1 files changed, 142 insertions, 110 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index 25edd5cbe..f62bf6672 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
-From e6c7c11ac2576ac62334616bd4408bf64140bba7 Mon Sep 17 00:00:00 2001
+From 72b1d308e6400194ef6e4e7dd45bfa48fa39b5e6 Mon Sep 17 00:00:00 2001
 From: Simon Wilkinson <simon@sxw.org.uk>
 Date: Sun, 9 Feb 2014 16:09:48 +0000
 Subject: GSSAPI key exchange support
@@ -17,14 +17,14 @@ have it merged into the main openssh package rather than having separate
 security history.
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
-Last-Updated: 2018-08-24
+Last-Updated: 2018-10-20
 Patch-Name: gssapi.patch
 ---
 ChangeLog.gssapi | 113 ++++++++++++++++
 Makefile.in      |   3 +-
 auth-krb5.c      |  17 ++-
- auth.c           |  96 +-------------
+ auth.c           |  96 +------------
 auth2-gss.c      |  54 +++++++-
 auth2.c          |   2 +
 canohost.c       |  93 +++++++++++++
@@ -32,17 +32,19 @@ Patch-Name: gssapi.patch
 clientloop.c     |  15 ++-
 config.h.in      |   6 +
 configure.ac     |  24 ++++
- gss-genr.c       | 277 +++++++++++++++++++++++++++++++++++++-
+ gss-genr.c       | 280 +++++++++++++++++++++++++++++++++++++-
 gss-serv-krb5.c  |  85 +++++++++++-
- gss-serv.c       | 184 ++++++++++++++++++++++++--
+ gss-serv.c       | 184 +++++++++++++++++++++++--
 kex.c            |  19 +++
 kex.h            |  14 ++
- kexgssc.c        | 338 +++++++++++++++++++++++++++++++++++++++++++++++
+ kexgssc.c        | 341 +++++++++++++++++++++++++++++++++++++++++++++++
- kexgsss.c        | 295 +++++++++++++++++++++++++++++++++++++++++
+ kexgsss.c        | 300 +++++++++++++++++++++++++++++++++++++++++
 monitor.c        | 122 +++++++++++++++--
 monitor.h        |   3 +
 monitor_wrap.c   |  53 +++++++-
 monitor_wrap.h   |   4 +-
+ opacket.c        |   2 +-
+ opacket.h        |   2 +-
 readconf.c       |  43 ++++++
 readconf.h       |   5 +
 servconf.c       |  26 ++++
@@ -50,13 +52,13 @@ Patch-Name: gssapi.patch
 ssh-gss.h        |  41 +++++-
 ssh_config       |   2 +
 ssh_config.5     |  32 +++++
- sshconnect2.c    | 133 ++++++++++++++++++-
+ sshconnect2.c    | 133 +++++++++++++++++-
- sshd.c           | 112 +++++++++++++++-
+ sshd.c           | 110 +++++++++++++++
 sshd_config      |   2 +
 sshd_config.5    |  10 ++
 sshkey.c         |   3 +-
 sshkey.h         |   1 +
- 35 files changed, 2087 insertions(+), 145 deletions(-)
+ 37 files changed, 2099 insertions(+), 146 deletions(-)
 create mode 100644 ChangeLog.gssapi
 create mode 100644 kexgssc.c
 create mode 100644 kexgsss.c
@@ -181,7 +183,7 @@ index 000000000..f117a336a
 +    (from jbasney AT ncsa.uiuc.edu)
 +    <gssapi-with-mic support is Bugzilla #1008>
 diff --git a/Makefile.in b/Makefile.in
-index 2385c62a8..6175c6063 100644
+index 126b2c742..70050ffb6 100644
 --- a/Makefile.in
 +++ b/Makefile.in
 @@ -100,6 +100,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
@@ -253,10 +255,10 @@ index 3096f1c8e..204752e1b 100644
        return (krb5_cc_resolve(ctx, ccname, ccache));
 }
 diff --git a/auth.c b/auth.c
-index 9a3bc96f1..80eb78c48 100644
+index 3ca3762cc..d8e6b4a3d 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -395,7 +395,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)
+@@ -399,7 +399,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)
        case PERMIT_NO_PASSWD:
                if (strcmp(method, "publickey") == 0 ||
                    strcmp(method, "hostbased") == 0 ||
@@ -266,7 +268,7 @@ index 9a3bc96f1..80eb78c48 100644
                        return 1;
                break;
        case PERMIT_FORCED_ONLY:
-@@ -733,99 +734,6 @@ fakepw(void)
+@@ -737,99 +738,6 @@ fakepw(void)
        return (&fake);
 }
 
@@ -460,7 +462,7 @@ index 9351e0428..1f12bb113 100644
        "gssapi-with-mic",
        userauth_gssapi,
 diff --git a/auth2.c b/auth2.c
-index ab8795895..96efe164c 100644
+index 4d19957a6..a77742819 100644
 --- a/auth2.c
 +++ b/auth2.c
 @@ -74,6 +74,7 @@ extern Authmethod method_passwd;
@@ -598,7 +600,7 @@ index 26d62855a..0cadc9f18 100644
 int             get_peer_port(int);
 char           *get_local_ipaddr(int);
 diff --git a/clientloop.c b/clientloop.c
-index ad35cb7ba..e69c5141f 100644
+index 8d312cdaa..1464634b0 100644
 --- a/clientloop.c
 +++ b/clientloop.c
 @@ -112,6 +112,10 @@
@@ -612,7 +614,7 @@ index ad35cb7ba..e69c5141f 100644
 /* import options */
 extern Options options;
 
-@@ -1357,9 +1361,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
+@@ -1370,9 +1374,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
                        break;
 
                /* Do channel operations unless rekeying in progress. */
@@ -633,10 +635,10 @@ index ad35cb7ba..e69c5141f 100644
                client_process_net_input(readset);
 
 diff --git a/config.h.in b/config.h.in
-index 7940b4c86..93295da07 100644
+index 91b65db8f..209760c7c 100644
 --- a/config.h.in
 +++ b/config.h.in
-@@ -1749,6 +1749,9 @@
+@@ -1845,6 +1845,9 @@
 /* Use btmp to log bad logins */
 #undef USE_BTMP
 
@@ -646,7 +648,7 @@ index 7940b4c86..93295da07 100644
 /* Use libedit for sftp */
 #undef USE_LIBEDIT
 
-@@ -1764,6 +1767,9 @@
+@@ -1860,6 +1863,9 @@
 /* Use PIPES instead of a socketpair() */
 #undef USE_PIPES
 
@@ -657,10 +659,10 @@ index 7940b4c86..93295da07 100644
 #undef USE_SOLARIS_PRIVS
 
 diff --git a/configure.ac b/configure.ac
-index 83e530750..82428b241 100644
+index 7379ab358..023e7cc55 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -673,6 +673,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
+@@ -664,6 +664,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
            [Use tunnel device compatibility to OpenBSD])
        AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
            [Prepend the address family to IP tunnel traffic])
@@ -692,7 +694,7 @@ index 83e530750..82428b241 100644
        AC_CHECK_DECL([AU_IPv4], [],
            AC_DEFINE([AU_IPv4], [0], [System only supports IPv4 audit records])
 diff --git a/gss-genr.c b/gss-genr.c
-index d56257b4a..285fc29a5 100644
+index d56257b4a..491e62cee 100644
 --- a/gss-genr.c
 +++ b/gss-genr.c
 @@ -1,7 +1,7 @@
@@ -704,13 +706,16 @@ index d56257b4a..285fc29a5 100644
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
-@@ -41,12 +41,34 @@
+@@ -39,14 +39,37 @@
+ #include "xmalloc.h"
+ #include "ssherr.h"
 #include "sshbuf.h"
+#include "sshkey.h"
 #include "log.h"
 #include "ssh2.h"
 +#include "cipher.h"
 +#include "kex.h"
-+#include <openssl/evp.h>
+#include "digest.h"
 
 #include "ssh-gss.h"
 
@@ -739,7 +744,7 @@ index d56257b4a..285fc29a5 100644
 /* sshbuf_get for gss_buffer_desc */
 int
 ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)
-@@ -62,6 +84,141 @@ ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)
+@@ -62,6 +85,143 @@ ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)
        return 0;
 }
 
@@ -769,10 +774,9 @@ index d56257b4a..285fc29a5 100644
 +       size_t i;
 +       int r, oidpos, enclen;
 +       char *mechs, *encoded;
-+       u_char digest[EVP_MAX_MD_SIZE];
+       u_char digest[SSH_DIGEST_MAX_LENGTH];
 +       char deroid[2];
-+       const EVP_MD *evp_md = EVP_md5();
+       struct ssh_digest_ctx *md;
-+       EVP_MD_CTX md;
 +
 +       if (gss_enc2oid != NULL) {
 +               for (i = 0; gss_enc2oid[i].encoded != NULL; i++)
@@ -794,16 +798,19 @@ index d56257b4a..285fc29a5 100644
 +                       deroid[0] = SSH_GSS_OIDTYPE;
 +                       deroid[1] = gss_supported->elements[i].length;
 +
-+                       EVP_DigestInit(&md, evp_md);
+                       if ((md = ssh_digest_start(SSH_DIGEST_MD5)) == NULL ||
-+                       EVP_DigestUpdate(&md, deroid, 2);
+                           ssh_digest_update(md, deroid, 2) != 0 ||
-+                       EVP_DigestUpdate(&md,
+                           ssh_digest_update(md,
 +                           gss_supported->elements[i].elements,
-+                           gss_supported->elements[i].length);
+                           gss_supported->elements[i].length) != 0 ||
-+                       EVP_DigestFinal(&md, digest, NULL);
+                           ssh_digest_final(md, digest, sizeof(digest)) != 0)
+                               fatal("%s: digest failed", __func__);
 +
-+                       encoded = xmalloc(EVP_MD_size(evp_md) * 2);
+                       encoded = xmalloc(ssh_digest_bytes(SSH_DIGEST_MD5)
-+                       enclen = __b64_ntop(digest, EVP_MD_size(evp_md),
+                           * 2);
-+                           encoded, EVP_MD_size(evp_md) * 2);
+                       enclen = __b64_ntop(digest,
+                           ssh_digest_bytes(SSH_DIGEST_MD5), encoded,
+                           ssh_digest_bytes(SSH_DIGEST_MD5) * 2);
 +
 +                       if (oidpos != 0) {
 +                               if ((r = sshbuf_put_u8(buf, ',')) != 0)
@@ -881,7 +888,7 @@ index d56257b4a..285fc29a5 100644
 /* Check that the OID in a data stream matches that in the context */
 int
 ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
-@@ -218,7 +375,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
+@@ -218,7 +378,7 @@ ssh_gssapi_init_ctx(Gssctxt *ctx, int deleg_creds, gss_buffer_desc *recv_tok,
        }
 
        ctx->major = gss_init_sec_context(&ctx->minor,
@@ -890,7 +897,7 @@ index d56257b4a..285fc29a5 100644
            GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
            0, NULL, recv_tok, NULL, send_tok, flags, NULL);
 
-@@ -247,9 +404,43 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
+@@ -247,9 +407,43 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *host)
        return (ctx->major);
 }
 
@@ -934,7 +941,7 @@ index d56257b4a..285fc29a5 100644
        if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
            GSS_C_QOP_DEFAULT, buffer, hash)))
                ssh_gssapi_error(ctx);
-@@ -257,6 +448,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
+@@ -257,6 +451,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
        return (ctx->major);
 }
 
@@ -954,7 +961,7 @@ index d56257b4a..285fc29a5 100644
 void
 ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
     const char *context)
-@@ -273,11 +477,16 @@ ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
+@@ -273,11 +480,16 @@ ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
 }
 
 int
@@ -972,7 +979,7 @@ index d56257b4a..285fc29a5 100644
 
        /* RFC 4462 says we MUST NOT do SPNEGO */
        if (oid->length == spnego_oid.length && 
-@@ -287,6 +496,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
+@@ -287,6 +499,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
        ssh_gssapi_build_ctx(ctx);
        ssh_gssapi_set_oid(*ctx, oid);
        major = ssh_gssapi_import_name(*ctx, host);
@@ -983,7 +990,7 @@ index d56257b4a..285fc29a5 100644
        if (!GSS_ERROR(major)) {
                major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token, 
                    NULL);
-@@ -296,10 +509,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
+@@ -296,10 +512,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
                            GSS_C_NO_BUFFER);
        }
 
@@ -1540,10 +1547,10 @@ index 593de1208..4e5ead839 100644
     const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
 diff --git a/kexgssc.c b/kexgssc.c
 new file mode 100644
-index 000000000..953c0a248
+index 000000000..3c8ae08dd
 --- /dev/null
 +++ b/kexgssc.c
-@@ -0,0 +1,338 @@
+@@ -0,0 +1,341 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@@ -1602,6 +1609,7 @@ index 000000000..953c0a248
 +       DH *dh; 
 +       BIGNUM *dh_server_pub = NULL;
 +       BIGNUM *shared_secret = NULL;
+       const BIGNUM *pub_key, *dh_p, *dh_g;
 +       BIGNUM *p = NULL;
 +       BIGNUM *g = NULL;       
 +       u_char *kbuf;
@@ -1666,6 +1674,8 @@ index 000000000..953c0a248
 +       
 +       /* Step 1 - e is dh->pub_key */
 +       dh_gen_key(dh, ssh->kex->we_need * 8);
+       DH_get0_key(dh, &pub_key, NULL);
+       DH_get0_pqg(dh, &dh_p, NULL, &dh_g);
 +
 +       /* This is f, we initialise it now to make life easier */
 +       dh_server_pub = BN_new();
@@ -1713,7 +1723,7 @@ index 000000000..953c0a248
 +                               packet_start(SSH2_MSG_KEXGSS_INIT);
 +                               packet_put_string(send_tok.value,
 +                                   send_tok.length);
-+                               packet_put_bignum2(dh->pub_key);
+                               packet_put_bignum2(pub_key);
 +                               first = 0;
 +                       } else {
 +                               packet_start(SSH2_MSG_KEXGSS_CONTINUE);
@@ -1822,7 +1832,7 @@ index 000000000..953c0a248
 +                   sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
 +                   sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
 +                   (serverhostkey ? serverhostkey : empty), slen,
-+                   dh->pub_key,        /* e */
+                   pub_key,            /* e */
 +                   dh_server_pub,      /* f */
 +                   shared_secret,      /* K */
 +                   hash, &hashlen
@@ -1837,8 +1847,8 @@ index 000000000..953c0a248
 +                   sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
 +                   (serverhostkey ? serverhostkey : empty), slen,
 +                   min, nbits, max,
-+                   dh->p, dh->g,
+                   dh_p, dh_g,
-+                   dh->pub_key,
+                   pub_key,
 +                   dh_server_pub,
 +                   shared_secret,
 +                   hash, &hashlen
@@ -1884,10 +1894,10 @@ index 000000000..953c0a248
 +#endif /* GSSAPI */
 diff --git a/kexgsss.c b/kexgsss.c
 new file mode 100644
-index 000000000..31ec6a890
+index 000000000..18070f1d7
 --- /dev/null
 +++ b/kexgsss.c
-@@ -0,0 +1,295 @@
+@@ -0,0 +1,300 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
 + *
@@ -1958,6 +1968,7 @@ index 000000000..31ec6a890
 +       u_char *kbuf;
 +       DH *dh;
 +       int min = -1, max = -1, nbits = -1;
+       const BIGNUM *pub_key, *dh_p, *dh_g;
 +       BIGNUM *shared_secret = NULL;
 +       BIGNUM *dh_client_pub = NULL;
 +       int type = 0;
@@ -2008,10 +2019,11 @@ index 000000000..31ec6a890
 +                   nbits, MIN(DH_GRP_MAX, max)));
 +               if (dh == NULL)
 +                       packet_disconnect("Protocol error: no matching group found");
+               DH_get0_pqg(dh, &dh_p, NULL, &dh_g);
 +
 +               packet_start(SSH2_MSG_KEXGSS_GROUP);
-+               packet_put_bignum2(dh->p);
+               packet_put_bignum2(dh_p);
-+               packet_put_bignum2(dh->g);
+               packet_put_bignum2(dh_g);
 +               packet_send();
 +
 +               packet_write_wait();
@@ -2103,6 +2115,9 @@ index 000000000..31ec6a890
 +       memset(kbuf, 0, klen);
 +       free(kbuf);
 +
+       DH_get0_key(dh, &pub_key, NULL);
+       DH_get0_pqg(dh, &dh_p, NULL, &dh_g);
+
 +       hashlen = sizeof(hash);
 +       switch (ssh->kex->kex_type) {
 +       case KEX_GSS_GRP1_SHA1:
@@ -2113,7 +2128,7 @@ index 000000000..31ec6a890
 +                   sshbuf_ptr(ssh->kex->peer), sshbuf_len(ssh->kex->peer),
 +                   sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
 +                   NULL, 0, /* Change this if we start sending host keys */
-+                   dh_client_pub, dh->pub_key, shared_secret,
+                   dh_client_pub, pub_key, shared_secret,
 +                   hash, &hashlen
 +               );
 +               break;
@@ -2125,9 +2140,9 @@ index 000000000..31ec6a890
 +                   sshbuf_ptr(ssh->kex->my), sshbuf_len(ssh->kex->my),
 +                   NULL, 0,
 +                   min, nbits, max,
-+                   dh->p, dh->g,
+                   dh_p, dh_g,
 +                   dh_client_pub,
-+                   dh->pub_key,
+                   pub_key,
 +                   shared_secret,
 +                   hash, &hashlen
 +               );
@@ -2151,7 +2166,7 @@ index 000000000..31ec6a890
 +               fatal("Couldn't get MIC");
 +
 +       packet_start(SSH2_MSG_KEXGSS_COMPLETE);
-+       packet_put_bignum2(dh->pub_key);
+       packet_put_bignum2(pub_key);
 +       packet_put_string(msg_tok.value,msg_tok.length);
 +
 +       if (send_tok.length != 0) {
@@ -2184,10 +2199,10 @@ index 000000000..31ec6a890
 +}
 +#endif /* GSSAPI */
 diff --git a/monitor.c b/monitor.c
-index d4b4b0471..4e574a2ae 100644
+index 531b2993a..eabc1e89b 100644
 --- a/monitor.c
 +++ b/monitor.c
-@@ -143,6 +143,8 @@ int mm_answer_gss_setup_ctx(int, struct sshbuf *);
+@@ -145,6 +145,8 @@ int mm_answer_gss_setup_ctx(int, struct sshbuf *);
 int mm_answer_gss_accept_ctx(int, struct sshbuf *);
 int mm_answer_gss_userok(int, struct sshbuf *);
 int mm_answer_gss_checkmic(int, struct sshbuf *);
@@ -2196,7 +2211,7 @@ index d4b4b0471..4e574a2ae 100644
 #endif
 
 #ifdef SSH_AUDIT_EVENTS
-@@ -213,11 +215,18 @@ struct mon_table mon_dispatch_proto20[] = {
+@@ -215,11 +217,18 @@ struct mon_table mon_dispatch_proto20[] = {
     {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
     {MONITOR_REQ_GSSUSEROK, MON_ONCE|MON_AUTHDECIDE, mm_answer_gss_userok},
     {MONITOR_REQ_GSSCHECKMIC, MON_ONCE, mm_answer_gss_checkmic},
@@ -2215,7 +2230,7 @@ index d4b4b0471..4e574a2ae 100644
 #ifdef WITH_OPENSSL
     {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
 #endif
-@@ -287,6 +296,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
+@@ -289,6 +298,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
        /* Permit requests for moduli and signatures */
        monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
        monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -2226,7 +2241,7 @@ index d4b4b0471..4e574a2ae 100644
 
        /* The first few requests do not require asynchronous access */
        while (!authenticated) {
-@@ -399,6 +412,10 @@ monitor_child_postauth(struct monitor *pmonitor)
+@@ -401,6 +414,10 @@ monitor_child_postauth(struct monitor *pmonitor)
        monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
        monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
        monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -2237,7 +2252,7 @@ index d4b4b0471..4e574a2ae 100644
 
        if (auth_opts->permit_pty_flag) {
                monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
-@@ -1662,6 +1679,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
+@@ -1666,6 +1683,13 @@ monitor_apply_keystate(struct monitor *pmonitor)
 # endif
 #endif /* WITH_OPENSSL */
                kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -2251,7 +2266,7 @@ index d4b4b0471..4e574a2ae 100644
                kex->load_host_public_key=&get_hostkey_public_by_type;
                kex->load_host_private_key=&get_hostkey_private_by_type;
                kex->host_key_index=&get_hostkey_index;
-@@ -1752,8 +1776,8 @@ mm_answer_gss_setup_ctx(int sock, struct sshbuf *m)
+@@ -1756,8 +1780,8 @@ mm_answer_gss_setup_ctx(int sock, struct sshbuf *m)
        u_char *p;
        int r;
 
@@ -2262,7 +2277,7 @@ index d4b4b0471..4e574a2ae 100644
 
        if ((r = sshbuf_get_string(m, &p, &len)) != 0)
                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-@@ -1785,8 +1809,8 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
+@@ -1789,8 +1813,8 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
        OM_uint32 flags = 0; /* GSI needs this */
        int r;
 
@@ -2273,7 +2288,7 @@ index d4b4b0471..4e574a2ae 100644
 
        if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-@@ -1806,6 +1830,7 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
+@@ -1810,6 +1834,7 @@ mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
                monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2281,7 +2296,7 @@ index d4b4b0471..4e574a2ae 100644
        }
        return (0);
 }
-@@ -1817,8 +1842,8 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m)
+@@ -1821,8 +1846,8 @@ mm_answer_gss_checkmic(int sock, struct sshbuf *m)
        OM_uint32 ret;
        int r;
 
@@ -2292,7 +2307,7 @@ index d4b4b0471..4e574a2ae 100644
 
        if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
            (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
-@@ -1847,10 +1872,11 @@ mm_answer_gss_userok(int sock, struct sshbuf *m)
+@@ -1851,10 +1876,11 @@ mm_answer_gss_userok(int sock, struct sshbuf *m)
        int r, authenticated;
        const char *displayname;
 
@@ -2307,7 +2322,7 @@ index d4b4b0471..4e574a2ae 100644
 
        sshbuf_reset(m);
        if ((r = sshbuf_put_u32(m, authenticated)) != 0)
-@@ -1867,5 +1893,83 @@ mm_answer_gss_userok(int sock, struct sshbuf *m)
+@@ -1871,5 +1897,83 @@ mm_answer_gss_userok(int sock, struct sshbuf *m)
        /* Monitor loop will terminate if authenticated */
        return (authenticated);
 }
@@ -2490,8 +2505,34 @@ index 644da081d..7f93144ff 100644
 #endif
 
 #ifdef USE_PAM
+diff --git a/opacket.c b/opacket.c
+index e637d7a71..7672c0b59 100644
+--- a/opacket.c
+++ b/opacket.c
+@@ -80,7 +80,7 @@ ssh_packet_put_raw(struct ssh *ssh, const void *buf, u_int len)
+ 
+ #ifdef WITH_OPENSSL
+ void
+-ssh_packet_put_bignum2(struct ssh *ssh, BIGNUM * value)
+ssh_packet_put_bignum2(struct ssh *ssh, const BIGNUM * value)
+ {
+        int r;
+ 
+diff --git a/opacket.h b/opacket.h
+index f92fe586e..1cf66a2d3 100644
+--- a/opacket.h
+++ b/opacket.h
+@@ -7,7 +7,7 @@ void     ssh_packet_start(struct ssh *, u_char);
+ void     ssh_packet_put_char(struct ssh *, int ch);
+ void     ssh_packet_put_int(struct ssh *, u_int value);
+ void     ssh_packet_put_int64(struct ssh *, u_int64_t value);
+-void     ssh_packet_put_bignum2(struct ssh *, BIGNUM * value);
+void     ssh_packet_put_bignum2(struct ssh *, const BIGNUM * value);
+ void     ssh_packet_put_ecpoint(struct ssh *, const EC_GROUP *, const EC_POINT *);
+ void     ssh_packet_put_string(struct ssh *, const void *buf, u_int len);
+ void     ssh_packet_put_cstring(struct ssh *, const char *str);
 diff --git a/readconf.c b/readconf.c
-index db5f2d547..4ad3c75fe 100644
+index 433811521..36bc5e59a 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -161,6 +161,8 @@ typedef enum {
@@ -2524,7 +2565,7 @@ index db5f2d547..4ad3c75fe 100644
 #endif
 #ifdef ENABLE_PKCS11
        { "smartcarddevice", oPKCS11Provider },
-@@ -973,10 +985,30 @@ parse_time:
+@@ -974,10 +986,30 @@ parse_time:
                intptr = &options->gss_authentication;
                goto parse_flag;
 
@@ -2555,7 +2596,7 @@ index db5f2d547..4ad3c75fe 100644
        case oBatchMode:
                intptr = &options->batch_mode;
                goto parse_flag;
-@@ -1817,7 +1849,12 @@ initialize_options(Options * options)
+@@ -1842,7 +1874,12 @@ initialize_options(Options * options)
        options->pubkey_authentication = -1;
        options->challenge_response_authentication = -1;
        options->gss_authentication = -1;
@@ -2568,7 +2609,7 @@ index db5f2d547..4ad3c75fe 100644
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->kbd_interactive_devices = NULL;
-@@ -1962,8 +1999,14 @@ fill_default_options(Options * options)
+@@ -1988,8 +2025,14 @@ fill_default_options(Options * options)
                options->challenge_response_authentication = 1;
        if (options->gss_authentication == -1)
                options->gss_authentication = 0;
@@ -2584,7 +2625,7 @@ index db5f2d547..4ad3c75fe 100644
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
 diff --git a/readconf.h b/readconf.h
-index c56887816..5ea0c296b 100644
+index fc7e38251..8e4900d01 100644
 --- a/readconf.h
 +++ b/readconf.h
 @@ -40,7 +40,12 @@ typedef struct {
@@ -2601,7 +2642,7 @@ index c56887816..5ea0c296b 100644
                                                 * authentication. */
        int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 diff --git a/servconf.c b/servconf.c
-index c0f6af0be..e1ae07fb7 100644
+index 932d363bb..4668b8a45 100644
 --- a/servconf.c
 +++ b/servconf.c
 @@ -124,8 +124,10 @@ initialize_server_options(ServerOptions *options)
@@ -2615,7 +2656,7 @@ index c0f6af0be..e1ae07fb7 100644
        options->password_authentication = -1;
        options->kbd_interactive_authentication = -1;
        options->challenge_response_authentication = -1;
-@@ -333,10 +335,14 @@ fill_default_server_options(ServerOptions *options)
+@@ -337,10 +339,14 @@ fill_default_server_options(ServerOptions *options)
                options->kerberos_get_afs_token = 0;
        if (options->gss_authentication == -1)
                options->gss_authentication = 0;
@@ -2630,7 +2671,7 @@ index c0f6af0be..e1ae07fb7 100644
        if (options->password_authentication == -1)
                options->password_authentication = 1;
        if (options->kbd_interactive_authentication == -1)
-@@ -481,6 +487,7 @@ typedef enum {
+@@ -485,6 +491,7 @@ typedef enum {
        sHostKeyAlgorithms,
        sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
        sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@@ -2638,7 +2679,7 @@ index c0f6af0be..e1ae07fb7 100644
        sAcceptEnv, sSetEnv, sPermitTunnel,
        sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
        sUsePrivilegeSeparation, sAllowAgentForwarding,
-@@ -555,12 +562,20 @@ static struct {
+@@ -559,12 +566,20 @@ static struct {
 #ifdef GSSAPI
        { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
        { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -2659,7 +2700,7 @@ index c0f6af0be..e1ae07fb7 100644
        { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
        { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
        { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
-@@ -1459,6 +1474,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1468,6 +1483,10 @@ process_server_config_line(ServerOptions *options, char *line,
                intptr = &options->gss_authentication;
                goto parse_flag;
 
@@ -2670,7 +2711,7 @@ index c0f6af0be..e1ae07fb7 100644
        case sGssCleanupCreds:
                intptr = &options->gss_cleanup_creds;
                goto parse_flag;
-@@ -1467,6 +1486,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1476,6 +1495,10 @@ process_server_config_line(ServerOptions *options, char *line,
                intptr = &options->gss_strict_acceptor;
                goto parse_flag;
 
@@ -2681,7 +2722,7 @@ index c0f6af0be..e1ae07fb7 100644
        case sPasswordAuthentication:
                intptr = &options->password_authentication;
                goto parse_flag;
-@@ -2551,7 +2574,10 @@ dump_config(ServerOptions *o)
+@@ -2560,7 +2583,10 @@ dump_config(ServerOptions *o)
 #endif
 #ifdef GSSAPI
        dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
@@ -2693,10 +2734,10 @@ index c0f6af0be..e1ae07fb7 100644
        dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
        dump_cfg_fmtint(sKbdInteractiveAuthentication,
 diff --git a/servconf.h b/servconf.h
-index 557521d73..9b117fe27 100644
+index 0175e00e8..3b76da816 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -124,8 +124,10 @@ typedef struct {
+@@ -125,8 +125,10 @@ typedef struct {
        int     kerberos_get_afs_token;         /* If true, try to get AFS token if
                                                 * authenticated with Kerberos. */
        int     gss_authentication;     /* If true, permit GSSAPI authentication */
@@ -2825,10 +2866,10 @@ index c12f5ef52..bcb9f153d 100644
 #   CheckHostIP yes
 #   AddressFamily any
 diff --git a/ssh_config.5 b/ssh_config.5
-index f499396a3..5b99921b4 100644
+index 4d5b01d3e..16c79368a 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -718,10 +718,42 @@ The default is
+@@ -736,10 +736,42 @@ The default is
 Specifies whether user authentication based on GSSAPI is allowed.
 The default is
 .Cm no .
@@ -2872,7 +2913,7 @@ index f499396a3..5b99921b4 100644
 Indicates that
 .Xr ssh 1
 diff --git a/sshconnect2.c b/sshconnect2.c
-index 10e4f0a08..c6a1b1271 100644
+index 1675f3935..8c872a4fb 100644
 --- a/sshconnect2.c
 +++ b/sshconnect2.c
 @@ -162,6 +162,11 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
@@ -2985,7 +3026,7 @@ index 10e4f0a08..c6a1b1271 100644
        {"gssapi-with-mic",
                userauth_gssapi,
                NULL,
-@@ -657,25 +723,40 @@ userauth_gssapi(Authctxt *authctxt)
+@@ -686,25 +752,40 @@ userauth_gssapi(Authctxt *authctxt)
        static u_int mech = 0;
        OM_uint32 min;
        int r, ok = 0;
@@ -3028,7 +3069,7 @@ index 10e4f0a08..c6a1b1271 100644
        if (!ok)
                return 0;
 
-@@ -906,6 +987,54 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
+@@ -935,6 +1016,54 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
        free(lang);
        return r;
 }
@@ -3084,7 +3125,7 @@ index 10e4f0a08..c6a1b1271 100644
 
 int
 diff --git a/sshd.c b/sshd.c
-index a738c3ab6..2e453cdf8 100644
+index ba26287ba..539a000fd 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -123,6 +123,10 @@
@@ -3098,16 +3139,7 @@ index a738c3ab6..2e453cdf8 100644
 /* Re-exec fds */
 #define REEXEC_DEVCRYPTO_RESERVED_FD   (STDERR_FILENO + 1)
 #define REEXEC_STARTUP_PIPE_FD         (STDERR_FILENO + 2)
-@@ -536,7 +540,7 @@ privsep_preauth_child(void)
+@@ -1810,10 +1814,13 @@ main(int ac, char **av)
- 
- #ifdef GSSAPI
-        /* Cache supported mechanism OIDs for later use */
-       if (options.gss_authentication)
-+       if (options.gss_authentication || options.gss_keyex)
-                ssh_gssapi_prepare_supported_oids();
- #endif
- 
-@@ -1811,10 +1815,13 @@ main(int ac, char **av)
                free(fp);
        }
        accumulate_host_timing_secret(cfg, NULL);
@@ -3121,7 +3153,7 @@ index a738c3ab6..2e453cdf8 100644
 
        /*
         * Load certificates. They are stored in an array at identical
-@@ -2105,6 +2112,60 @@ main(int ac, char **av)
+@@ -2104,6 +2111,60 @@ main(int ac, char **av)
            rdomain == NULL ? "" : "\"");
        free(laddr);
 
@@ -3182,7 +3214,7 @@ index a738c3ab6..2e453cdf8 100644
        /*
         * We don't want to listen forever unless the other side
         * successfully authenticates itself.  So we set up an alarm which is
-@@ -2288,6 +2349,48 @@ do_ssh2_kex(void)
+@@ -2287,6 +2348,48 @@ do_ssh2_kex(void)
        myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
            list_hostkey_types());
 
@@ -3231,7 +3263,7 @@ index a738c3ab6..2e453cdf8 100644
        /* start key exchange */
        if ((r = kex_setup(active_state, myproposal)) != 0)
                fatal("kex_setup: %s", ssh_err(r));
-@@ -2305,6 +2408,13 @@ do_ssh2_kex(void)
+@@ -2304,6 +2407,13 @@ do_ssh2_kex(void)
 # endif
 #endif
        kex->kex[KEX_C25519_SHA256] = kexc25519_server;
@@ -3259,10 +3291,10 @@ index 19b7c91a1..2c48105f8 100644
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
 diff --git a/sshd_config.5 b/sshd_config.5
-index e1b54ba20..a0ac717c7 100644
+index c6484370b..985eef5a2 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -637,6 +637,11 @@ The default is
+@@ -648,6 +648,11 @@ The default is
 Specifies whether user authentication based on GSSAPI is allowed.
 The default is
 .Cm no .
@@ -3274,7 +3306,7 @@ index e1b54ba20..a0ac717c7 100644
 .It Cm GSSAPICleanupCredentials
 Specifies whether to automatically destroy the user's credentials cache
 on logout.
-@@ -656,6 +661,11 @@ machine's default store.
+@@ -667,6 +672,11 @@ machine's default store.
 This facility is provided to assist with operation on multi homed machines.
 The default is
 .Cm yes .
@@ -3287,10 +3319,10 @@ index e1b54ba20..a0ac717c7 100644
 Specifies the key types that will be accepted for hostbased authentication
 as a list of comma-separated patterns.
 diff --git a/sshkey.c b/sshkey.c
-index 72c08c7e0..91e99a262 100644
+index 6555c5ef8..a85c185fc 100644
 --- a/sshkey.c
 +++ b/sshkey.c
-@@ -140,6 +140,7 @@ static const struct keytype keytypes[] = {
+@@ -135,6 +135,7 @@ static const struct keytype keytypes[] = {
 #  endif /* OPENSSL_HAS_NISTP521 */
 # endif /* OPENSSL_HAS_ECC */
 #endif /* WITH_OPENSSL */
@@ -3298,7 +3330,7 @@ index 72c08c7e0..91e99a262 100644
        { NULL, NULL, NULL, -1, -1, 0, 0 }
 };
 
-@@ -228,7 +229,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
+@@ -223,7 +224,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
        const struct keytype *kt;
 
        for (kt = keytypes; kt->type != -1; kt++) {
@@ -3308,10 +3340,10 @@ index 72c08c7e0..91e99a262 100644
                if (!include_sigonly && kt->sigonly)
                        continue;
 diff --git a/sshkey.h b/sshkey.h
-index 9060b2ecb..0cbdcfd74 100644
+index f6a007fdf..f54deb0c0 100644
 --- a/sshkey.h
 +++ b/sshkey.h
-@@ -63,6 +63,7 @@ enum sshkey_types {
+@@ -64,6 +64,7 @@ enum sshkey_types {
        KEY_ED25519_CERT,
        KEY_XMSS,
        KEY_XMSS_CERT,