summaryrefslogtreecommitdiff
path: root/debian/patches/gssapi.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/gssapi.patch')
-rw-r--r--debian/patches/gssapi.patch138
1 files changed, 69 insertions, 69 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index 685923e47..d779eacb6 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -1,4 +1,4 @@
1From 79f9d21b406c172878896ef41cdc2502fc2f84a7 Mon Sep 17 00:00:00 2001 1From d1b7918f9bce6e997c7952ac795e18d09192b2a6 Mon Sep 17 00:00:00 2001
2From: Simon Wilkinson <simon@sxw.org.uk> 2From: Simon Wilkinson <simon@sxw.org.uk>
3Date: Sun, 9 Feb 2014 16:09:48 +0000 3Date: Sun, 9 Feb 2014 16:09:48 +0000
4Subject: GSSAPI key exchange support 4Subject: GSSAPI key exchange support
@@ -68,10 +68,10 @@ Patch-Name: gssapi.patch
68 create mode 100644 kexgsss.c 68 create mode 100644 kexgsss.c
69 69
70diff --git a/Makefile.in b/Makefile.in 70diff --git a/Makefile.in b/Makefile.in
71index c9e4294d3..bf1e1de47 100644 71index acfb919da..56759c388 100644
72--- a/Makefile.in 72--- a/Makefile.in
73+++ b/Makefile.in 73+++ b/Makefile.in
74@@ -109,6 +109,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ 74@@ -107,6 +107,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
75 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ 75 kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
76 kexgexc.o kexgexs.o \ 76 kexgexc.o kexgexs.o \
77 sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \ 77 sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
@@ -79,7 +79,7 @@ index c9e4294d3..bf1e1de47 100644
79 sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \ 79 sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
80 sshbuf-io.o 80 sshbuf-io.o
81 81
82@@ -125,7 +126,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ 82@@ -123,7 +124,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \
83 auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ 83 auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
84 auth2-none.o auth2-passwd.o auth2-pubkey.o \ 84 auth2-none.o auth2-passwd.o auth2-pubkey.o \
85 monitor.o monitor_wrap.o auth-krb5.o \ 85 monitor.o monitor_wrap.o auth-krb5.o \
@@ -130,7 +130,7 @@ index 28fb43d2a..5b73d24c0 100644
130 130
131 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) 131 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
132diff --git a/auth.c b/auth.c 132diff --git a/auth.c b/auth.c
133index 086b8ebb1..687c57b42 100644 133index 9a5498b66..3d31ec860 100644
134--- a/auth.c 134--- a/auth.c
135+++ b/auth.c 135+++ b/auth.c
136@@ -400,7 +400,8 @@ auth_root_allowed(struct ssh *ssh, const char *method) 136@@ -400,7 +400,8 @@ auth_root_allowed(struct ssh *ssh, const char *method)
@@ -339,7 +339,7 @@ index 9351e0428..d6446c0cf 100644
339 "gssapi-with-mic", 339 "gssapi-with-mic",
340 userauth_gssapi, 340 userauth_gssapi,
341diff --git a/auth2.c b/auth2.c 341diff --git a/auth2.c b/auth2.c
342index 91aaf34a6..a4a5e0069 100644 342index 242a7adbe..9fa1404b3 100644
343--- a/auth2.c 343--- a/auth2.c
344+++ b/auth2.c 344+++ b/auth2.c
345@@ -73,6 +73,7 @@ extern Authmethod method_passwd; 345@@ -73,6 +73,7 @@ extern Authmethod method_passwd;
@@ -477,7 +477,7 @@ index 26d62855a..0cadc9f18 100644
477 int get_peer_port(int); 477 int get_peer_port(int);
478 char *get_local_ipaddr(int); 478 char *get_local_ipaddr(int);
479diff --git a/clientloop.c b/clientloop.c 479diff --git a/clientloop.c b/clientloop.c
480index da396c72a..42ace7789 100644 480index 60b46d161..2cebea29f 100644
481--- a/clientloop.c 481--- a/clientloop.c
482+++ b/clientloop.c 482+++ b/clientloop.c
483@@ -112,6 +112,10 @@ 483@@ -112,6 +112,10 @@
@@ -491,7 +491,7 @@ index da396c72a..42ace7789 100644
491 /* import options */ 491 /* import options */
492 extern Options options; 492 extern Options options;
493 493
494@@ -1361,9 +1365,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, 494@@ -1368,9 +1372,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
495 break; 495 break;
496 496
497 /* Do channel operations unless rekeying in progress. */ 497 /* Do channel operations unless rekeying in progress. */
@@ -512,10 +512,10 @@ index da396c72a..42ace7789 100644
512 client_process_net_input(ssh, readset); 512 client_process_net_input(ssh, readset);
513 513
514diff --git a/configure.ac b/configure.ac 514diff --git a/configure.ac b/configure.ac
515index 460383757..d98e6f74a 100644 515index 7005a503e..c8a96deb4 100644
516--- a/configure.ac 516--- a/configure.ac
517+++ b/configure.ac 517+++ b/configure.ac
518@@ -676,6 +676,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) 518@@ -679,6 +679,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
519 [Use tunnel device compatibility to OpenBSD]) 519 [Use tunnel device compatibility to OpenBSD])
520 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 520 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
521 [Prepend the address family to IP tunnel traffic]) 521 [Prepend the address family to IP tunnel traffic])
@@ -1330,7 +1330,7 @@ index b5d4bb2d1..55f4d4bda 100644
1330 1330
1331 /* Privileged */ 1331 /* Privileged */
1332diff --git a/kex.c b/kex.c 1332diff --git a/kex.c b/kex.c
1333index 09c7258e0..144dee512 100644 1333index aecb9394d..751cfc710 100644
1334--- a/kex.c 1334--- a/kex.c
1335+++ b/kex.c 1335+++ b/kex.c
1336@@ -57,11 +57,16 @@ 1336@@ -57,11 +57,16 @@
@@ -1523,10 +1523,10 @@ index a5ae6ac05..fe7141414 100644
1523 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) 1523 __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
1524 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); 1524 __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
1525diff --git a/kexdh.c b/kexdh.c 1525diff --git a/kexdh.c b/kexdh.c
1526index 67133e339..edaa46762 100644 1526index 6e0159f9f..d024a8b9a 100644
1527--- a/kexdh.c 1527--- a/kexdh.c
1528+++ b/kexdh.c 1528+++ b/kexdh.c
1529@@ -48,13 +48,23 @@ kex_dh_keygen(struct kex *kex) 1529@@ -49,13 +49,23 @@ kex_dh_keygen(struct kex *kex)
1530 { 1530 {
1531 switch (kex->kex_type) { 1531 switch (kex->kex_type) {
1532 case KEX_DH_GRP1_SHA1: 1532 case KEX_DH_GRP1_SHA1:
@@ -2656,7 +2656,7 @@ index 000000000..60bc02deb
2656+} 2656+}
2657+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */ 2657+#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */
2658diff --git a/monitor.c b/monitor.c 2658diff --git a/monitor.c b/monitor.c
2659index b6e855d5d..5347e900d 100644 2659index 4cf79dfc9..11868952b 100644
2660--- a/monitor.c 2660--- a/monitor.c
2661+++ b/monitor.c 2661+++ b/monitor.c
2662@@ -148,6 +148,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *); 2662@@ -148,6 +148,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *);
@@ -2709,7 +2709,7 @@ index b6e855d5d..5347e900d 100644
2709 2709
2710 if (auth_opts->permit_pty_flag) { 2710 if (auth_opts->permit_pty_flag) {
2711 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); 2711 monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1);
2712@@ -1712,6 +1729,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) 2712@@ -1725,6 +1742,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
2713 # ifdef OPENSSL_HAS_ECC 2713 # ifdef OPENSSL_HAS_ECC
2714 kex->kex[KEX_ECDH_SHA2] = kex_gen_server; 2714 kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
2715 # endif 2715 # endif
@@ -2727,7 +2727,7 @@ index b6e855d5d..5347e900d 100644
2727 #endif /* WITH_OPENSSL */ 2727 #endif /* WITH_OPENSSL */
2728 kex->kex[KEX_C25519_SHA256] = kex_gen_server; 2728 kex->kex[KEX_C25519_SHA256] = kex_gen_server;
2729 kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; 2729 kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
2730@@ -1805,8 +1833,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 2730@@ -1818,8 +1846,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
2731 u_char *p; 2731 u_char *p;
2732 int r; 2732 int r;
2733 2733
@@ -2738,7 +2738,7 @@ index b6e855d5d..5347e900d 100644
2738 2738
2739 if ((r = sshbuf_get_string(m, &p, &len)) != 0) 2739 if ((r = sshbuf_get_string(m, &p, &len)) != 0)
2740 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2740 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2741@@ -1838,8 +1866,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 2741@@ -1851,8 +1879,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
2742 OM_uint32 flags = 0; /* GSI needs this */ 2742 OM_uint32 flags = 0; /* GSI needs this */
2743 int r; 2743 int r;
2744 2744
@@ -2749,7 +2749,7 @@ index b6e855d5d..5347e900d 100644
2749 2749
2750 if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) 2750 if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
2751 fatal("%s: buffer error: %s", __func__, ssh_err(r)); 2751 fatal("%s: buffer error: %s", __func__, ssh_err(r));
2752@@ -1859,6 +1887,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) 2752@@ -1872,6 +1900,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
2753 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 2753 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
2754 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2754 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
2755 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 2755 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2757,7 +2757,7 @@ index b6e855d5d..5347e900d 100644
2757 } 2757 }
2758 return (0); 2758 return (0);
2759 } 2759 }
2760@@ -1870,8 +1899,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) 2760@@ -1883,8 +1912,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
2761 OM_uint32 ret; 2761 OM_uint32 ret;
2762 int r; 2762 int r;
2763 2763
@@ -2768,7 +2768,7 @@ index b6e855d5d..5347e900d 100644
2768 2768
2769 if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || 2769 if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
2770 (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) 2770 (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
2771@@ -1897,13 +1926,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) 2771@@ -1910,13 +1939,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
2772 int 2772 int
2773 mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) 2773 mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
2774 { 2774 {
@@ -2790,7 +2790,7 @@ index b6e855d5d..5347e900d 100644
2790 2790
2791 sshbuf_reset(m); 2791 sshbuf_reset(m);
2792 if ((r = sshbuf_put_u32(m, authenticated)) != 0) 2792 if ((r = sshbuf_put_u32(m, authenticated)) != 0)
2793@@ -1912,7 +1945,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) 2793@@ -1925,7 +1958,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
2794 debug3("%s: sending result %d", __func__, authenticated); 2794 debug3("%s: sending result %d", __func__, authenticated);
2795 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); 2795 mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
2796 2796
@@ -2803,7 +2803,7 @@ index b6e855d5d..5347e900d 100644
2803 2803
2804 if ((displayname = ssh_gssapi_displayname()) != NULL) 2804 if ((displayname = ssh_gssapi_displayname()) != NULL)
2805 auth2_record_info(authctxt, "%s", displayname); 2805 auth2_record_info(authctxt, "%s", displayname);
2806@@ -1920,5 +1957,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) 2806@@ -1933,5 +1970,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
2807 /* Monitor loop will terminate if authenticated */ 2807 /* Monitor loop will terminate if authenticated */
2808 return (authenticated); 2808 return (authenticated);
2809 } 2809 }
@@ -2903,7 +2903,7 @@ index 683e5e071..2b1a2d590 100644
2903 2903
2904 struct ssh; 2904 struct ssh;
2905diff --git a/monitor_wrap.c b/monitor_wrap.c 2905diff --git a/monitor_wrap.c b/monitor_wrap.c
2906index 001a8fa1c..6edb509a3 100644 2906index 5e38d83eb..0e78cd006 100644
2907--- a/monitor_wrap.c 2907--- a/monitor_wrap.c
2908+++ b/monitor_wrap.c 2908+++ b/monitor_wrap.c
2909@@ -993,13 +993,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) 2909@@ -993,13 +993,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic)
@@ -2982,10 +2982,10 @@ index 001a8fa1c..6edb509a3 100644
2982+ 2982+
2983 #endif /* GSSAPI */ 2983 #endif /* GSSAPI */
2984diff --git a/monitor_wrap.h b/monitor_wrap.h 2984diff --git a/monitor_wrap.h b/monitor_wrap.h
2985index 23ab096aa..485590c18 100644 2985index 0db38c206..75aef1c74 100644
2986--- a/monitor_wrap.h 2986--- a/monitor_wrap.h
2987+++ b/monitor_wrap.h 2987+++ b/monitor_wrap.h
2988@@ -64,8 +64,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, 2988@@ -65,8 +65,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
2989 OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); 2989 OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
2990 OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, 2990 OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
2991 gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); 2991 gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
@@ -2998,7 +2998,7 @@ index 23ab096aa..485590c18 100644
2998 2998
2999 #ifdef USE_PAM 2999 #ifdef USE_PAM
3000diff --git a/readconf.c b/readconf.c 3000diff --git a/readconf.c b/readconf.c
3001index 2afcbaeca..fb585e248 100644 3001index 554efd7c9..57dae55d1 100644
3002--- a/readconf.c 3002--- a/readconf.c
3003+++ b/readconf.c 3003+++ b/readconf.c
3004@@ -67,6 +67,7 @@ 3004@@ -67,6 +67,7 @@
@@ -3041,7 +3041,7 @@ index 2afcbaeca..fb585e248 100644
3041 #endif 3041 #endif
3042 #ifdef ENABLE_PKCS11 3042 #ifdef ENABLE_PKCS11
3043 { "pkcs11provider", oPKCS11Provider }, 3043 { "pkcs11provider", oPKCS11Provider },
3044@@ -1053,10 +1068,42 @@ parse_time: 3044@@ -1068,10 +1083,42 @@ parse_time:
3045 intptr = &options->gss_authentication; 3045 intptr = &options->gss_authentication;
3046 goto parse_flag; 3046 goto parse_flag;
3047 3047
@@ -3084,7 +3084,7 @@ index 2afcbaeca..fb585e248 100644
3084 case oBatchMode: 3084 case oBatchMode:
3085 intptr = &options->batch_mode; 3085 intptr = &options->batch_mode;
3086 goto parse_flag; 3086 goto parse_flag;
3087@@ -1935,7 +1982,13 @@ initialize_options(Options * options) 3087@@ -1976,7 +2023,13 @@ initialize_options(Options * options)
3088 options->pubkey_authentication = -1; 3088 options->pubkey_authentication = -1;
3089 options->challenge_response_authentication = -1; 3089 options->challenge_response_authentication = -1;
3090 options->gss_authentication = -1; 3090 options->gss_authentication = -1;
@@ -3098,7 +3098,7 @@ index 2afcbaeca..fb585e248 100644
3098 options->password_authentication = -1; 3098 options->password_authentication = -1;
3099 options->kbd_interactive_authentication = -1; 3099 options->kbd_interactive_authentication = -1;
3100 options->kbd_interactive_devices = NULL; 3100 options->kbd_interactive_devices = NULL;
3101@@ -2083,8 +2136,18 @@ fill_default_options(Options * options) 3101@@ -2125,8 +2178,18 @@ fill_default_options(Options * options)
3102 options->challenge_response_authentication = 1; 3102 options->challenge_response_authentication = 1;
3103 if (options->gss_authentication == -1) 3103 if (options->gss_authentication == -1)
3104 options->gss_authentication = 0; 3104 options->gss_authentication = 0;
@@ -3117,7 +3117,7 @@ index 2afcbaeca..fb585e248 100644
3117 if (options->password_authentication == -1) 3117 if (options->password_authentication == -1)
3118 options->password_authentication = 1; 3118 options->password_authentication = 1;
3119 if (options->kbd_interactive_authentication == -1) 3119 if (options->kbd_interactive_authentication == -1)
3120@@ -2726,7 +2789,14 @@ dump_client_config(Options *o, const char *host) 3120@@ -2776,7 +2839,14 @@ dump_client_config(Options *o, const char *host)
3121 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); 3121 dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports);
3122 #ifdef GSSAPI 3122 #ifdef GSSAPI
3123 dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); 3123 dump_cfg_fmtint(oGssAuthentication, o->gss_authentication);
@@ -3133,7 +3133,7 @@ index 2afcbaeca..fb585e248 100644
3133 dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); 3133 dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts);
3134 dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); 3134 dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication);
3135diff --git a/readconf.h b/readconf.h 3135diff --git a/readconf.h b/readconf.h
3136index e143a1082..c405b837f 100644 3136index d6a15550d..3803eeddf 100644
3137--- a/readconf.h 3137--- a/readconf.h
3138+++ b/readconf.h 3138+++ b/readconf.h
3139@@ -41,7 +41,13 @@ typedef struct { 3139@@ -41,7 +41,13 @@ typedef struct {
@@ -3151,10 +3151,10 @@ index e143a1082..c405b837f 100644
3151 * authentication. */ 3151 * authentication. */
3152 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 3152 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
3153diff --git a/servconf.c b/servconf.c 3153diff --git a/servconf.c b/servconf.c
3154index ba0a92c7b..f38ba9e44 100644 3154index f08e37477..ded8f4a87 100644
3155--- a/servconf.c 3155--- a/servconf.c
3156+++ b/servconf.c 3156+++ b/servconf.c
3157@@ -69,6 +69,7 @@ 3157@@ -70,6 +70,7 @@
3158 #include "auth.h" 3158 #include "auth.h"
3159 #include "myproposal.h" 3159 #include "myproposal.h"
3160 #include "digest.h" 3160 #include "digest.h"
@@ -3162,7 +3162,7 @@ index ba0a92c7b..f38ba9e44 100644
3162 3162
3163 static void add_listen_addr(ServerOptions *, const char *, 3163 static void add_listen_addr(ServerOptions *, const char *,
3164 const char *, int); 3164 const char *, int);
3165@@ -133,8 +134,11 @@ initialize_server_options(ServerOptions *options) 3165@@ -134,8 +135,11 @@ initialize_server_options(ServerOptions *options)
3166 options->kerberos_ticket_cleanup = -1; 3166 options->kerberos_ticket_cleanup = -1;
3167 options->kerberos_get_afs_token = -1; 3167 options->kerberos_get_afs_token = -1;
3168 options->gss_authentication=-1; 3168 options->gss_authentication=-1;
@@ -3174,7 +3174,7 @@ index ba0a92c7b..f38ba9e44 100644
3174 options->password_authentication = -1; 3174 options->password_authentication = -1;
3175 options->kbd_interactive_authentication = -1; 3175 options->kbd_interactive_authentication = -1;
3176 options->challenge_response_authentication = -1; 3176 options->challenge_response_authentication = -1;
3177@@ -375,10 +379,18 @@ fill_default_server_options(ServerOptions *options) 3177@@ -376,10 +380,18 @@ fill_default_server_options(ServerOptions *options)
3178 options->kerberos_get_afs_token = 0; 3178 options->kerberos_get_afs_token = 0;
3179 if (options->gss_authentication == -1) 3179 if (options->gss_authentication == -1)
3180 options->gss_authentication = 0; 3180 options->gss_authentication = 0;
@@ -3193,7 +3193,7 @@ index ba0a92c7b..f38ba9e44 100644
3193 if (options->password_authentication == -1) 3193 if (options->password_authentication == -1)
3194 options->password_authentication = 1; 3194 options->password_authentication = 1;
3195 if (options->kbd_interactive_authentication == -1) 3195 if (options->kbd_interactive_authentication == -1)
3196@@ -531,6 +543,7 @@ typedef enum { 3196@@ -523,6 +535,7 @@ typedef enum {
3197 sHostKeyAlgorithms, 3197 sHostKeyAlgorithms,
3198 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, 3198 sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
3199 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, 3199 sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
@@ -3201,7 +3201,7 @@ index ba0a92c7b..f38ba9e44 100644
3201 sAcceptEnv, sSetEnv, sPermitTunnel, 3201 sAcceptEnv, sSetEnv, sPermitTunnel,
3202 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, 3202 sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory,
3203 sUsePrivilegeSeparation, sAllowAgentForwarding, 3203 sUsePrivilegeSeparation, sAllowAgentForwarding,
3204@@ -607,12 +620,22 @@ static struct { 3204@@ -600,12 +613,22 @@ static struct {
3205 #ifdef GSSAPI 3205 #ifdef GSSAPI
3206 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, 3206 { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
3207 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, 3207 { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -3224,7 +3224,7 @@ index ba0a92c7b..f38ba9e44 100644
3224 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, 3224 { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
3225 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, 3225 { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
3226 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, 3226 { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
3227@@ -1555,6 +1578,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, 3227@@ -1557,6 +1580,10 @@ process_server_config_line_depth(ServerOptions *options, char *line,
3228 intptr = &options->gss_authentication; 3228 intptr = &options->gss_authentication;
3229 goto parse_flag; 3229 goto parse_flag;
3230 3230
@@ -3235,7 +3235,7 @@ index ba0a92c7b..f38ba9e44 100644
3235 case sGssCleanupCreds: 3235 case sGssCleanupCreds:
3236 intptr = &options->gss_cleanup_creds; 3236 intptr = &options->gss_cleanup_creds;
3237 goto parse_flag; 3237 goto parse_flag;
3238@@ -1563,6 +1590,22 @@ process_server_config_line_depth(ServerOptions *options, char *line, 3238@@ -1565,6 +1592,22 @@ process_server_config_line_depth(ServerOptions *options, char *line,
3239 intptr = &options->gss_strict_acceptor; 3239 intptr = &options->gss_strict_acceptor;
3240 goto parse_flag; 3240 goto parse_flag;
3241 3241
@@ -3258,7 +3258,7 @@ index ba0a92c7b..f38ba9e44 100644
3258 case sPasswordAuthentication: 3258 case sPasswordAuthentication:
3259 intptr = &options->password_authentication; 3259 intptr = &options->password_authentication;
3260 goto parse_flag; 3260 goto parse_flag;
3261@@ -2791,6 +2834,10 @@ dump_config(ServerOptions *o) 3261@@ -2808,6 +2851,10 @@ dump_config(ServerOptions *o)
3262 #ifdef GSSAPI 3262 #ifdef GSSAPI
3263 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); 3263 dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
3264 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); 3264 dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
@@ -3270,10 +3270,10 @@ index ba0a92c7b..f38ba9e44 100644
3270 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); 3270 dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
3271 dump_cfg_fmtint(sKbdInteractiveAuthentication, 3271 dump_cfg_fmtint(sKbdInteractiveAuthentication,
3272diff --git a/servconf.h b/servconf.h 3272diff --git a/servconf.h b/servconf.h
3273index a420f398d..253cad97e 100644 3273index 1df8f3db8..f10908e5b 100644
3274--- a/servconf.h 3274--- a/servconf.h
3275+++ b/servconf.h 3275+++ b/servconf.h
3276@@ -137,8 +137,11 @@ typedef struct { 3276@@ -138,8 +138,11 @@ typedef struct {
3277 int kerberos_get_afs_token; /* If true, try to get AFS token if 3277 int kerberos_get_afs_token; /* If true, try to get AFS token if
3278 * authenticated with Kerberos. */ 3278 * authenticated with Kerberos. */
3279 int gss_authentication; /* If true, permit GSSAPI authentication */ 3279 int gss_authentication; /* If true, permit GSSAPI authentication */
@@ -3286,10 +3286,10 @@ index a420f398d..253cad97e 100644
3286 * authentication. */ 3286 * authentication. */
3287 int kbd_interactive_authentication; /* If true, permit */ 3287 int kbd_interactive_authentication; /* If true, permit */
3288diff --git a/session.c b/session.c 3288diff --git a/session.c b/session.c
3289index 18cdfa8cf..f9c2c866e 100644 3289index 27ca8a104..857f17b3c 100644
3290--- a/session.c 3290--- a/session.c
3291+++ b/session.c 3291+++ b/session.c
3292@@ -2678,13 +2678,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt) 3292@@ -2685,13 +2685,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt)
3293 3293
3294 #ifdef KRB5 3294 #ifdef KRB5
3295 if (options.kerberos_ticket_cleanup && 3295 if (options.kerberos_ticket_cleanup &&
@@ -3436,7 +3436,7 @@ index 36180d07a..50d80bbca 100644
3436 3436
3437 #endif /* _SSH_GSS_H */ 3437 #endif /* _SSH_GSS_H */
3438diff --git a/ssh.1 b/ssh.1 3438diff --git a/ssh.1 b/ssh.1
3439index dce5f404b..7a3ba31ab 100644 3439index 555317887..be8e964f0 100644
3440--- a/ssh.1 3440--- a/ssh.1
3441+++ b/ssh.1 3441+++ b/ssh.1
3442@@ -506,7 +506,13 @@ For full details of the options listed below, and their possible values, see 3442@@ -506,7 +506,13 @@ For full details of the options listed below, and their possible values, see
@@ -3463,10 +3463,10 @@ index dce5f404b..7a3ba31ab 100644
3463 (key types), 3463 (key types),
3464 .Ar key-cert 3464 .Ar key-cert
3465diff --git a/ssh.c b/ssh.c 3465diff --git a/ssh.c b/ssh.c
3466index 98b6ce788..4a81ef810 100644 3466index f34ca0d71..bb98a7e2d 100644
3467--- a/ssh.c 3467--- a/ssh.c
3468+++ b/ssh.c 3468+++ b/ssh.c
3469@@ -773,6 +773,8 @@ main(int ac, char **av) 3469@@ -801,6 +801,8 @@ main(int ac, char **av)
3470 else if (strcmp(optarg, "kex") == 0 || 3470 else if (strcmp(optarg, "kex") == 0 ||
3471 strcasecmp(optarg, "KexAlgorithms") == 0) 3471 strcasecmp(optarg, "KexAlgorithms") == 0)
3472 cp = kex_alg_list('\n'); 3472 cp = kex_alg_list('\n');
@@ -3475,7 +3475,7 @@ index 98b6ce788..4a81ef810 100644
3475 else if (strcmp(optarg, "key") == 0) 3475 else if (strcmp(optarg, "key") == 0)
3476 cp = sshkey_alg_list(0, 0, 0, '\n'); 3476 cp = sshkey_alg_list(0, 0, 0, '\n');
3477 else if (strcmp(optarg, "key-cert") == 0) 3477 else if (strcmp(optarg, "key-cert") == 0)
3478@@ -798,8 +800,8 @@ main(int ac, char **av) 3478@@ -826,8 +828,8 @@ main(int ac, char **av)
3479 } else if (strcmp(optarg, "help") == 0) { 3479 } else if (strcmp(optarg, "help") == 0) {
3480 cp = xstrdup( 3480 cp = xstrdup(
3481 "cipher\ncipher-auth\ncompression\nkex\n" 3481 "cipher\ncipher-auth\ncompression\nkex\n"
@@ -3487,7 +3487,7 @@ index 98b6ce788..4a81ef810 100644
3487 if (cp == NULL) 3487 if (cp == NULL)
3488 fatal("Unsupported query \"%s\"", optarg); 3488 fatal("Unsupported query \"%s\"", optarg);
3489diff --git a/ssh_config b/ssh_config 3489diff --git a/ssh_config b/ssh_config
3490index 5e8ef548b..1ff999b68 100644 3490index 842ea866c..52aae8692 100644
3491--- a/ssh_config 3491--- a/ssh_config
3492+++ b/ssh_config 3492+++ b/ssh_config
3493@@ -24,6 +24,8 @@ 3493@@ -24,6 +24,8 @@
@@ -3500,10 +3500,10 @@ index 5e8ef548b..1ff999b68 100644
3500 # CheckHostIP yes 3500 # CheckHostIP yes
3501 # AddressFamily any 3501 # AddressFamily any
3502diff --git a/ssh_config.5 b/ssh_config.5 3502diff --git a/ssh_config.5 b/ssh_config.5
3503index dc010ccbd..e2a2359f9 100644 3503index 6be1f1aa2..bd86d000c 100644
3504--- a/ssh_config.5 3504--- a/ssh_config.5
3505+++ b/ssh_config.5 3505+++ b/ssh_config.5
3506@@ -766,10 +766,67 @@ The default is 3506@@ -779,10 +779,67 @@ The default is
3507 Specifies whether user authentication based on GSSAPI is allowed. 3507 Specifies whether user authentication based on GSSAPI is allowed.
3508 The default is 3508 The default is
3509 .Cm no . 3509 .Cm no .
@@ -3572,7 +3572,7 @@ index dc010ccbd..e2a2359f9 100644
3572 Indicates that 3572 Indicates that
3573 .Xr ssh 1 3573 .Xr ssh 1
3574diff --git a/sshconnect2.c b/sshconnect2.c 3574diff --git a/sshconnect2.c b/sshconnect2.c
3575index 1a6545edf..79a22e600 100644 3575index f64aae66a..c47fc31a6 100644
3576--- a/sshconnect2.c 3576--- a/sshconnect2.c
3577+++ b/sshconnect2.c 3577+++ b/sshconnect2.c
3578@@ -80,8 +80,6 @@ 3578@@ -80,8 +80,6 @@
@@ -3584,7 +3584,7 @@ index 1a6545edf..79a22e600 100644
3584 extern Options options; 3584 extern Options options;
3585 3585
3586 /* 3586 /*
3587@@ -163,6 +161,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) 3587@@ -210,6 +208,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
3588 char *s, *all_key; 3588 char *s, *all_key;
3589 int r, use_known_hosts_order = 0; 3589 int r, use_known_hosts_order = 0;
3590 3590
@@ -3596,7 +3596,7 @@ index 1a6545edf..79a22e600 100644
3596 xxx_host = host; 3596 xxx_host = host;
3597 xxx_hostaddr = hostaddr; 3597 xxx_hostaddr = hostaddr;
3598 3598
3599@@ -206,6 +209,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) 3599@@ -253,6 +256,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
3600 compat_pkalg_proposal(options.hostkeyalgorithms); 3600 compat_pkalg_proposal(options.hostkeyalgorithms);
3601 } 3601 }
3602 3602
@@ -3638,7 +3638,7 @@ index 1a6545edf..79a22e600 100644
3638 if (options.rekey_limit || options.rekey_interval) 3638 if (options.rekey_limit || options.rekey_interval)
3639 ssh_packet_set_rekey_limits(ssh, options.rekey_limit, 3639 ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
3640 options.rekey_interval); 3640 options.rekey_interval);
3641@@ -224,16 +262,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) 3641@@ -271,16 +309,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
3642 # ifdef OPENSSL_HAS_ECC 3642 # ifdef OPENSSL_HAS_ECC
3643 ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; 3643 ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
3644 # endif 3644 # endif
@@ -3686,7 +3686,7 @@ index 1a6545edf..79a22e600 100644
3686 if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) 3686 if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
3687 fatal("kex_prop2buf: %s", ssh_err(r)); 3687 fatal("kex_prop2buf: %s", ssh_err(r));
3688 3688
3689@@ -330,6 +398,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *); 3689@@ -377,6 +445,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *);
3690 static int input_gssapi_token(int type, u_int32_t, struct ssh *); 3690 static int input_gssapi_token(int type, u_int32_t, struct ssh *);
3691 static int input_gssapi_error(int, u_int32_t, struct ssh *); 3691 static int input_gssapi_error(int, u_int32_t, struct ssh *);
3692 static int input_gssapi_errtok(int, u_int32_t, struct ssh *); 3692 static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
@@ -3694,7 +3694,7 @@ index 1a6545edf..79a22e600 100644
3694 #endif 3694 #endif
3695 3695
3696 void userauth(struct ssh *, char *); 3696 void userauth(struct ssh *, char *);
3697@@ -346,6 +415,11 @@ static char *authmethods_get(void); 3697@@ -393,6 +462,11 @@ static char *authmethods_get(void);
3698 3698
3699 Authmethod authmethods[] = { 3699 Authmethod authmethods[] = {
3700 #ifdef GSSAPI 3700 #ifdef GSSAPI
@@ -3706,7 +3706,7 @@ index 1a6545edf..79a22e600 100644
3706 {"gssapi-with-mic", 3706 {"gssapi-with-mic",
3707 userauth_gssapi, 3707 userauth_gssapi,
3708 userauth_gssapi_cleanup, 3708 userauth_gssapi_cleanup,
3709@@ -716,12 +790,31 @@ userauth_gssapi(struct ssh *ssh) 3709@@ -763,12 +837,31 @@ userauth_gssapi(struct ssh *ssh)
3710 OM_uint32 min; 3710 OM_uint32 min;
3711 int r, ok = 0; 3711 int r, ok = 0;
3712 gss_OID mech = NULL; 3712 gss_OID mech = NULL;
@@ -3739,7 +3739,7 @@ index 1a6545edf..79a22e600 100644
3739 3739
3740 /* Check to see whether the mechanism is usable before we offer it */ 3740 /* Check to see whether the mechanism is usable before we offer it */
3741 while (authctxt->mech_tried < authctxt->gss_supported_mechs->count && 3741 while (authctxt->mech_tried < authctxt->gss_supported_mechs->count &&
3742@@ -730,13 +823,15 @@ userauth_gssapi(struct ssh *ssh) 3742@@ -777,13 +870,15 @@ userauth_gssapi(struct ssh *ssh)
3743 elements[authctxt->mech_tried]; 3743 elements[authctxt->mech_tried];
3744 /* My DER encoding requires length<128 */ 3744 /* My DER encoding requires length<128 */
3745 if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, 3745 if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
@@ -3756,7 +3756,7 @@ index 1a6545edf..79a22e600 100644
3756 if (!ok || mech == NULL) 3756 if (!ok || mech == NULL)
3757 return 0; 3757 return 0;
3758 3758
3759@@ -976,6 +1071,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) 3759@@ -1023,6 +1118,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
3760 free(lang); 3760 free(lang);
3761 return r; 3761 return r;
3762 } 3762 }
@@ -3813,7 +3813,7 @@ index 1a6545edf..79a22e600 100644
3813 3813
3814 static int 3814 static int
3815diff --git a/sshd.c b/sshd.c 3815diff --git a/sshd.c b/sshd.c
3816index 6f8f11a3b..02fca5c28 100644 3816index 8aa7f3df6..8c5d5822e 100644
3817--- a/sshd.c 3817--- a/sshd.c
3818+++ b/sshd.c 3818+++ b/sshd.c
3819@@ -816,8 +816,8 @@ notify_hostkeys(struct ssh *ssh) 3819@@ -816,8 +816,8 @@ notify_hostkeys(struct ssh *ssh)
@@ -3827,7 +3827,7 @@ index 6f8f11a3b..02fca5c28 100644
3827 sshpkt_fatal(ssh, r, "%s: send", __func__); 3827 sshpkt_fatal(ssh, r, "%s: send", __func__);
3828 sshbuf_free(buf); 3828 sshbuf_free(buf);
3829 } 3829 }
3830@@ -1851,7 +1851,8 @@ main(int ac, char **av) 3830@@ -1901,7 +1901,8 @@ main(int ac, char **av)
3831 free(fp); 3831 free(fp);
3832 } 3832 }
3833 accumulate_host_timing_secret(cfg, NULL); 3833 accumulate_host_timing_secret(cfg, NULL);
@@ -3837,7 +3837,7 @@ index 6f8f11a3b..02fca5c28 100644
3837 logit("sshd: no hostkeys available -- exiting."); 3837 logit("sshd: no hostkeys available -- exiting.");
3838 exit(1); 3838 exit(1);
3839 } 3839 }
3840@@ -2342,6 +2343,48 @@ do_ssh2_kex(struct ssh *ssh) 3840@@ -2393,6 +2394,48 @@ do_ssh2_kex(struct ssh *ssh)
3841 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( 3841 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
3842 list_hostkey_types()); 3842 list_hostkey_types());
3843 3843
@@ -3886,7 +3886,7 @@ index 6f8f11a3b..02fca5c28 100644
3886 /* start key exchange */ 3886 /* start key exchange */
3887 if ((r = kex_setup(ssh, myproposal)) != 0) 3887 if ((r = kex_setup(ssh, myproposal)) != 0)
3888 fatal("kex_setup: %s", ssh_err(r)); 3888 fatal("kex_setup: %s", ssh_err(r));
3889@@ -2357,7 +2400,18 @@ do_ssh2_kex(struct ssh *ssh) 3889@@ -2408,7 +2451,18 @@ do_ssh2_kex(struct ssh *ssh)
3890 # ifdef OPENSSL_HAS_ECC 3890 # ifdef OPENSSL_HAS_ECC
3891 kex->kex[KEX_ECDH_SHA2] = kex_gen_server; 3891 kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
3892 # endif 3892 # endif
@@ -3920,7 +3920,7 @@ index 19b7c91a1..2c48105f8 100644
3920 # Set this to 'yes' to enable PAM authentication, account processing, 3920 # Set this to 'yes' to enable PAM authentication, account processing,
3921 # and session processing. If this is enabled, PAM authentication will 3921 # and session processing. If this is enabled, PAM authentication will
3922diff --git a/sshd_config.5 b/sshd_config.5 3922diff --git a/sshd_config.5 b/sshd_config.5
3923index b294efc2d..360e5fb1a 100644 3923index 6fa421cae..eabbe9e73 100644
3924--- a/sshd_config.5 3924--- a/sshd_config.5
3925+++ b/sshd_config.5 3925+++ b/sshd_config.5
3926@@ -644,6 +644,11 @@ Specifies whether to automatically destroy the user's credentials cache 3926@@ -644,6 +644,11 @@ Specifies whether to automatically destroy the user's credentials cache
@@ -3968,10 +3968,10 @@ index b294efc2d..360e5fb1a 100644
3968 Specifies the key types that will be accepted for hostbased authentication 3968 Specifies the key types that will be accepted for hostbased authentication
3969 as a list of comma-separated patterns. 3969 as a list of comma-separated patterns.
3970diff --git a/sshkey.c b/sshkey.c 3970diff --git a/sshkey.c b/sshkey.c
3971index 1571e3d93..1ac32a0ec 100644 3971index ac451f1a8..b88282e19 100644
3972--- a/sshkey.c 3972--- a/sshkey.c
3973+++ b/sshkey.c 3973+++ b/sshkey.c
3974@@ -154,6 +154,7 @@ static const struct keytype keytypes[] = { 3974@@ -156,6 +156,7 @@ static const struct keytype keytypes[] = {
3975 KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 }, 3975 KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 },
3976 # endif /* OPENSSL_HAS_ECC */ 3976 # endif /* OPENSSL_HAS_ECC */
3977 #endif /* WITH_OPENSSL */ 3977 #endif /* WITH_OPENSSL */
@@ -3979,7 +3979,7 @@ index 1571e3d93..1ac32a0ec 100644
3979 { NULL, NULL, NULL, -1, -1, 0, 0 } 3979 { NULL, NULL, NULL, -1, -1, 0, 0 }
3980 }; 3980 };
3981 3981
3982@@ -255,7 +256,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) 3982@@ -257,7 +258,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep)
3983 const struct keytype *kt; 3983 const struct keytype *kt;
3984 3984
3985 for (kt = keytypes; kt->type != -1; kt++) { 3985 for (kt = keytypes; kt->type != -1; kt++) {
@@ -3989,7 +3989,7 @@ index 1571e3d93..1ac32a0ec 100644
3989 if (!include_sigonly && kt->sigonly) 3989 if (!include_sigonly && kt->sigonly)
3990 continue; 3990 continue;
3991diff --git a/sshkey.h b/sshkey.h 3991diff --git a/sshkey.h b/sshkey.h
3992index 9c1d4f637..f586e8967 100644 3992index 2d8b62497..dc1c10597 100644
3993--- a/sshkey.h 3993--- a/sshkey.h
3994+++ b/sshkey.h 3994+++ b/sshkey.h
3995@@ -69,6 +69,7 @@ enum sshkey_types { 3995@@ -69,6 +69,7 @@ enum sshkey_types {
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 19:04:07 +0000