - #endif +@@ -193,6 +196,9 @@ static const struct sock_filter preauth_ #ifdef __NR_getuid32 SC_ALLOW(__NR_getuid32), #endif @@ -53,8 +39,3 @@ diff --git a/openssh-7.7p1/sandbox-seccomp-filter.c b/openssh-7.7p1/sandbox-secc #ifdef __NR_madvise SC_ALLOW(__NR_madvise), #endif - #ifdef __NR_mmap - SC_ALLOW(__NR_mmap), - #endif - #ifdef __NR_mmap2 - SC_ALLOW(__NR_mmap2), diff --git a/openssh-7.8p1.tar.gz b/openssh-7.8p1.tar.gz deleted file mode 100644 index 754639c..0000000 --- a/openssh-7.8p1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1a484bb15152c183bb2514e112aa30dd34138c3cfb032eee5490a66c507144ca -size 1548026 diff --git a/openssh-7.8p1.tar.gz.asc b/openssh-7.8p1.tar.gz.asc deleted file mode 100644 index 9942bbf..0000000 --- a/openssh-7.8p1.tar.gz.asc +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlt+Xa8ACgkQ0+X1a22S -DTAJPwx9HIW/obxNJYTU7M8trpalBekdl1SqUjxdDwInIsKTLSOpJCsnynBai/3c -SuvZkBwcKwZZFe+xCvRQDHkf/YYLT+d7slUQolb0OJmzFKbvu6xwuv7q12ag9hQj -/8BUfdYRKb63uemfKuVAHfcnUm9WlwSbif+Au/j1yg/MlETY47ezYA9/q75wignx -3g38JVHVgKDenDd8o9/hgjeQpEHKNdCQo71nN2h3MYRlh4xrR9ENZj7y8x65Kp1j -WoZEhlvjYkka4deSGwj2MIAJnzsc39uppEoEjkB7F9SUo4O7CxbWFein70Ct7Xbs -VDWXQibnJGHKatHIecaPLUYexGWO1XYNZErDhY7fPw0ChfMGbz3+0eDfDJqGY49r -Lo6wzsrgv2kDJMqwciT/D/Zb3ocHnCrq1Isnz/Ug2lW58LMk7Y1HisPteZFQ/pkC -xKeO+K1RkaRUSCrB5iToqF+7i8eRNVROYmkKLgKcMrC0WYEjnbEoFdr4bktAS9QM -BS6aIsh2cyg2H0FjDKmYvcKOUf0IgA== -=ZiYm ------END PGP SIGNATURE----- diff --git a/openssh-7.9p1.tar.gz b/openssh-7.9p1.tar.gz new file mode 100644 index 0000000..c60cf36 --- /dev/null +++ b/openssh-7.9p1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6b4b3ba2253d84ed3771c8050728d597c91cfce898713beb7b64a305b6f11aad +size 1565384 diff --git a/openssh-7.9p1.tar.gz.asc b/openssh-7.9p1.tar.gz.asc new file mode 100644 index 0000000..ced7989 --- /dev/null +++ b/openssh-7.9p1.tar.gz.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP SIGNATURE----- + +iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlvJLhsACgkQ0+X1a22S +DTBjHwx/T3EX3EtCzB9I6zHFUgF2/0hEKVYZw2Yl4UbUvgjy/KdEdlJzdH3Hc/yU +jJZzraDY7nJMrCly734FbFGKsKoRkxWMkeuQGOhvpzgTYg+fOa1J0a14xK/ub9Y0 +9Z/4zP0Zs7mn+8MApMS3XOZ+AJgdRiXN9i3PXmbYO9Gcg+QthtgE1DeG0d0vVTP/ +ipCBBg8mMlAANdlu9IUCv4CJPwJjQt2aYsvCiuUQuzrKYsV5noCOBaGRbmPcN9SM +3cvSTZgDbK3kHdL1RnBgWpcO+o+D8sqSW2rm8xpCQv/ILo86/BLBjXDCYLEt0nSn ++dONPytwhwwJWPPYe7+RSYWHS2cKwVTDk7lr2E636SwU1fM1NiNYle9hB6cUT0nU +sypfHOIARAMSqepnaT3WgffM0jlEWrSB0PuDLTLTO5ZPmUijqqT6xGwWSUc4GQZY +WNyGg1w0Ryj2pRd7DlXDDivTCneXFqV7JZiR3R4ZXJJV0uVQOUitCS/DnwSDpIfp +HlVEWeRAszQFKLKttu0/4SY2NVrRBA== +=4Z9x +-----END PGP SIGNATURE----- diff --git a/openssh-askpass-gnome.changes b/openssh-askpass-gnome.changes index aa197b9..d45a82a 100644 --- a/openssh-askpass-gnome.changes +++ b/openssh-askpass-gnome.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Oct 22 08:59:02 UTC 2018 - Pedro Monreal Gonzalez + +- Version update to 7.9p1 + * No actual changes for the askpass + * See main package changelog for details + ------------------------------------------------------------------- Tue Oct 9 10:52:15 UTC 2018 - Tomáš Chvátal diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index 05039d0..a77086c 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -18,7 +18,7 @@ %define _name openssh Name: openssh-askpass-gnome -Version: 7.8p1 +Version: 7.9p1 Release: 0 Summary: A GNOME-Based Passphrase Dialog for OpenSSH License: BSD-2-Clause diff --git a/openssh.changes b/openssh.changes index ae740c5..f485d82 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,47 @@ +------------------------------------------------------------------- +Mon Oct 22 08:51:30 UTC 2018 - Pedro Monreal Gonzalez + +- Version update to 7.9p1 + * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms + option (see below) bans the use of DSA keys as certificate + authorities. + * sshd(8): the authentication success/failure log message has + changed format slightly. It now includes the certificate + fingerprint (previously it included only key ID and CA key + fingerprint). + * ssh(1), sshd(8): allow most port numbers to be specified using + service names from getservbyname(3) (typically /etc/services). + * sshd(8): support signalling sessions via the SSH protocol. + A limited subset of signals is supported and only for login or + command sessions (i.e. not subsystems) that were not subject to + a forced command via authorized_keys or sshd_config. bz#1424 + * ssh(1): support "ssh -Q sig" to list supported signature options. + Also "ssh -Q help" to show the full set of supported queries. + * ssh(1), sshd(8): add a CASignatureAlgorithms option for the + client and server configs to allow control over which signature + formats are allowed for CAs to sign certificates. For example, + this allows banning CAs that sign certificates using the RSA-SHA1 + signature algorithm. + * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to + revoke keys specified by SHA256 hash. + * ssh-keygen(1): allow creation of key revocation lists directly + from base64-encoded SHA256 fingerprints. This supports revoking + keys using only the information contained in sshd(8) + authentication log messages. + +- Removed obsolete configuration option --with-tcp-wrappers, and + --with-opensc for s390 and s390x. + +- Removed patch merged upstream + * openssh-7.7p1-openssl_1.1.0.patch + +- Refreshed patches + * openssh-7.7p1-audit.patch + * openssh-7.7p1-disable_short_DH_parameters.patch + * openssh-7.7p1-fips.patch + * openssh-7.7p1-gssapi_key_exchange.patch + * openssh-7.7p1-seccomp_ipc_flock.patch + ------------------------------------------------------------------- Fri Oct 19 13:22:10 UTC 2018 - Tomáš Chvátal diff --git a/openssh.spec b/openssh.spec index 2061888..0af7c69 100644 --- a/openssh.spec +++ b/openssh.spec @@ -36,7 +36,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: openssh -Version: 7.8p1 +Version: 7.9p1 Release: 0 Summary: Secure Shell Client and Server (Remote Login Program) License: BSD-2-Clause AND MIT @@ -84,8 +84,6 @@ Patch22: openssh-7.7p1-systemd-notify.patch Patch23: openssh-7.7p1-gssapi_key_exchange.patch # https://bugzilla.mindrot.org/show_bug.cgi?id=1402 Patch24: openssh-7.7p1-audit.patch -# Upstream patch, already merged -Patch25: openssh-7.7p1-openssl_1.1.0.patch # Local patch to disable runtime abi SSL checks, quite pointless for us Patch26: openssh-7.7p1-disable_openssl_abi_check.patch # https://bugzilla.mindrot.org/show_bug.cgi?id=2641 @@ -188,7 +186,6 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS %configure \ --sysconfdir=%{_sysconfdir}/ssh \ --libexecdir=%{_libexecdir}/ssh \ - --with-tcp-wrappers \ --with-selinux \ --with-pid-dir=/run \ --with-systemd \ @@ -200,9 +197,6 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS --with-sandbox=seccomp_filter \ %else --with-sandbox=rlimit \ -%endif -%ifnarch s390 s390x - --with-opensc \ %endif --disable-strip \ --with-audit=linux \