Download raw body.
die DSA die
This finally removes all the remaining bits of DSA support from
OpenSSH and fixes up the regress tests that I could run.
I'm not set up to run the ssh.com interop tests so it's possible
they are broken by this.
ok?
Index: usr.bin/ssh/authfd.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/authfd.c,v
diff -u -p -r1.134 authfd.c
--- usr.bin/ssh/authfd.c 18 Dec 2023 14:46:56 -0000 1.134
+++ usr.bin/ssh/authfd.c 5 May 2025 06:32:40 -0000
@@ -600,8 +600,6 @@ ssh_add_identity_constrained(int sock, s
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
- case KEY_DSA:
- case KEY_DSA_CERT:
case KEY_ECDSA:
case KEY_ECDSA_CERT:
case KEY_ECDSA_SK:
Index: usr.bin/ssh/authfile.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/authfile.c,v
diff -u -p -r1.145 authfile.c
--- usr.bin/ssh/authfile.c 22 Sep 2024 12:56:21 -0000 1.145
+++ usr.bin/ssh/authfile.c 5 May 2025 06:32:40 -0000
@@ -323,7 +323,6 @@ sshkey_load_private_cert(int type, const
switch (type) {
#ifdef WITH_OPENSSL
case KEY_RSA:
- case KEY_DSA:
case KEY_ECDSA:
#endif /* WITH_OPENSSL */
case KEY_ED25519:
Index: usr.bin/ssh/dns.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/dns.c,v
diff -u -p -r1.44 dns.c
--- usr.bin/ssh/dns.c 10 Mar 2023 04:06:21 -0000 1.44
+++ usr.bin/ssh/dns.c 5 May 2025 06:32:40 -0000
@@ -86,9 +86,6 @@ dns_read_key(u_int8_t *algorithm, u_int8
case KEY_RSA:
*algorithm = SSHFP_KEY_RSA;
break;
- case KEY_DSA:
- *algorithm = SSHFP_KEY_DSA;
- break;
case KEY_ECDSA:
*algorithm = SSHFP_KEY_ECDSA;
break;
Index: usr.bin/ssh/hostfile.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/hostfile.c,v
diff -u -p -r1.98 hostfile.c
--- usr.bin/ssh/hostfile.c 5 May 2025 02:48:07 -0000 1.98
+++ usr.bin/ssh/hostfile.c 5 May 2025 06:32:40 -0000
@@ -148,8 +148,8 @@ host_hash(const char *host, const char *
}
/*
- * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the
- * pointer over the key. Skips any whitespace at the beginning and at end.
+ * Parses an RSA (number of bits, e, n). Moves the pointer over the key.
+ * Skips any whitespace at the beginning and at end.
*/
int
Index: usr.bin/ssh/pathnames.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/pathnames.h,v
diff -u -p -r1.34 pathnames.h
--- usr.bin/ssh/pathnames.h 5 May 2025 02:48:06 -0000 1.34
+++ usr.bin/ssh/pathnames.h 5 May 2025 06:32:40 -0000
@@ -30,7 +30,6 @@
*/
#define _PATH_SERVER_CONFIG_FILE SSHDIR "/sshd_config"
#define _PATH_HOST_CONFIG_FILE SSHDIR "/ssh_config"
-#define _PATH_HOST_DSA_KEY_FILE SSHDIR "/ssh_host_dsa_key"
#define _PATH_HOST_ECDSA_KEY_FILE SSHDIR "/ssh_host_ecdsa_key"
#define _PATH_HOST_RSA_KEY_FILE SSHDIR "/ssh_host_rsa_key"
#define _PATH_HOST_ED25519_KEY_FILE SSHDIR "/ssh_host_ed25519_key"
@@ -75,7 +74,6 @@
* Name of the default file containing client-side authentication key. This
* file should only be readable by the user him/herself.
*/
-#define _PATH_SSH_CLIENT_ID_DSA _PATH_SSH_USER_DIR "/id_dsa"
#define _PATH_SSH_CLIENT_ID_ECDSA _PATH_SSH_USER_DIR "/id_ecdsa"
#define _PATH_SSH_CLIENT_ID_RSA _PATH_SSH_USER_DIR "/id_rsa"
#define _PATH_SSH_CLIENT_ID_ED25519 _PATH_SSH_USER_DIR "/id_ed25519"
Index: usr.bin/ssh/readconf.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/readconf.c,v
diff -u -p -r1.398 readconf.c
--- usr.bin/ssh/readconf.c 18 Mar 2025 04:53:14 -0000 1.398
+++ usr.bin/ssh/readconf.c 5 May 2025 06:32:41 -0000
@@ -2844,9 +2844,6 @@ fill_default_options(Options * options)
add_identity_file(options, "~/",
_PATH_SSH_CLIENT_ID_ED25519_SK, 0);
add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_XMSS, 0);
-#ifdef WITH_DSA
- add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
-#endif
}
if (options->escape_char == -1)
options->escape_char = '~';
Index: usr.bin/ssh/ssh-add.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-add.c,v
diff -u -p -r1.173 ssh-add.c
--- usr.bin/ssh/ssh-add.c 6 Sep 2024 02:30:44 -0000 1.173
+++ usr.bin/ssh/ssh-add.c 5 May 2025 06:32:41 -0000
@@ -78,9 +78,6 @@ static char *default_files[] = {
_PATH_SSH_CLIENT_ID_ED25519,
_PATH_SSH_CLIENT_ID_ED25519_SK,
_PATH_SSH_CLIENT_ID_XMSS,
-#ifdef WITH_DSA
- _PATH_SSH_CLIENT_ID_DSA,
-#endif
NULL
};
Index: usr.bin/ssh/ssh-keygen.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v
diff -u -p -r1.477 ssh-keygen.c
--- usr.bin/ssh/ssh-keygen.c 4 Dec 2024 14:24:20 -0000 1.477
+++ usr.bin/ssh/ssh-keygen.c 5 May 2025 06:32:42 -0000
@@ -64,18 +64,14 @@
#define DEFAULT_KEY_TYPE_NAME "ed25519"
/*
- * Default number of bits in the RSA, DSA and ECDSA keys. These value can be
+ * Default number of bits in the RSA and ECDSA keys. These value can be
* overridden on the command line.
*
- * These values, with the exception of DSA, provide security equivalent to at
- * least 128 bits of security according to NIST Special Publication 800-57:
- * Recommendation for Key Management Part 1 rev 4 section 5.6.1.
- * For DSA it (and FIPS-186-4 section 4.2) specifies that the only size for
- * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only
- * SHA1 we limit the DSA key size 1k bits.
+ * These values provide security equivalent to at least 128 bits of security
+ * according to NIST Special Publication 800-57: Recommendation for Key
+ * Management Part 1 rev 4 section 5.6.1.
*/
#define DEFAULT_BITS 3072
-#define DEFAULT_BITS_DSA 1024
#define DEFAULT_BITS_ECDSA 256
static int quiet = 0;
@@ -179,9 +175,6 @@ type_bits_valid(int type, const char *na
int nid;
switch(type) {
- case KEY_DSA:
- *bitsp = DEFAULT_BITS_DSA;
- break;
case KEY_ECDSA:
if (name != NULL &&
(nid = sshkey_ecdsa_nid_from_name(name)) > 0)
@@ -197,10 +190,6 @@ type_bits_valid(int type, const char *na
}
#ifdef WITH_OPENSSL
switch (type) {
- case KEY_DSA:
- if (*bitsp != 1024)
- fatal("Invalid DSA key length: must be 1024 bits");
- break;
case KEY_RSA:
if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE)
fatal("Invalid RSA key length: minimum is %d bits",
@@ -251,12 +240,6 @@ ask_filename(struct passwd *pw, const ch
name = _PATH_SSH_CLIENT_ID_ED25519;
else {
switch (sshkey_type_from_shortname(key_type_name)) {
-#ifdef WITH_DSA
- case KEY_DSA_CERT:
- case KEY_DSA:
- name = _PATH_SSH_CLIENT_ID_DSA;
- break;
-#endif
case KEY_ECDSA_CERT:
case KEY_ECDSA:
name = _PATH_SSH_CLIENT_ID_ECDSA;
@@ -369,12 +352,6 @@ do_convert_to_pkcs8(struct sshkey *k)
EVP_PKEY_get0_RSA(k->pkey)))
fatal("PEM_write_RSA_PUBKEY failed");
break;
-#ifdef WITH_DSA
- case KEY_DSA:
- if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))
- fatal("PEM_write_DSA_PUBKEY failed");
- break;
-#endif
case KEY_ECDSA:
if (!PEM_write_EC_PUBKEY(stdout,
EVP_PKEY_get0_EC_KEY(k->pkey)))
@@ -395,12 +372,6 @@ do_convert_to_pem(struct sshkey *k)
EVP_PKEY_get0_RSA(k->pkey)))
fatal("PEM_write_RSAPublicKey failed");
break;
-#ifdef WITH_DSA
- case KEY_DSA:
- if (!PEM_write_DSA_PUBKEY(stdout, k->dsa))
- fatal("PEM_write_DSA_PUBKEY failed");
- break;
-#endif
case KEY_ECDSA:
if (!PEM_write_EC_PUBKEY(stdout,
EVP_PKEY_get0_EC_KEY(k->pkey)))
@@ -474,10 +445,6 @@ do_convert_private_ssh2(struct sshbuf *b
u_int magic, i1, i2, i3, i4;
size_t slen;
u_long e;
-#ifdef WITH_DSA
- BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL;
- BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
-#endif
BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
BIGNUM *rsa_dmp1 = NULL, *rsa_dmq1 = NULL;
@@ -509,10 +476,6 @@ do_convert_private_ssh2(struct sshbuf *b
if (strstr(type, "rsa")) {
ktype = KEY_RSA;
-#ifdef WITH_DSA
- } else if (strstr(type, "dsa")) {
- ktype = KEY_DSA;
-#endif
} else {
free(type);
return NULL;
@@ -522,27 +485,6 @@ do_convert_private_ssh2(struct sshbuf *b
free(type);
switch (key->type) {
-#ifdef WITH_DSA
- case KEY_DSA:
- if ((dsa_p = BN_new()) == NULL ||
- (dsa_q = BN_new()) == NULL ||
- (dsa_g = BN_new()) == NULL ||
- (dsa_pub_key = BN_new()) == NULL ||
- (dsa_priv_key = BN_new()) == NULL)
- fatal_f("BN_new");
- buffer_get_bignum_bits(b, dsa_p);
- buffer_get_bignum_bits(b, dsa_g);
- buffer_get_bignum_bits(b, dsa_q);
- buffer_get_bignum_bits(b, dsa_pub_key);
- buffer_get_bignum_bits(b, dsa_priv_key);
- if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g))
- fatal_f("DSA_set0_pqg failed");
- dsa_p = dsa_q = dsa_g = NULL; /* transferred */
- if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key))
- fatal_f("DSA_set0_key failed");
- dsa_pub_key = dsa_priv_key = NULL; /* transferred */
- break;
-#endif
case KEY_RSA:
if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
(e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) ||
@@ -717,14 +659,6 @@ do_convert_from_pkcs8(struct sshkey **k,
(*k)->pkey = pubkey;
pubkey = NULL;
break;
-#ifdef WITH_DSA
- case EVP_PKEY_DSA:
- if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
- fatal("sshkey_new failed");
- (*k)->type = KEY_DSA;
- (*k)->dsa = EVP_PKEY_get1_DSA(pubkey);
- break;
-#endif
case EVP_PKEY_EC:
if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
@@ -798,12 +732,6 @@ do_convert_from(struct passwd *pw)
fprintf(stdout, "\n");
} else {
switch (k->type) {
-#ifdef WITH_DSA
- case KEY_DSA:
- ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
- NULL, 0, NULL, NULL);
- break;
-#endif
case KEY_ECDSA:
ok = PEM_write_ECPrivateKey(stdout,
EVP_PKEY_get0_EC_KEY(k->pkey), NULL, NULL, 0,
@@ -3306,7 +3234,7 @@ usage(void)
fprintf(stderr,
"usage: ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile]\n"
" [-m format] [-N new_passphrase] [-O option]\n"
- " [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n"
+ " [-t ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n"
" [-w provider] [-Z cipher]\n"
" ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N new_passphrase]\n"
" [-P old_passphrase] [-Z cipher]\n"
@@ -3779,11 +3707,6 @@ main(int argc, char **argv)
n += do_print_resource_record(pw,
_PATH_HOST_RSA_KEY_FILE, rr_hostname,
print_generic, opts, nopts);
-#ifdef WITH_DSA
- n += do_print_resource_record(pw,
- _PATH_HOST_DSA_KEY_FILE, rr_hostname,
- print_generic, opts, nopts);
-#endif
n += do_print_resource_record(pw,
_PATH_HOST_ECDSA_KEY_FILE, rr_hostname,
print_generic, opts, nopts);
Index: usr.bin/ssh/ssh-keyscan.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keyscan.c,v
diff -u -p -r1.165 ssh-keyscan.c
--- usr.bin/ssh/ssh-keyscan.c 6 Dec 2024 15:17:15 -0000 1.165
+++ usr.bin/ssh/ssh-keyscan.c 5 May 2025 06:32:42 -0000
@@ -54,15 +54,14 @@ int IPv4or6 = AF_UNSPEC;
int ssh_port = SSH_DEFAULT_PORT;
-#define KT_DSA (1)
-#define KT_RSA (1<<1)
-#define KT_ECDSA (1<<2)
-#define KT_ED25519 (1<<3)
-#define KT_XMSS (1<<4)
-#define KT_ECDSA_SK (1<<5)
-#define KT_ED25519_SK (1<<6)
+#define KT_RSA (1)
+#define KT_ECDSA (1<<1)
+#define KT_ED25519 (1<<2)
+#define KT_XMSS (1<<3)
+#define KT_ECDSA_SK (1<<4)
+#define KT_ED25519_SK (1<<5)
-#define KT_MIN KT_DSA
+#define KT_MIN KT_RSA
#define KT_MAX KT_ED25519_SK
int get_cert = 0;
@@ -216,10 +215,6 @@ keygrab_ssh2(con *c)
int r;
switch (c->c_keytype) {
- case KT_DSA:
- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
- "ssh-dss-cert-v01@openssh.com" : "ssh-dss";
- break;
case KT_RSA:
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
"rsa-sha2-512-cert-v01@openssh.com,"
@@ -715,11 +710,6 @@ main(int argc, char **argv)
int type = sshkey_type_from_shortname(tname);
switch (type) {
-#ifdef WITH_DSA
- case KEY_DSA:
- get_keytypes |= KT_DSA;
- break;
-#endif
case KEY_ECDSA:
get_keytypes |= KT_ECDSA;
break;
Index: usr.bin/ssh/ssh-keysign.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keysign.c,v
diff -u -p -r1.75 ssh-keysign.c
--- usr.bin/ssh/ssh-keysign.c 15 Feb 2025 01:48:30 -0000 1.75
+++ usr.bin/ssh/ssh-keysign.c 5 May 2025 06:32:42 -0000
@@ -195,9 +195,6 @@ main(int argc, char **argv)
i = 0;
/* XXX This really needs to read sshd_config for the paths */
-#ifdef WITH_DSA
- key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
-#endif
key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_ED25519_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
Index: usr.bin/ssh/ssh.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
diff -u -p -r1.612 ssh.c
--- usr.bin/ssh/ssh.c 9 Apr 2025 01:24:40 -0000 1.612
+++ usr.bin/ssh/ssh.c 5 May 2025 06:32:42 -0000
@@ -1725,15 +1725,9 @@ main(int ac, char **av)
L_CERT(_PATH_HOST_ECDSA_KEY_FILE, 0);
L_CERT(_PATH_HOST_ED25519_KEY_FILE, 1);
L_CERT(_PATH_HOST_RSA_KEY_FILE, 2);
-#ifdef WITH_DSA
- L_CERT(_PATH_HOST_DSA_KEY_FILE, 3);
-#endif
L_PUBKEY(_PATH_HOST_ECDSA_KEY_FILE, 4);
L_PUBKEY(_PATH_HOST_ED25519_KEY_FILE, 5);
L_PUBKEY(_PATH_HOST_RSA_KEY_FILE, 6);
-#ifdef WITH_DSA
- L_PUBKEY(_PATH_HOST_DSA_KEY_FILE, 7);
-#endif
L_CERT(_PATH_HOST_XMSS_KEY_FILE, 8);
L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);
if (loaded == 0)
Index: usr.bin/ssh/ssh_config
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh_config,v
diff -u -p -r1.36 ssh_config
--- usr.bin/ssh/ssh_config 2 Aug 2023 23:04:38 -0000 1.36
+++ usr.bin/ssh/ssh_config 5 May 2025 06:32:42 -0000
@@ -28,7 +28,6 @@
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
-# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
Index: usr.bin/ssh/sshconnect.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshconnect.c,v
diff -u -p -r1.369 sshconnect.c
--- usr.bin/ssh/sshconnect.c 6 Dec 2024 16:21:48 -0000 1.369
+++ usr.bin/ssh/sshconnect.c 5 May 2025 06:32:43 -0000
@@ -1588,9 +1588,6 @@ show_other_keys(struct hostkeys *hostkey
{
int type[] = {
KEY_RSA,
-#ifdef WITH_DSA
- KEY_DSA,
-#endif
KEY_ECDSA,
KEY_ED25519,
KEY_XMSS,
Index: usr.bin/ssh/sshd-auth.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd-auth.c,v
diff -u -p -r1.3 sshd-auth.c
--- usr.bin/ssh/sshd-auth.c 16 Jan 2025 06:37:10 -0000 1.3
+++ usr.bin/ssh/sshd-auth.c 5 May 2025 06:32:43 -0000
@@ -233,7 +233,6 @@ list_hostkey_types(void)
append_hostkey_type(b, "rsa-sha2-512");
append_hostkey_type(b, "rsa-sha2-256");
/* FALLTHROUGH */
- case KEY_DSA:
case KEY_ECDSA:
case KEY_ED25519:
case KEY_ECDSA_SK:
@@ -254,7 +253,6 @@ list_hostkey_types(void)
append_hostkey_type(b,
"rsa-sha2-256-cert-v01@openssh.com");
/* FALLTHROUGH */
- case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
case KEY_ED25519_CERT:
case KEY_ECDSA_SK_CERT:
@@ -280,7 +278,6 @@ get_hostkey_public_by_type(int type, int
for (i = 0; i < options.num_host_key_files; i++) {
switch (type) {
case KEY_RSA_CERT:
- case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
case KEY_ED25519_CERT:
case KEY_ECDSA_SK_CERT:
Index: usr.bin/ssh/sshd-session.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd-session.c,v
diff -u -p -r1.12 sshd-session.c
--- usr.bin/ssh/sshd-session.c 12 Mar 2025 22:43:44 -0000 1.12
+++ usr.bin/ssh/sshd-session.c 5 May 2025 06:32:43 -0000
@@ -422,7 +422,6 @@ get_hostkey_by_type(int type, int nid, i
for (i = 0; i < options.num_host_key_files; i++) {
switch (type) {
case KEY_RSA_CERT:
- case KEY_DSA_CERT:
case KEY_ECDSA_CERT:
case KEY_ED25519_CERT:
case KEY_ECDSA_SK_CERT:
Index: usr.bin/ssh/sshd.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd.c,v
diff -u -p -r1.617 sshd.c
--- usr.bin/ssh/sshd.c 7 Apr 2025 08:12:22 -0000 1.617
+++ usr.bin/ssh/sshd.c 5 May 2025 06:32:43 -0000
@@ -1589,7 +1589,6 @@ main(int ac, char **av)
switch (keytype) {
case KEY_RSA:
- case KEY_DSA:
case KEY_ECDSA:
case KEY_ED25519:
case KEY_ECDSA_SK:
Index: usr.bin/ssh/sshkey.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshkey.c,v
diff -u -p -r1.148 sshkey.c
--- usr.bin/ssh/sshkey.c 3 Dec 2024 15:53:51 -0000 1.148
+++ usr.bin/ssh/sshkey.c 5 May 2025 06:32:44 -0000
@@ -106,10 +106,6 @@ extern const struct sshkey_impl sshkey_r
extern const struct sshkey_impl sshkey_rsa_sha256_cert_impl;
extern const struct sshkey_impl sshkey_rsa_sha512_impl;
extern const struct sshkey_impl sshkey_rsa_sha512_cert_impl;
-# ifdef WITH_DSA
-extern const struct sshkey_impl sshkey_dss_impl;
-extern const struct sshkey_impl sshkey_dsa_cert_impl;
-# endif
#endif /* WITH_OPENSSL */
#ifdef WITH_XMSS
extern const struct sshkey_impl sshkey_xmss_impl;
@@ -131,10 +127,6 @@ const struct sshkey_impl * const keyimpl
&sshkey_ecdsa_sk_impl,
&sshkey_ecdsa_sk_cert_impl,
&sshkey_ecdsa_sk_webauthn_impl,
-# ifdef WITH_DSA
- &sshkey_dss_impl,
- &sshkey_dsa_cert_impl,
-# endif
&sshkey_rsa_impl,
&sshkey_rsa_cert_impl,
&sshkey_rsa_sha256_impl,
@@ -430,8 +422,6 @@ sshkey_type_plain(int type)
switch (type) {
case KEY_RSA_CERT:
return KEY_RSA;
- case KEY_DSA_CERT:
- return KEY_DSA;
case KEY_ECDSA_CERT:
return KEY_ECDSA;
case KEY_ECDSA_SK_CERT:
@@ -454,8 +444,6 @@ sshkey_type_certified(int type)
switch (type) {
case KEY_RSA:
return KEY_RSA_CERT;
- case KEY_DSA:
- return KEY_DSA_CERT;
case KEY_ECDSA:
return KEY_ECDSA_CERT;
case KEY_ECDSA_SK:
@@ -3282,20 +3270,6 @@ sshkey_private_to_blob_pem_pkcs8(struct
goto out;
switch (key->type) {
-#ifdef WITH_DSA
- case KEY_DSA:
- if (format == SSHKEY_PRIVATE_PEM) {
- success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
- cipher, passphrase, len, NULL, NULL);
- } else {
- if ((pkey = EVP_PKEY_new()) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
- success = EVP_PKEY_set1_DSA(pkey, key->dsa);
- }
- break;
-#endif
case KEY_ECDSA:
if (format == SSHKEY_PRIVATE_PEM) {
success = PEM_write_bio_ECPrivateKey(bio,
@@ -3361,7 +3335,6 @@ sshkey_private_to_fileblob(struct sshkey
{
switch (key->type) {
#ifdef WITH_OPENSSL
- case KEY_DSA:
case KEY_ECDSA:
case KEY_RSA:
break; /* see below */
@@ -3516,19 +3489,6 @@ sshkey_parse_private_pem_fileblob(struct
prv->pkey = pk;
if ((r = sshkey_check_rsa_length(prv, 0)) != 0)
goto out;
-#ifdef WITH_DSA
- } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA &&
- (type == KEY_UNSPEC || type == KEY_DSA)) {
- if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
- r = SSH_ERR_ALLOC_FAIL;
- goto out;
- }
- prv->dsa = EVP_PKEY_get1_DSA(pk);
- prv->type = KEY_DSA;
-#ifdef DEBUG_PK
- DSA_print_fp(stderr, prv->dsa, 8);
-#endif
-#endif
} else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC &&
(type == KEY_UNSPEC || type == KEY_ECDSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
Index: usr.bin/ssh/sshkey.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshkey.h,v
diff -u -p -r1.66 sshkey.h
--- usr.bin/ssh/sshkey.h 2 Apr 2025 04:28:03 -0000 1.66
+++ usr.bin/ssh/sshkey.h 5 May 2025 06:32:44 -0000
@@ -30,9 +30,6 @@
#ifdef WITH_OPENSSL
#include <openssl/rsa.h>
-#ifdef WITH_DSA
-#include <openssl/dsa.h>
-#endif
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
@@ -40,7 +37,6 @@
#else /* OPENSSL */
#define BIGNUM void
#define RSA void
-#define DSA void
#define EC_KEY void
#define EC_GROUP void
#define EC_POINT void
@@ -56,11 +52,9 @@ struct sshbuf;
/* Key types */
enum sshkey_types {
KEY_RSA,
- KEY_DSA,
KEY_ECDSA,
KEY_ED25519,
KEY_RSA_CERT,
- KEY_DSA_CERT,
KEY_ECDSA_CERT,
KEY_ED25519_CERT,
KEY_XMSS,
@@ -123,8 +117,6 @@ struct sshkey_cert {
struct sshkey {
int type;
int flags;
- /* KEY_DSA */
- DSA *dsa;
/* KEY_ECDSA and KEY_ECDSA_SK */
int ecdsa_nid; /* NID of curve */
/* libcrypto-backed keys */
@@ -347,7 +339,6 @@ int check_rsa_length(const RSA *rsa); /*
#ifndef WITH_OPENSSL
#undef RSA
-#undef DSA
#undef EC_KEY
#undef EC_GROUP
#undef EC_POINT
Index: regress/usr.bin/ssh/Makefile
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/Makefile,v
diff -u -p -r1.136 Makefile
--- regress/usr.bin/ssh/Makefile 11 Mar 2025 07:50:20 -0000 1.136
+++ regress/usr.bin/ssh/Makefile 5 May 2025 06:32:44 -0000
@@ -12,7 +12,7 @@ REGRESS_SETUP_ONCE=misc # For sk-dummy.s
# Key conversion operations are not supported when built w/out OpenSSL.
.if !defined(LTESTS_FROM) && ${OPENSSL:L} != no
-REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12
+REGRESS_TARGETS= t1 t2 t3 t4 t5 t7 t9 t10 t11 t12
.endif
LTESTS= connect \
@@ -122,9 +122,9 @@ CLEANFILES+= *.core actual agent-key.* a
ed25519-agent.pub empty.in expect failed-regress.log \
failed-ssh.log failed-sshd.log hkr.* host.ecdsa-sha2-nistp256 \
host.ecdsa-sha2-nistp384 host.ecdsa-sha2-nistp521 \
- host.ssh-dss host.ssh-ed25519 host.ssh-rsa \
+ host.ssh-ed25519 host.ssh-rsa \
host_* host_ca_key* host_krl_* host_revoked_* key.* \
- key.dsa-* key.ecdsa-* key.ed25519-512 key.ed25519-512.pub \
+ key.ecdsa-* key.ed25519-512 key.ed25519-512.pub \
key.rsa-* keys-command-args kh.* known_hosts askpass \
known_hosts-cert known_hosts.* krl-* ls.copy modpipe \
netcat pidfile putty.rsa2 ready regress.log remote_pid \
@@ -170,31 +170,12 @@ t5:
ssh-keygen -Bf ${.CURDIR}/rsa_openssh.pub |\
awk '{print $$2}' | diff - ${.CURDIR}/t5.ok
-t6:
- set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
- ssh-keygen -if ${.CURDIR}/dsa_ssh2.prv > t6.out1 ; \
- ssh-keygen -if ${.CURDIR}/dsa_ssh2.pub > t6.out2 ; \
- chmod 600 t6.out1 ; \
- ssh-keygen -yf t6.out1 | diff - t6.out2 ; \
- fi
-
t7.out:
ssh-keygen -q -t rsa -N '' -f $@ ; \
t7: t7.out
ssh-keygen -lf t7.out > /dev/null
ssh-keygen -Bf t7.out > /dev/null
-
-t8.out:
- set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
- ssh-keygen -q -t dsa -N '' -f $@ ; \
- fi
-
-t8: t8.out
- set -xe ; if ssh -Q key | grep -q ^ssh-dss ; then \
- ssh-keygen -lf t8.out > /dev/null ; \
- ssh-keygen -Bf t8.out > /dev/null ; \
- fi
t9.out:
ssh-keygen -q -t ecdsa -N '' -f $@
Index: regress/usr.bin/ssh/agent.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/agent.sh,v
diff -u -p -r1.22 agent.sh
--- regress/usr.bin/ssh/agent.sh 24 Oct 2024 03:28:34 -0000 1.22
+++ regress/usr.bin/ssh/agent.sh 5 May 2025 06:32:44 -0000
@@ -86,10 +86,6 @@ fi
for t in ${SSH_KEYTYPES}; do
trace "connect via agent using $t key"
- if [ "$t" = "ssh-dss" ]; then
- echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/ssh_proxy
- echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/sshd_proxy
- fi
${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
somehost exit 52
r=$?
@@ -143,7 +139,6 @@ fi
(printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
> $OBJ/authorized_keys_$USER
for t in ${SSH_KEYTYPES}; do
- if [ "$t" != "ssh-dss" ]; then
trace "connect via agent using $t key"
${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
-oCertificateFile=$OBJ/$t-agent-cert.pub \
@@ -152,7 +147,6 @@ for t in ${SSH_KEYTYPES}; do
if [ $r -ne 52 ]; then
fail "ssh connect with failed (exit code $r)"
fi
- fi
done
## Deletion tests.
Index: regress/usr.bin/ssh/cert-hostkey.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/cert-hostkey.sh,v
diff -u -p -r1.27 cert-hostkey.sh
--- regress/usr.bin/ssh/cert-hostkey.sh 30 Sep 2021 05:26:26 -0000 1.27
+++ regress/usr.bin/ssh/cert-hostkey.sh 5 May 2025 06:32:44 -0000
@@ -70,7 +70,7 @@ touch $OBJ/host_revoked_plain
touch $OBJ/host_revoked_cert
cat $OBJ/host_ca_key.pub $OBJ/host_ca_key2.pub > $OBJ/host_revoked_ca
-PLAIN_TYPES=`echo "$SSH_KEYTYPES" | sed 's/^ssh-dss/ssh-dsa/g;s/^ssh-//'`
+PLAIN_TYPES=`echo "$SSH_KEYTYPES" | sed 's/^ssh-//'`
if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
Index: regress/usr.bin/ssh/cert-userkey.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/cert-userkey.sh,v
diff -u -p -r1.29 cert-userkey.sh
--- regress/usr.bin/ssh/cert-userkey.sh 6 Dec 2024 16:25:58 -0000 1.29
+++ regress/usr.bin/ssh/cert-userkey.sh 5 May 2025 06:32:44 -0000
@@ -10,7 +10,7 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
grep -v AuthorizedKeysFile $OBJ/sshd_proxy > $OBJ/sshd_proxy_bak
echo "AuthorizedKeysFile $OBJ/authorized_keys_%u_*" >> $OBJ/sshd_proxy_bak
-PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
+PLAIN_TYPES=`$SSH -Q key-plain | maybe_filter_sk | sed 's/^ssh-//'`
EXTRA_TYPES=""
rsa=""
@@ -25,7 +25,7 @@ kname() {
sk-ecdsa-*) n="sk-ecdsa" ;;
sk-ssh-ed25519*) n="sk-ssh-ed25519" ;;
# subshell because some seds will add a newline
- *) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;;
+ *) n=$(echo $1 | sed 's/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;;
esac
if [ -z "$rsa" ]; then
echo "$n*,ssh-ed25519*"
Index: regress/usr.bin/ssh/dsa_ssh2.prv
===================================================================
RCS file: regress/usr.bin/ssh/dsa_ssh2.prv
diff -N regress/usr.bin/ssh/dsa_ssh2.prv
--- regress/usr.bin/ssh/dsa_ssh2.prv 17 Jan 2002 13:21:28 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
----- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
-Subject: ssh-keygen test
-Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100"
-P2/56wAAAgIAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA
-AEbm9uZQAAAcQAAAHAAAAAAAAABACwUfm3AxZTut3icBmwCcD48nY64HzuELlQ+vEqjIcR
-Lo49es/DQTeLNQ+kdKRCfouosGNv0WqxRtF0tUsWdXxS37oHGa4QPugBdHRd7YlZGZv8kg
-x7FsoepY7v7E683/97dv2zxL3AGagTEzWr7fl0yPexAaZoDvtQrrjX44BLmwAABACWQkvv
-MxnD8eFkS1konFfMJ1CkuRfTN34CBZ6dY7VTSGemy4QwtFdMKmoufD0eKgy3p5WOeWCYKt
-F4FhjHKZk/aaxFjjIbtkrnlvXg64QI11dSZyBN6/ViQkHPSkUDF+A6AAEhrNbQbAFSvao1
-kTvNtPCtL0AkUIduEMzGQfLCTAAAAKDeC043YVo9Zo0zAEeIA4uZh4LBCQAAA/9aj7Y5ik
-ehygJ4qTDSlVypsPuV+n59tMS0e2pfrSG87yf5r94AKBmJeho5OO6wYaXCxsVB7AFbSUD6
-75AK8mHF4v1/+7SWKk5f8xlMCMSPZ9K0+j/W1d/q2qkhnnDZolOHDomLA+U00i5ya/jnTV
-zyDPWLFpWK8u3xGBPAYX324gAAAKDHFvooRnaXdZbeWGTTqmgHB1GU9A==
----- END SSH2 ENCRYPTED PRIVATE KEY ----
Index: regress/usr.bin/ssh/dsa_ssh2.pub
===================================================================
RCS file: regress/usr.bin/ssh/dsa_ssh2.pub
diff -N regress/usr.bin/ssh/dsa_ssh2.pub
--- regress/usr.bin/ssh/dsa_ssh2.pub 17 Jan 2002 13:21:28 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,13 +0,0 @@
----- BEGIN SSH2 PUBLIC KEY ----
-Subject: ssh-keygen test
-Comment: "1024-bit dsa, Tue Jan 08 2002 22:00:23 +0100"
-AAAAB3NzaC1kc3MAAACBALBR+bcDFlO63eJwGbAJwPjydjrgfO4QuVD68SqMhxEujj16z8
-NBN4s1D6R0pEJ+i6iwY2/RarFG0XS1SxZ1fFLfugcZrhA+6AF0dF3tiVkZm/ySDHsWyh6l
-ju/sTrzf/3t2/bPEvcAZqBMTNavt+XTI97EBpmgO+1CuuNfjgEubAAAAFQDeC043YVo9Zo
-0zAEeIA4uZh4LBCQAAAIEAlkJL7zMZw/HhZEtZKJxXzCdQpLkX0zd+AgWenWO1U0hnpsuE
-MLRXTCpqLnw9HioMt6eVjnlgmCrReBYYxymZP2msRY4yG7ZK55b14OuECNdXUmcgTev1Yk
-JBz0pFAxfgOgABIazW0GwBUr2qNZE7zbTwrS9AJFCHbhDMxkHywkwAAACAWo+2OYpHocoC
-eKkw0pVcqbD7lfp+fbTEtHtqX60hvO8n+a/eACgZiXoaOTjusGGlwsbFQewBW0lA+u+QCv
-JhxeL9f/u0lipOX/MZTAjEj2fStPo/1tXf6tqpIZ5w2aJThw6JiwPlNNIucmv4501c8gz1
-ixaVivLt8RgTwGF99uI=
----- END SSH2 PUBLIC KEY ----
Index: regress/usr.bin/ssh/hostbased.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/hostbased.sh,v
diff -u -p -r1.4 hostbased.sh
--- regress/usr.bin/ssh/hostbased.sh 7 Dec 2022 11:45:43 -0000 1.4
+++ regress/usr.bin/ssh/hostbased.sh 5 May 2025 06:32:44 -0000
@@ -43,7 +43,6 @@ for key in `${SUDO} ${SSHD} -T | awk '$1
521*ECDSA*) algos="$algos ecdsa-sha2-nistp521" ;;
*RSA*) algos="$algos ssh-rsa rsa-sha2-256 rsa-sha2-512" ;;
*ED25519*) algos="$algos ssh-ed25519" ;;
- *DSA*) algos="$algos ssh-dss" ;;
*) verbose "unknown host key type $key" ;;
esac
done
Index: regress/usr.bin/ssh/keytype.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/keytype.sh,v
diff -u -p -r1.11 keytype.sh
--- regress/usr.bin/ssh/keytype.sh 25 Feb 2021 03:27:34 -0000 1.11
+++ regress/usr.bin/ssh/keytype.sh 5 May 2025 06:32:44 -0000
@@ -10,7 +10,6 @@ cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
ktypes=""
for i in ${SSH_KEYTYPES}; do
case "$i" in
- ssh-dss) ktypes="$ktypes dsa-1024" ;;
ssh-rsa) ktypes="$ktypes rsa-2048 rsa-3072" ;;
ssh-ed25519) ktypes="$ktypes ed25519-512" ;;
ecdsa-sha2-nistp256) ktypes="$ktypes ecdsa-256" ;;
@@ -34,7 +33,6 @@ done
kname_to_ktype() {
case $1 in
- dsa-1024) echo ssh-dss;;
ecdsa-256) echo ecdsa-sha2-nistp256;;
ecdsa-384) echo ecdsa-sha2-nistp384;;
ecdsa-521) echo ecdsa-sha2-nistp521;;
Index: regress/usr.bin/ssh/knownhosts-command.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/knownhosts-command.sh,v
diff -u -p -r1.3 knownhosts-command.sh
--- regress/usr.bin/ssh/knownhosts-command.sh 30 Aug 2021 01:15:45 -0000 1.3
+++ regress/usr.bin/ssh/knownhosts-command.sh 5 May 2025 06:32:44 -0000
@@ -40,7 +40,6 @@ ${SSH} -F $OBJ/ssh_proxy x true && fail
for keytype in ${SSH_HOSTKEY_TYPES} ; do
algs=$keytype
- test "x$keytype" = "xssh-dss" && continue
test "x$keytype" = "xssh-rsa" && algs=ssh-rsa,rsa-sha2-256,rsa-sha2-512
verbose "keytype $keytype"
cat > $OBJ/knownhosts_command << _EOF
Index: regress/usr.bin/ssh/krl.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/krl.sh,v
diff -u -p -r1.12 krl.sh
--- regress/usr.bin/ssh/krl.sh 16 Jan 2023 04:11:29 -0000 1.12
+++ regress/usr.bin/ssh/krl.sh 5 May 2025 06:32:44 -0000
@@ -11,7 +11,6 @@ for t in $SSH_KEYTYPES; do
case "$t" in
ecdsa*) ktype2=ecdsa ;;
ssh-rsa) ktype3=rsa ;;
- ssh-dss) ktype4=dsa ;;
sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;;
sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;;
esac
Index: regress/usr.bin/ssh/limit-keytype.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/limit-keytype.sh,v
diff -u -p -r1.10 limit-keytype.sh
--- regress/usr.bin/ssh/limit-keytype.sh 25 Feb 2021 03:27:34 -0000 1.10
+++ regress/usr.bin/ssh/limit-keytype.sh 5 May 2025 06:32:44 -0000
@@ -17,7 +17,6 @@ for t in $SSH_KEYTYPES ; do
case "$t" in
ssh-rsa) ktype2=rsa ;;
ecdsa*) ktype3=ecdsa ;; # unused
- ssh-dss) ktype4=dsa ;;
sk-ssh-ed25519@openssh.com) ktype5=ed25519-sk ;;
sk-ecdsa-sha2-nistp256@openssh.com) ktype6=ecdsa-sk ;;
esac
@@ -75,7 +74,6 @@ keytype() {
case "$1" in
ecdsa) printf "ecdsa-sha2-*" ;;
ed25519) printf "ssh-ed25519" ;;
- dsa) printf "ssh-dss" ;;
rsa) printf "rsa-sha2-256,rsa-sha2-512,ssh-rsa" ;;
sk-ecdsa) printf "sk-ecdsa-*" ;;
sk-ssh-ed25519) printf "sk-ssh-ed25519-*" ;;
@@ -123,7 +121,7 @@ if [ "$ktype1" != "$ktype2" ]; then
fi
${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
-# Allow only DSA in main config, Ed25519 for user.
+# Allow only Ed25519 in main config, Ed25519 for user.
verbose "match w/ matching"
prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype4`" \
"Match user $USER" "PubkeyAcceptedAlgorithms +`keytype $ktype1`"
Index: regress/usr.bin/ssh/ssh-com-client.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/ssh-com-client.sh,v
diff -u -p -r1.7 ssh-com-client.sh
--- regress/usr.bin/ssh/ssh-com-client.sh 17 May 2013 04:29:14 -0000 1.7
+++ regress/usr.bin/ssh/ssh-com-client.sh 5 May 2025 06:32:44 -0000
@@ -28,7 +28,7 @@ VERSIONS="
# setup authorized keys
SRC=`dirname ${SCRIPT}`
-cp ${SRC}/dsa_ssh2.prv ${OBJ}/id.com
+cp ${SRC}/rsa_ssh2.prv ${OBJ}/id.com
chmod 600 ${OBJ}/id.com
${SSHKEYGEN} -i -f ${OBJ}/id.com > $OBJ/id.openssh
chmod 600 ${OBJ}/id.openssh
@@ -36,8 +36,8 @@ ${SSHKEYGEN} -y -f ${OBJ}/id.openssh > $
${SSHKEYGEN} -e -f ${OBJ}/id.openssh > $OBJ/id.com.pub
echo IdKey ${OBJ}/id.com > ${OBJ}/id.list
-# we need a DSA host key
-t=dsa
+# we need a RSA host key
+t=rsa
rm -f ${OBJ}/$t ${OBJ}/$t.pub
${SSHKEYGEN} -q -N '' -t $t -f ${OBJ}/$t
$SUDO cp $OBJ/$t $OBJ/host.$t
@@ -47,7 +47,6 @@ echo HostKey $OBJ/host.$t >> $OBJ/sshd_c
mkdir -p ${OBJ}/${USER}/hostkeys
HK=${OBJ}/${USER}/hostkeys/key_${PORT}_127.0.0.1
${SSHKEYGEN} -e -f ${OBJ}/rsa.pub > ${HK}.ssh-rsa.pub
-${SSHKEYGEN} -e -f ${OBJ}/dsa.pub > ${HK}.ssh-dss.pub
cat > ${OBJ}/ssh2_config << EOF
*:
@@ -74,7 +73,7 @@ for v in ${VERSIONS}; do
continue
fi
verbose "ssh2 ${v}"
- key=ssh-dss
+ key=ssh-rsa
skipcat=0
case $v in
2.1.*|2.3.0)
@@ -124,7 +123,6 @@ for v in ${VERSIONS}; do
done
rm -rf ${OBJ}/${USER}
-for i in ssh2_config random_seed dsa.pub dsa host.dsa \
- id.list id.com id.com.pub id.openssh; do
+for i in ssh2_config random_seed id.list id.com id.com.pub id.openssh; do
rm -f ${OBJ}/$i
done
Index: regress/usr.bin/ssh/ssh-com.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/ssh-com.sh,v
diff -u -p -r1.10 ssh-com.sh
--- regress/usr.bin/ssh/ssh-com.sh 8 May 2017 01:52:49 -0000 1.10
+++ regress/usr.bin/ssh/ssh-com.sh 5 May 2025 06:32:44 -0000
@@ -41,8 +41,8 @@ cat << EOF > $OBJ/sshd2_config
PubKeyAuthentication yes
#AllowedAuthentications publickey
AuthorizationFile authorization
- HostKeyFile ${SRC}/dsa_ssh2.prv
- PublicHostKeyFile ${SRC}/dsa_ssh2.pub
+ HostKeyFile ${SRC}/rsa_ssh2.prv
+ PublicHostKeyFile ${SRC}/rsa_ssh2.pub
RandomSeedFile ${OBJ}/random_seed
MaxConnections 0
PermitRootLogin yes
@@ -55,23 +55,21 @@ EOF
sed "s/HostKeyAlias.*/HostKeyAlias ssh2-localhost-with-alias/" \
< $OBJ/ssh_config > $OBJ/ssh_config_com
-# we need a DSA key for
-rm -f ${OBJ}/dsa ${OBJ}/dsa.pub
-${SSHKEYGEN} -q -N '' -t dsa -f ${OBJ}/dsa
+# we need a RSA key for
+rm -f ${OBJ}/rsa ${OBJ}/rsa.pub
+${SSHKEYGEN} -q -N '' -t rsa -f ${OBJ}/rsa
# setup userdir, try rsa first
mkdir -p ${OBJ}/${USER}
cp /dev/null ${OBJ}/${USER}/authorization
-for t in rsa dsa; do
- ${SSHKEYGEN} -e -f ${OBJ}/$t.pub > ${OBJ}/${USER}/$t.com
- echo Key $t.com >> ${OBJ}/${USER}/authorization
- echo IdentityFile ${OBJ}/$t >> ${OBJ}/ssh_config_com
-done
+${SSHKEYGEN} -e -f ${OBJ}/rsa.pub > ${OBJ}/${USER}/rsa.com
+echo Key rsa.com >> ${OBJ}/${USER}/authorization
+echo IdentityFile ${OBJ}/rsa >> ${OBJ}/ssh_config_com
-# convert and append DSA hostkey
+# convert and append RSA hostkey
(
printf 'ssh2-localhost-with-alias,127.0.0.1,::1 '
- ${SSHKEYGEN} -if ${SRC}/dsa_ssh2.pub
+ ${SSHKEYGEN} -if ${SRC}/rsa_ssh2.pub
) >> $OBJ/known_hosts
# go for it
@@ -114,6 +112,6 @@ done
rm -rf ${OBJ}/${USER}
for i in sshd_config_proxy ssh_config_proxy random_seed \
- sshd2_config dsa.pub dsa ssh_config_com; do
+ sshd2_config rsa.pub rsa ssh_config_com; do
rm -f ${OBJ}/$i
done
Index: regress/usr.bin/ssh/ssh2putty.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/ssh2putty.sh,v
diff -u -p -r1.9 ssh2putty.sh
--- regress/usr.bin/ssh/ssh2putty.sh 25 Jul 2021 12:13:03 -0000 1.9
+++ regress/usr.bin/ssh/ssh2putty.sh 5 May 2025 06:32:44 -0000
@@ -12,7 +12,6 @@ KEYFILE=$3
OPENSSL_BIN="${OPENSSL_BIN:-openssl}"
-# XXX - support DSA keys too
if grep "BEGIN RSA PRIVATE KEY" $KEYFILE >/dev/null 2>&1 ; then
:
else
Index: regress/usr.bin/ssh/sshcfgparse.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/sshcfgparse.sh,v
diff -u -p -r1.9 sshcfgparse.sh
--- regress/usr.bin/ssh/sshcfgparse.sh 8 Jun 2021 07:05:27 -0000 1.9
+++ regress/usr.bin/ssh/sshcfgparse.sh 5 May 2025 06:32:44 -0000
@@ -3,13 +3,6 @@
tid="ssh config parse"
-dsa=0
-for t in $SSH_KEYTYPES; do
- case "$t" in
- ssh-dss) dsa=1 ;;
- esac
-done
-
expect_result_present() {
_str="$1" ; shift
for _expect in "$@" ; do
@@ -66,33 +59,23 @@ verbose "pubkeyacceptedalgorithms"
# Default set
f=`${SSH} -GF none host | awk '/^pubkeyacceptedalgorithms /{print $2}'`
expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*"
-expect_result_absent "$f" "ssh-dss"
# Explicit override
f=`${SSH} -GF none -opubkeyacceptedalgorithms=ssh-ed25519 host | \
awk '/^pubkeyacceptedalgorithms /{print $2}'`
expect_result_present "$f" "ssh-ed25519"
-expect_result_absent "$f" "ssh-ed25519-cert-v01.*" "ssh-dss"
+expect_result_absent "$f" "ssh-ed25519-cert-v01.*"
# Removal from default set
f=`${SSH} -GF none -opubkeyacceptedalgorithms=-ssh-ed25519-cert* host | \
awk '/^pubkeyacceptedalgorithms /{print $2}'`
expect_result_present "$f" "ssh-ed25519"
-expect_result_absent "$f" "ssh-ed25519-cert-v01.*" "ssh-dss"
+expect_result_absent "$f" "ssh-ed25519-cert-v01.*"
f=`${SSH} -GF none -opubkeyacceptedalgorithms=-ssh-ed25519 host | \
awk '/^pubkeyacceptedalgorithms /{print $2}'`
expect_result_present "$f" "ssh-ed25519-cert-v01.*"
-expect_result_absent "$f" "ssh-ed25519" "ssh-dss"
+expect_result_absent "$f" "ssh-ed25519"
# Append to default set.
# This is not tested when built !WITH_OPENSSL
-if [ "$dsa" = "1" ]; then
- f=`${SSH} -GF none -opubkeyacceptedalgorithms=+ssh-dss-cert* host | \
- awk '/^pubkeyacceptedalgorithms /{print $2}'`
- expect_result_present "$f" "ssh-ed25519" "ssh-dss-cert-v01.*"
- expect_result_absent "$f" "ssh-dss"
- f=`${SSH} -GF none -opubkeyacceptedalgorithms=+ssh-dss host | \
- awk '/^pubkeyacceptedalgorithms /{print $2}'`
- expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" "ssh-dss"
- expect_result_absent "$f" "ssh-dss-cert-v01.*"
-fi
+# XXX need a test for this
verbose "agentforwarding"
f=`${SSH} -GF none host | awk '/^forwardagent /{print$2}'`
Index: regress/usr.bin/ssh/misc/ssh-verify-attestation/Makefile
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/misc/ssh-verify-attestation/Makefile,v
diff -u -p -r1.1 Makefile
--- regress/usr.bin/ssh/misc/ssh-verify-attestation/Makefile 4 Dec 2024 16:42:49 -0000 1.1
+++ regress/usr.bin/ssh/misc/ssh-verify-attestation/Makefile 5 May 2025 06:32:44 -0000
@@ -13,7 +13,7 @@ SRCS=ssh-verify-attestation.c
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c
SRCS+=ed25519.c hash.c
Index: regress/usr.bin/ssh/unittests/Makefile.inc
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/Makefile.inc,v
diff -u -p -r1.17 Makefile.inc
--- regress/usr.bin/ssh/unittests/Makefile.inc 15 Apr 2025 04:00:42 -0000 1.17
+++ regress/usr.bin/ssh/unittests/Makefile.inc 5 May 2025 06:32:44 -0000
@@ -18,10 +18,6 @@ TEST_ENV?= MALLOC_OPTIONS=${MALLOC_OPTI
OPENSSL?= yes
DSAKEY?= yes
-.if (${DSAKEY:L} == "yes")
-CFLAGS+= -DWITH_DSA
-.endif
-
.if (${OPENSSL:L} == "yes")
CFLAGS+= -DWITH_OPENSSL
.endif
Index: regress/usr.bin/ssh/unittests/authopt/Makefile
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/authopt/Makefile,v
diff -u -p -r1.8 Makefile
--- regress/usr.bin/ssh/unittests/authopt/Makefile 15 Apr 2025 04:00:42 -0000 1.8
+++ regress/usr.bin/ssh/unittests/authopt/Makefile 5 May 2025 06:32:44 -0000
@@ -8,7 +8,7 @@ SRCS+=auth-options.c
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c
SRCS+=ed25519.c hash.c
Index: regress/usr.bin/ssh/unittests/hostkeys/Makefile
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/hostkeys/Makefile,v
diff -u -p -r1.11 Makefile
--- regress/usr.bin/ssh/unittests/hostkeys/Makefile 15 Apr 2025 04:00:42 -0000 1.11
+++ regress/usr.bin/ssh/unittests/hostkeys/Makefile 5 May 2025 06:32:44 -0000
@@ -6,7 +6,7 @@ SRCS=tests.c test_iterate.c
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c hostfile.c
SRCS+=ed25519.c hash.c
Index: regress/usr.bin/ssh/unittests/hostkeys/mktestdata.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/hostkeys/mktestdata.sh,v
diff -u -p -r1.2 mktestdata.sh
--- regress/usr.bin/ssh/unittests/hostkeys/mktestdata.sh 30 Apr 2017 23:33:48 -0000 1.2
+++ regress/usr.bin/ssh/unittests/hostkeys/mktestdata.sh 5 May 2025 06:32:44 -0000
@@ -5,7 +5,7 @@ set -ex
cd testdata
-rm -f rsa* dsa* ecdsa* ed25519*
+rm -f rsa* ecdsa* ed25519*
rm -f known_hosts*
gen_all() {
@@ -14,11 +14,10 @@ gen_all() {
test "x$_n" = "x1" && _ecdsa_bits=384
test "x$_n" = "x2" && _ecdsa_bits=521
ssh-keygen -qt rsa -b 1024 -C "RSA #$_n" -N "" -f rsa_$_n
- ssh-keygen -qt dsa -b 1024 -C "DSA #$_n" -N "" -f dsa_$_n
ssh-keygen -qt ecdsa -b $_ecdsa_bits -C "ECDSA #$_n" -N "" -f ecdsa_$_n
ssh-keygen -qt ed25519 -C "ED25519 #$_n" -N "" -f ed25519_$_n
# Don't need private keys
- rm -f rsa_$_n dsa_$_n ecdsa_$_n ed25519_$_n
+ rm -f rsa_$_n ecdsa_$_n ed25519_$_n
}
hentries() {
@@ -65,18 +64,18 @@ rm -f known_hosts_hash_frag.old
echo "# Revoked and CA keys"
printf "@revoked sisyphus.example.com " ; cat ed25519_4.pub
printf "@cert-authority prometheus.example.com " ; cat ecdsa_4.pub
- printf "@cert-authority *.example.com " ; cat dsa_4.pub
+ printf "@cert-authority *.example.com " ; cat rsa_4.pub
printf "\n"
echo "# Some invalid lines"
# Invalid marker
- printf "@what sisyphus.example.com " ; cat dsa_1.pub
+ printf "@what sisyphus.example.com " ; cat rsa_1.pub
# Key missing
echo "sisyphus.example.com "
# Key blob missing
echo "prometheus.example.com ssh-ed25519 "
# Key blob truncated
- echo "sisyphus.example.com ssh-dsa AAAATgAAAAdz"
+ echo "sisyphus.example.com ssh-rsa AAAATgAAAAdz"
# Invalid type
echo "sisyphus.example.com ssh-XXX AAAATgAAAAdzc2gtWFhYAAAAP0ZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRg=="
# Type mismatch with blob
Index: regress/usr.bin/ssh/unittests/hostkeys/test_iterate.c
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/hostkeys/test_iterate.c,v
diff -u -p -r1.9 test_iterate.c
--- regress/usr.bin/ssh/unittests/hostkeys/test_iterate.c 11 Jan 2024 01:45:58 -0000 1.9
+++ regress/usr.bin/ssh/unittests/hostkeys/test_iterate.c 5 May 2025 06:32:44 -0000
@@ -85,12 +85,6 @@ check(struct hostkey_foreach_line *l, vo
expected_keytype = (parse_key || expected->no_parse_keytype < 0) ?
expected->l.keytype : expected->no_parse_keytype;
-#ifndef WITH_DSA
- if (expected->l.keytype == KEY_DSA ||
- expected->no_parse_keytype == KEY_DSA)
- skip = 1;
-#endif
-
if (skip) {
expected_status = HKF_STATUS_INVALID;
expected_keytype = KEY_UNSPEC;
@@ -139,10 +133,6 @@ prepare_expected(struct expected *expect
for (i = 0; i < n; i++) {
if (expected[i].key_file == NULL)
continue;
-#ifndef WITH_DSA
- if (expected[i].l.keytype == KEY_DSA)
- continue;
-#endif
ASSERT_INT_EQ(sshkey_load_public(
test_data_file(expected[i].key_file), &expected[i].l.key,
NULL), 0);
@@ -175,23 +165,9 @@ struct expected expected_full[] = {
NULL, /* comment */
0, /* note */
} },
- { "dsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
- NULL,
- 2,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- "sisyphus.example.com",
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #1",
- 0,
- } },
{ "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 3,
+ 2,
HKF_STATUS_OK,
0,
NULL,
@@ -205,7 +181,7 @@ struct expected expected_full[] = {
} },
{ "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 4,
+ 3,
HKF_STATUS_OK,
0,
NULL,
@@ -219,7 +195,7 @@ struct expected expected_full[] = {
} },
{ "rsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 5,
+ 4,
HKF_STATUS_OK,
0,
NULL,
@@ -233,7 +209,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 6,
+ 5,
HKF_STATUS_COMMENT,
0,
"",
@@ -247,7 +223,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 7,
+ 6,
HKF_STATUS_COMMENT,
0,
"# Plain host keys, hostnames + addresses",
@@ -259,23 +235,9 @@ struct expected expected_full[] = {
NULL,
0,
} },
- { "dsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
- NULL,
- 8,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- "prometheus.example.com,192.0.2.1,2001:db8::1",
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #2",
- 0,
- } },
{ "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 9,
+ 7,
HKF_STATUS_OK,
0,
NULL,
@@ -289,7 +251,7 @@ struct expected expected_full[] = {
} },
{ "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 10,
+ 8,
HKF_STATUS_OK,
0,
NULL,
@@ -303,7 +265,7 @@ struct expected expected_full[] = {
} },
{ "rsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 11,
+ 9,
HKF_STATUS_OK,
0,
NULL,
@@ -317,7 +279,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 12,
+ 10,
HKF_STATUS_COMMENT,
0,
"",
@@ -331,7 +293,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 13,
+ 11,
HKF_STATUS_COMMENT,
0,
"# Some hosts with wildcard names / IPs",
@@ -343,23 +305,9 @@ struct expected expected_full[] = {
NULL,
0,
} },
- { "dsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
- NULL,
- 14,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- "*.example.com,192.0.2.*,2001:*",
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #3",
- 0,
- } },
{ "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 15,
+ 12,
HKF_STATUS_OK,
0,
NULL,
@@ -373,7 +321,7 @@ struct expected expected_full[] = {
} },
{ "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 16,
+ 13,
HKF_STATUS_OK,
0,
NULL,
@@ -387,7 +335,7 @@ struct expected expected_full[] = {
} },
{ "rsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
NULL,
- 17,
+ 14,
HKF_STATUS_OK,
0,
NULL,
@@ -401,7 +349,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 18,
+ 15,
HKF_STATUS_COMMENT,
0,
"",
@@ -415,7 +363,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 19,
+ 16,
HKF_STATUS_COMMENT,
0,
"# Hashed hostname and address entries",
@@ -427,23 +375,9 @@ struct expected expected_full[] = {
NULL,
0,
} },
- { "dsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
- NULL,
- 20,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- NULL,
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #5",
- 0,
- } },
{ "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
NULL,
- 21,
+ 17,
HKF_STATUS_OK,
0,
NULL,
@@ -457,7 +391,7 @@ struct expected expected_full[] = {
} },
{ "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
NULL,
- 22,
+ 18,
HKF_STATUS_OK,
0,
NULL,
@@ -471,7 +405,7 @@ struct expected expected_full[] = {
} },
{ "rsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
NULL,
- 23,
+ 19,
HKF_STATUS_OK,
0,
NULL,
@@ -485,7 +419,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 24,
+ 20,
HKF_STATUS_COMMENT,
0,
"",
@@ -502,51 +436,9 @@ struct expected expected_full[] = {
* hostname and addresses in the pre-hashed known_hosts are split
* to separate lines.
*/
- { "dsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
- NULL,
- 25,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- NULL,
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #6",
- 0,
- } },
- { "dsa_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
- NULL,
- 26,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- NULL,
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #6",
- 0,
- } },
- { "dsa_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
- NULL,
- 27,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_NONE,
- NULL,
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #6",
- 0,
- } },
{ "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
NULL,
- 28,
+ 21,
HKF_STATUS_OK,
0,
NULL,
@@ -560,7 +452,7 @@ struct expected expected_full[] = {
} },
{ "ecdsa_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
NULL,
- 29,
+ 22,
HKF_STATUS_OK,
0,
NULL,
@@ -574,7 +466,7 @@ struct expected expected_full[] = {
} },
{ "ecdsa_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
NULL,
- 30,
+ 23,
HKF_STATUS_OK,
0,
NULL,
@@ -588,7 +480,7 @@ struct expected expected_full[] = {
} },
{ "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
NULL,
- 31,
+ 24,
HKF_STATUS_OK,
0,
NULL,
@@ -602,7 +494,7 @@ struct expected expected_full[] = {
} },
{ "ed25519_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
NULL,
- 32,
+ 25,
HKF_STATUS_OK,
0,
NULL,
@@ -616,7 +508,7 @@ struct expected expected_full[] = {
} },
{ "ed25519_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
NULL,
- 33,
+ 26,
HKF_STATUS_OK,
0,
NULL,
@@ -630,7 +522,7 @@ struct expected expected_full[] = {
} },
{ "rsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
NULL,
- 34,
+ 27,
HKF_STATUS_OK,
0,
NULL,
@@ -644,7 +536,7 @@ struct expected expected_full[] = {
} },
{ "rsa_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
NULL,
- 35,
+ 28,
HKF_STATUS_OK,
0,
NULL,
@@ -658,7 +550,7 @@ struct expected expected_full[] = {
} },
{ "rsa_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
NULL,
- 36,
+ 29,
HKF_STATUS_OK,
0,
NULL,
@@ -672,7 +564,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 37,
+ 30,
HKF_STATUS_COMMENT,
0,
"",
@@ -686,7 +578,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 38,
+ 31,
HKF_STATUS_COMMENT,
0,
"",
@@ -700,7 +592,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 39,
+ 32,
HKF_STATUS_COMMENT,
0,
"# Revoked and CA keys",
@@ -714,7 +606,7 @@ struct expected expected_full[] = {
} },
{ "ed25519_4.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 40,
+ 33,
HKF_STATUS_OK,
0,
NULL,
@@ -728,7 +620,7 @@ struct expected expected_full[] = {
} },
{ "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
NULL,
- 41,
+ 34,
HKF_STATUS_OK,
0,
NULL,
@@ -740,23 +632,9 @@ struct expected expected_full[] = {
"ECDSA #4",
0,
} },
- { "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, {
- NULL,
- 42,
- HKF_STATUS_OK,
- 0,
- NULL,
- MRK_CA,
- "*.example.com",
- NULL,
- KEY_DSA,
- NULL, /* filled at runtime */
- "DSA #4",
- 0,
- } },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 43,
+ 35,
HKF_STATUS_COMMENT,
0,
"",
@@ -770,7 +648,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 44,
+ 36,
HKF_STATUS_COMMENT,
0,
"# Some invalid lines",
@@ -784,7 +662,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, 0, 0, 0, -1, {
NULL,
- 45,
+ 37,
HKF_STATUS_INVALID,
0,
NULL,
@@ -798,7 +676,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 46,
+ 38,
HKF_STATUS_INVALID,
0,
NULL,
@@ -812,7 +690,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
NULL,
- 47,
+ 39,
HKF_STATUS_INVALID,
0,
NULL,
@@ -824,9 +702,9 @@ struct expected expected_full[] = {
NULL,
0,
} },
- { NULL, -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
+ { NULL, HKF_STATUS_OK, KEY_ED25519, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 48,
+ 40,
HKF_STATUS_INVALID, /* Would be ok if key not parsed */
0,
NULL,
@@ -840,7 +718,7 @@ struct expected expected_full[] = {
} },
{ NULL, -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
NULL,
- 49,
+ 41,
HKF_STATUS_INVALID,
0,
NULL,
@@ -854,7 +732,7 @@ struct expected expected_full[] = {
} },
{ NULL, HKF_STATUS_OK, KEY_RSA, HKF_MATCH_HOST, 0, 0, 0, -1, {
NULL,
- 50,
+ 42,
HKF_STATUS_INVALID, /* Would be ok if key not parsed */
0,
NULL,
Index: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_1.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_1.pub
diff -N regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_1.pub
--- regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_1.pub 16 Feb 2015 22:18:34 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBAOqffHxEW4c+Z9q/r3l4sYK8F7qrBsU8XF9upGsW62T9InROFFq9IO0x3pQ6mDA0Wtw0sqcDmkPCHPyP4Ok/fU3/drLaZusHoVYu8pBBrWsIDrKgkeX9TEodBsSrYdl4Sqtqq9EZv9+DttV6LStZrgYyUTOKwOF95wGantpLynX5AAAAFQDdt+zjRNlETDsgmxcSYFgREirJrQAAAIBQlrPaiPhR24FhnMLcHH4016vL7AqDDID6Qw7PhbXGa4/XlxWMIigjBKrIPKvnZ6p712LSnCKtcbfdx0MtmJlNa01CYqPaRhgRaf+uGdvTkTUcdaq8R5lLJL+JMNwUhcC8ijm3NqEjXjffuebGe1EzIeiITbA7Nndcd+GytwRDegAAAIEAkRYPjSVcUxfUHhHdpP6V8CuY1+CYSs9EPJ7iiWTDuXWVIBTU32oJLAnrmAcOwtIzEfPvm+rff5FI/Yhon2pB3VTXhPPEBjYzE5qANanAT4e6tzAVc5f3DUhHaDknwRYfDz86GFvuLtDjeE/UZ9t6OofYoEsCBpYozLAprBvNIQY= DSA #1
Index: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_2.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_2.pub
diff -N regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_2.pub
--- regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_2.pub 16 Feb 2015 22:18:34 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBAI38Hy/61/O5Bp6yUG8J5XQCeNjRS0xvjlCdzKLyXCueMa+L+X2L/u9PWUsy5SVbTjGgpB8sF6UkCNsV+va7S8zCCHas2MZ7GPlxP6GZBkRPTIFR0N/Pu7wfBzDQz0t0iL4VmxBfTBQv/SxkGWZg+yHihIQP9fwdSAwD/7aVh6ItAAAAFQDSyihIUlINlswM0PJ8wXSti3yIMwAAAIB+oqzaB6ozqs8YxpN5oQOBa/9HEBQEsp8RSIlQmVubXRNgktp42n+Ii1waU9UUk8DX5ahhIeR6B7ojWkqmDAji4SKpoHf4kmr6HvYo85ZSTSx0W4YK/gJHSpDJwhlT52tAfb1JCbWSObjl09B4STv7KedCHcR5oXQvvrV+XoKOSAAAAIAue/EXrs2INw1RfaKNHC0oqOMxmRitv0BFMuNVPo1VDj39CE5kA7AHjwvS1TNeaHtK5Hhgeb6vsmLmNPTOc8xCob0ilyQbt9O0GbONeF2Ge7D2UJyULA/hxql+tCYFIC6yUrmo35fF9XiNisXLoaflk9fjp7ROWWVwnki/jstaQw== DSA #2
Index: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_3.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_3.pub
diff -N regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_3.pub
--- regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_3.pub 16 Feb 2015 22:18:34 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBAI6lz2Ip9bzE7TGuDD4SjO9S4Ac90gq0h6ai1O06eI8t/Ot2uJ5Jk2QyVr2jvIZHDl/5bwBx7+5oyjlwRoUrAPPD814wf5tU2tSnmdu1Wbf0cBswif5q0r4tevzmopp/AtgH11QHo3u0/pfyJd10qBDLV2FaYSKMmZvyPfZJ0s9pAAAAFQD5Eqjl6Rx2qVePodD9OwAPT0bU6wAAAIAfnDm6csZF0sFaJR3NIJvaYgSGr8s7cqlsk2gLltB/1wOOO2yX+NeEC+B0H93hlMfaUsPa08bwgmYxnavSMqEBpmtPceefJiEd68zwYqXd38f88wyWZ9Z5iwaI/6OVZPHzCbDxOa4ewVTevRNYUKP1xUTZNT8/gSMfZLYPk4T2AQAAAIAUKroozRMyV+3V/rxt0gFnNxRXBKk+9cl3vgsQ7ktkI9cYg7V1T2K0XF21AVMK9gODszy6PBJjV6ruXBV6TRiqIbQauivp3bHHKYsG6wiJNqwdbVwIjfvv8nn1qFoZQLXG3sdONr9NwN8KzrX89OV0BlR2dVM5qqp+YxOXymP9yg== DSA #3
Index: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_4.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_4.pub
diff -N regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_4.pub
--- regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_4.pub 16 Feb 2015 22:18:34 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBAKvjnFHm0VvMr5h2Zu3nURsxQKGoxm+DCzYDxRYcilK07Cm5c4XTrFbA2X86+9sGs++W7QRMcTJUYIg0a+UtIMtAjwORd6ZPXM2K5dBW+gh1oHyvKi767tWX7I2c+1ZPJDY95mUUfZQUEfdy9eGDSBmw/pSsveQ1ur6XNUh/MtP/AAAAFQDHnXk/9jBJAdce1pHtLWnbdPSGdQAAAIEAm2OLy8tZBfiEO3c3X1yyB/GTcDwrQCqRMDkhnsmrliec3dWkOfNTzu+MrdvF8ymTWLEqPpbMheYtvNyZ3TF0HO5W7aVBpdGZbOdOAIfB+6skqGbI8A5Up1d7dak/bSsqL2r5NjwbDOdq+1hBzzvbl/qjh+sQarV2zHrpKoQaV28AAACANtkBVedBbqIAdphCrN/LbUi9WlyuF9UZz+tlpVLYrj8GJVwnplV2tvOmUw6yP5/pzCimTsao8dpL5PWxm7fKxLWVxA+lEsA4WeC885CiZn8xhdaJOCN+NyJ2bqkz+4VPI7oDGBm0aFwUqJn+M1PiSgvI50XdF2dBsFRTRNY0wzA= DSA #4
Index: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_5.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_5.pub
diff -N regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_5.pub
--- regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_5.pub 16 Feb 2015 22:18:34 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBALrFy7w5ihlaOG+qR+6fj+vm5EQaO3qwxgACLcgH+VfShuOG4mkx8qFJmf+OZ3fh5iKngjNZfKtfcqI7zHWdk6378TQfQC52/kbZukjNXOLCpyNkogahcjA00onIoTK1RUDuMW28edAHwPFbpttXDTaqis+8JPMY8hZwsZGENCzTAAAAFQD6+It5vozwGgaN9ROYPMlByhi6jwAAAIBz2mcAC694vNzz9b6614gkX9d9E99PzJYfU1MPkXDziKg7MrjBw7Opd5y1jL09S3iL6lSTlHkKwVKvQ3pOwWRwXXRrKVus4I0STveoApm526jmp6mY0YEtqR98vMJ0v97h1ydt8FikKlihefCsnXVicb8887PXs2Y8C6GuFT3tfQAAAIBbmHtV5tPcrMRDkULhaQ/Whap2VKvT2DUhIHA7lx6oy/KpkltOpxDZOIGUHKqffGbiR7Jh01/y090AY5L2eCf0S2Ytx93+eADwVVpJbFJo6zSwfeey2Gm6L2oA+rCz9zTdmtZoekpD3/RAOQjnJIAPwbs7mXwabZTw4xRtiYIRrw== DSA #5
Index: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_6.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_6.pub
diff -N regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_6.pub
--- regress/usr.bin/ssh/unittests/hostkeys/testdata/dsa_6.pub 16 Feb 2015 22:18:34 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBAIutigAse65TCW6hHDOEGXenE9L4L0talHbs65hj3UUNtWflKdQeXLofqXgW8AwaDKmnuRPrxRoxVNXj84n45wtBEdt4ztmdAZteAbXSnHqpcxME3jDxh3EtxzGPXLs+RUmKPVguraSgo7W2oN7KFx6VM+AcAtxANSTlvDid3s47AAAAFQCd9Q3kkHSLWe77sW0eRaayI45ovwAAAIAw6srGF6xvFasI44Y3r9JJ2K+3ezozl3ldL3p2+p2HG3iWafC4SdV8pB6ZIxKlYAywiiFb3LzH/JweGFq1jtoFDRM3MlYORBevydU4zPz7b5QLDVB0sY4evYtWmg2BFJvoWRfhLnlZVW7h5N8v4fNIwdVmVsw4Ljes7iF2HRGhHgAAAIBDFT3fww2Oby1xUA6G9pDAcVikrQFqp1sJRylNTUyeyQ37SNAGzYxwHJFgQr8gZLdRQ1UW+idYpqVbVNcYFMOiw/zSqK2OfVwPZ9U+TTKdc992ChSup6vJEKM/ZVIyDWDbJr7igQ4ahy7jo9mFvm8ljN926EnspQzCvs0Dxk6tHA== DSA #6
Index: regress/usr.bin/ssh/unittests/hostkeys/testdata/known_hosts
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/hostkeys/testdata/known_hosts,v
diff -u -p -r1.2 known_hosts
--- regress/usr.bin/ssh/unittests/hostkeys/testdata/known_hosts 30 Apr 2017 23:33:48 -0000 1.2
+++ regress/usr.bin/ssh/unittests/hostkeys/testdata/known_hosts 5 May 2025 06:32:44 -0000
@@ -1,30 +1,23 @@
# Plain host keys, plain host names
-sisyphus.example.com ssh-dss AAAAB3NzaC1kc3MAAACBAOqffHxEW4c+Z9q/r3l4sYK8F7qrBsU8XF9upGsW62T9InROFFq9IO0x3pQ6mDA0Wtw0sqcDmkPCHPyP4Ok/fU3/drLaZusHoVYu8pBBrWsIDrKgkeX9TEodBsSrYdl4Sqtqq9EZv9+DttV6LStZrgYyUTOKwOF95wGantpLynX5AAAAFQDdt+zjRNlETDsgmxcSYFgREirJrQAAAIBQlrPaiPhR24FhnMLcHH4016vL7AqDDID6Qw7PhbXGa4/XlxWMIigjBKrIPKvnZ6p712LSnCKtcbfdx0MtmJlNa01CYqPaRhgRaf+uGdvTkTUcdaq8R5lLJL+JMNwUhcC8ijm3NqEjXjffuebGe1EzIeiITbA7Nndcd+GytwRDegAAAIEAkRYPjSVcUxfUHhHdpP6V8CuY1+CYSs9EPJ7iiWTDuXWVIBTU32oJLAnrmAcOwtIzEfPvm+rff5FI/Yhon2pB3VTXhPPEBjYzE5qANanAT4e6tzAVc5f3DUhHaDknwRYfDz86GFvuLtDjeE/UZ9t6OofYoEsCBpYozLAprBvNIQY= DSA #1
sisyphus.example.com ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBF6yQEtD9yBw9gmDRf477WBBzvWhAa0ioBI3nbA4emKykj0RbuQd5C4XdQAEOZGzE7v//FcCjwB2wi+JH5eKkxCtN6CjohDASZ1huoIV2UVyYIicZJEEOg1IWjjphvaxtw== ECDSA #1
sisyphus.example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9ks7jkua5YWIwByRnnnc6UPJQWI75O0e/UJdPYU1JI ED25519 #1
sisyphus.example.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDg4hB4vAZHJ0PVRiJajOv/GlytFWNpv5/9xgB9+5BIbvp8LOrFZ5D9K0Gsmwpd4G4rfaAz8j896DhMArg0vtkilIPPGt/6VzWMERgvaIQPJ/IE99X3+fjcAG56oAWwy29JX10lQMzBPU6XJIaN/zqpkb6qUBiAHBdLpxrFBBU0/w== RSA #1
# Plain host keys, hostnames + addresses
-prometheus.example.com,192.0.2.1,2001:db8::1 ssh-dss AAAAB3NzaC1kc3MAAACBAI38Hy/61/O5Bp6yUG8J5XQCeNjRS0xvjlCdzKLyXCueMa+L+X2L/u9PWUsy5SVbTjGgpB8sF6UkCNsV+va7S8zCCHas2MZ7GPlxP6GZBkRPTIFR0N/Pu7wfBzDQz0t0iL4VmxBfTBQv/SxkGWZg+yHihIQP9fwdSAwD/7aVh6ItAAAAFQDSyihIUlINlswM0PJ8wXSti3yIMwAAAIB+oqzaB6ozqs8YxpN5oQOBa/9HEBQEsp8RSIlQmVubXRNgktp42n+Ii1waU9UUk8DX5ahhIeR6B7ojWkqmDAji4SKpoHf4kmr6HvYo85ZSTSx0W4YK/gJHSpDJwhlT52tAfb1JCbWSObjl09B4STv7KedCHcR5oXQvvrV+XoKOSAAAAIAue/EXrs2INw1RfaKNHC0oqOMxmRitv0BFMuNVPo1VDj39CE5kA7AHjwvS1TNeaHtK5Hhgeb6vsmLmNPTOc8xCob0ilyQbt9O0GbONeF2Ge7D2UJyULA/hxql+tCYFIC6yUrmo35fF9XiNisXLoaflk9fjp7ROWWVwnki/jstaQw== DSA #2
prometheus.example.com,192.0.2.1,2001:db8::1 ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAB8qVcXwgBM92NCmReQlPrZAoui4Bz/mW0VUBFOpHXXW1n+15b/Y7Pc6UBd/ITTZmaBciXY+PWaSBGdwc5GdqGdLgFyJ/QAGrFMPNpVutm/82gNQzlxpNwjbMcKyiZEXzSgnjS6DzMQ0WuSMdzIBXq8OW/Kafxg4ZkU6YqALUXxlQMZuQ== ECDSA #2
prometheus.example.com,192.0.2.1,2001:db8::1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBp6PVW0z2o9C4Ukv/JOgmK7QMFe1pD1s3ADFF7IQob ED25519 #2
prometheus.example.com,192.0.2.1,2001:db8::1 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDmbUhNabB5AmBDX6GNHZ3lbn7pRxqfpW+f53QqNGlK0sLV+0gkMIrOfUp1kdE2ZLE6tfzdicatj/RlH6/wuo4yyYb+Pyx3G0vxdmAIiA4aANq38XweDucBC0TZkRWVHK+Gs5V/uV0z7N0axJvkkJujMLvST3CRiiWwlficBc6yVQ== RSA #2
# Some hosts with wildcard names / IPs
-*.example.com,192.0.2.*,2001:* ssh-dss AAAAB3NzaC1kc3MAAACBAI6lz2Ip9bzE7TGuDD4SjO9S4Ac90gq0h6ai1O06eI8t/Ot2uJ5Jk2QyVr2jvIZHDl/5bwBx7+5oyjlwRoUrAPPD814wf5tU2tSnmdu1Wbf0cBswif5q0r4tevzmopp/AtgH11QHo3u0/pfyJd10qBDLV2FaYSKMmZvyPfZJ0s9pAAAAFQD5Eqjl6Rx2qVePodD9OwAPT0bU6wAAAIAfnDm6csZF0sFaJR3NIJvaYgSGr8s7cqlsk2gLltB/1wOOO2yX+NeEC+B0H93hlMfaUsPa08bwgmYxnavSMqEBpmtPceefJiEd68zwYqXd38f88wyWZ9Z5iwaI/6OVZPHzCbDxOa4ewVTevRNYUKP1xUTZNT8/gSMfZLYPk4T2AQAAAIAUKroozRMyV+3V/rxt0gFnNxRXBKk+9cl3vgsQ7ktkI9cYg7V1T2K0XF21AVMK9gODszy6PBJjV6ruXBV6TRiqIbQauivp3bHHKYsG6wiJNqwdbVwIjfvv8nn1qFoZQLXG3sdONr9NwN8KzrX89OV0BlR2dVM5qqp+YxOXymP9yg== DSA #3
*.example.com,192.0.2.*,2001:* ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIb3BhJZk+vUQPg5TQc1koIzuGqloCq7wjr9LjlhG24IBeiFHLsdWw74HDlH4DrOmlxToVYk2lTdnjARleRByjk= ECDSA #3
*.example.com,192.0.2.*,2001:* ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBlYfExtYZAPqYvYdrlpGlSWhh/XNHcH3v3c2JzsVNbB ED25519 #3
*.example.com,192.0.2.*,2001:* ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDX8F93W3SH4ZSus4XUQ2cw9dqcuyUETTlKEeGv3zlknV3YCoe2Mp04naDhiuwj8sOsytrZSESzLY1ZEyzrjxE6ZFVv8NKgck/AbRjcwlRFOcx9oKUxOrXRa0IoXlTq0kyjKCJfaHBKnGitZThknCPTbVmpATkm5xx6J0WEDozfoQ== RSA #3
# Hashed hostname and address entries
-|1|z3xOIdT5ue3Vuf3MzT67kaioqjw=|GZhhe5uwDOBQrC9N4cCjpbLpSn4= ssh-dss AAAAB3NzaC1kc3MAAACBALrFy7w5ihlaOG+qR+6fj+vm5EQaO3qwxgACLcgH+VfShuOG4mkx8qFJmf+OZ3fh5iKngjNZfKtfcqI7zHWdk6378TQfQC52/kbZukjNXOLCpyNkogahcjA00onIoTK1RUDuMW28edAHwPFbpttXDTaqis+8JPMY8hZwsZGENCzTAAAAFQD6+It5vozwGgaN9ROYPMlByhi6jwAAAIBz2mcAC694vNzz9b6614gkX9d9E99PzJYfU1MPkXDziKg7MrjBw7Opd5y1jL09S3iL6lSTlHkKwVKvQ3pOwWRwXXRrKVus4I0STveoApm526jmp6mY0YEtqR98vMJ0v97h1ydt8FikKlihefCsnXVicb8887PXs2Y8C6GuFT3tfQAAAIBbmHtV5tPcrMRDkULhaQ/Whap2VKvT2DUhIHA7lx6oy/KpkltOpxDZOIGUHKqffGbiR7Jh01/y090AY5L2eCf0S2Ytx93+eADwVVpJbFJo6zSwfeey2Gm6L2oA+rCz9zTdmtZoekpD3/RAOQjnJIAPwbs7mXwabZTw4xRtiYIRrw== DSA #5
|1|B7t/AYabn8zgwU47Cb4A/Nqt3eI=|arQPZyRphkzisr7w6wwikvhaOyE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIudcagzq4QPtP1jkpje34+0POLB0jwT64hqrbCqhTH2T800KDZ0h2vwlJYa3OP3Oqru9AB5pnuHsKw7mAhUGY= ECDSA #5
|1|JR81WxEocTP5d7goIRkl8fHBbno=|l6sj6FOsoXxgEZMzn/BnOfPKN68= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINf63qSV8rD57N+digID8t28WVhd3Yf2K2UhaoG8TsWQ ED25519 #5
|1|W7x4zY6KtTZJgsopyOusJqvVPag=|QauLt7hKezBZFZi2i4Xopho7Nsk= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC/C15Q4sfnk7BZff1er8bscay+5s51oD4eWArlHWMK/ZfYeeTAccTy+7B7Jv+MS4nKCpflrvJI2RQz4kS8vF0ATdBbi4jeWefStlHNg0HLhnCY7NAfDIlRdaN9lm3Pqm2vmr+CkqwcJaSpycDg8nPN9yNAuD6pv7NDuUnECezojQ== RSA #5
-|1|mxnU8luzqWLvfVi5qBm5xVIyCRM=|9Epopft7LBd80Bf6RmWPIpwa8yU= ssh-dss AAAAB3NzaC1kc3MAAACBAIutigAse65TCW6hHDOEGXenE9L4L0talHbs65hj3UUNtWflKdQeXLofqXgW8AwaDKmnuRPrxRoxVNXj84n45wtBEdt4ztmdAZteAbXSnHqpcxME3jDxh3EtxzGPXLs+RUmKPVguraSgo7W2oN7KFx6VM+AcAtxANSTlvDid3s47AAAAFQCd9Q3kkHSLWe77sW0eRaayI45ovwAAAIAw6srGF6xvFasI44Y3r9JJ2K+3ezozl3ldL3p2+p2HG3iWafC4SdV8pB6ZIxKlYAywiiFb3LzH/JweGFq1jtoFDRM3MlYORBevydU4zPz7b5QLDVB0sY4evYtWmg2BFJvoWRfhLnlZVW7h5N8v4fNIwdVmVsw4Ljes7iF2HRGhHgAAAIBDFT3fww2Oby1xUA6G9pDAcVikrQFqp1sJRylNTUyeyQ37SNAGzYxwHJFgQr8gZLdRQ1UW+idYpqVbVNcYFMOiw/zSqK2OfVwPZ9U+TTKdc992ChSup6vJEKM/ZVIyDWDbJr7igQ4ahy7jo9mFvm8ljN926EnspQzCvs0Dxk6tHA== DSA #6
-|1|klvLmvh2vCpkNMDEjVvrE8SJWTg=|e/dqEEBLnbgqmwEesl4cDRu/7TM= ssh-dss AAAAB3NzaC1kc3MAAACBAIutigAse65TCW6hHDOEGXenE9L4L0talHbs65hj3UUNtWflKdQeXLofqXgW8AwaDKmnuRPrxRoxVNXj84n45wtBEdt4ztmdAZteAbXSnHqpcxME3jDxh3EtxzGPXLs+RUmKPVguraSgo7W2oN7KFx6VM+AcAtxANSTlvDid3s47AAAAFQCd9Q3kkHSLWe77sW0eRaayI45ovwAAAIAw6srGF6xvFasI44Y3r9JJ2K+3ezozl3ldL3p2+p2HG3iWafC4SdV8pB6ZIxKlYAywiiFb3LzH/JweGFq1jtoFDRM3MlYORBevydU4zPz7b5QLDVB0sY4evYtWmg2BFJvoWRfhLnlZVW7h5N8v4fNIwdVmVsw4Ljes7iF2HRGhHgAAAIBDFT3fww2Oby1xUA6G9pDAcVikrQFqp1sJRylNTUyeyQ37SNAGzYxwHJFgQr8gZLdRQ1UW+idYpqVbVNcYFMOiw/zSqK2OfVwPZ9U+TTKdc992ChSup6vJEKM/ZVIyDWDbJr7igQ4ahy7jo9mFvm8ljN926EnspQzCvs0Dxk6tHA== DSA #6
-|1|wsk3ddB3UjuxEsoeNCeZjZ6NvZs=|O3O/q2Z/u7DrxoTiIq6kzCevQT0= ssh-dss AAAAB3NzaC1kc3MAAACBAIutigAse65TCW6hHDOEGXenE9L4L0talHbs65hj3UUNtWflKdQeXLofqXgW8AwaDKmnuRPrxRoxVNXj84n45wtBEdt4ztmdAZteAbXSnHqpcxME3jDxh3EtxzGPXLs+RUmKPVguraSgo7W2oN7KFx6VM+AcAtxANSTlvDid3s47AAAAFQCd9Q3kkHSLWe77sW0eRaayI45ovwAAAIAw6srGF6xvFasI44Y3r9JJ2K+3ezozl3ldL3p2+p2HG3iWafC4SdV8pB6ZIxKlYAywiiFb3LzH/JweGFq1jtoFDRM3MlYORBevydU4zPz7b5QLDVB0sY4evYtWmg2BFJvoWRfhLnlZVW7h5N8v4fNIwdVmVsw4Ljes7iF2HRGhHgAAAIBDFT3fww2Oby1xUA6G9pDAcVikrQFqp1sJRylNTUyeyQ37SNAGzYxwHJFgQr8gZLdRQ1UW+idYpqVbVNcYFMOiw/zSqK2OfVwPZ9U+TTKdc992ChSup6vJEKM/ZVIyDWDbJr7igQ4ahy7jo9mFvm8ljN926EnspQzCvs0Dxk6tHA== DSA #6
|1|B8epmkLSni+vGZDijr/EwxeR2k4=|7ct8yzNOVJhKm3ZD2w0XIT7df8E= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK1wRLyKtvK3Mmhd0XPkKwW4ev1KBVf8J4aG8lESq1TsaqqfOXYGyxMq5pN8fCGiD5UPOqyTYz/ZNzClRhJRHao= ECDSA #6
|1|JojD885UhYhbCu571rgyM/5PpYU=|BJaU2aE1FebQZy3B5tzTDRWFRG0= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK1wRLyKtvK3Mmhd0XPkKwW4ev1KBVf8J4aG8lESq1TsaqqfOXYGyxMq5pN8fCGiD5UPOqyTYz/ZNzClRhJRHao= ECDSA #6
|1|5t7UDHDybVrDZVQPCpwdnr6nk4k=|EqJ73W/veIL3H2x+YWHcJxI5ETA= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK1wRLyKtvK3Mmhd0XPkKwW4ev1KBVf8J4aG8lESq1TsaqqfOXYGyxMq5pN8fCGiD5UPOqyTYz/ZNzClRhJRHao= ECDSA #6
@@ -39,12 +32,11 @@ prometheus.example.com,192.0.2.1,2001:db
# Revoked and CA keys
@revoked sisyphus.example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFP8L9REfN/iYy1KIRtFqSCn3V2+vOCpoZYENFGLdOF ED25519 #4
@cert-authority prometheus.example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZd0OXHIWwK3xnjAdMZ1tojxWycdu38pORO/UX5cqsKMgGCKQVBWWO3TFk1ePkGIE9VMWT1hCGqWRRwYlH+dSE= ECDSA #4
-@cert-authority *.example.com ssh-dss AAAAB3NzaC1kc3MAAACBAKvjnFHm0VvMr5h2Zu3nURsxQKGoxm+DCzYDxRYcilK07Cm5c4XTrFbA2X86+9sGs++W7QRMcTJUYIg0a+UtIMtAjwORd6ZPXM2K5dBW+gh1oHyvKi767tWX7I2c+1ZPJDY95mUUfZQUEfdy9eGDSBmw/pSsveQ1ur6XNUh/MtP/AAAAFQDHnXk/9jBJAdce1pHtLWnbdPSGdQAAAIEAm2OLy8tZBfiEO3c3X1yyB/GTcDwrQCqRMDkhnsmrliec3dWkOfNTzu+MrdvF8ymTWLEqPpbMheYtvNyZ3TF0HO5W7aVBpdGZbOdOAIfB+6skqGbI8A5Up1d7dak/bSsqL2r5NjwbDOdq+1hBzzvbl/qjh+sQarV2zHrpKoQaV28AAACANtkBVedBbqIAdphCrN/LbUi9WlyuF9UZz+tlpVLYrj8GJVwnplV2tvOmUw6yP5/pzCimTsao8dpL5PWxm7fKxLWVxA+lEsA4WeC885CiZn8xhdaJOCN+NyJ2bqkz+4VPI7oDGBm0aFwUqJn+M1PiSgvI50XdF2dBsFRTRNY0wzA= DSA #4
# Some invalid lines
-@what sisyphus.example.com ssh-dss AAAAB3NzaC1kc3MAAACBAOqffHxEW4c+Z9q/r3l4sYK8F7qrBsU8XF9upGsW62T9InROFFq9IO0x3pQ6mDA0Wtw0sqcDmkPCHPyP4Ok/fU3/drLaZusHoVYu8pBBrWsIDrKgkeX9TEodBsSrYdl4Sqtqq9EZv9+DttV6LStZrgYyUTOKwOF95wGantpLynX5AAAAFQDdt+zjRNlETDsgmxcSYFgREirJrQAAAIBQlrPaiPhR24FhnMLcHH4016vL7AqDDID6Qw7PhbXGa4/XlxWMIigjBKrIPKvnZ6p712LSnCKtcbfdx0MtmJlNa01CYqPaRhgRaf+uGdvTkTUcdaq8R5lLJL+JMNwUhcC8ijm3NqEjXjffuebGe1EzIeiITbA7Nndcd+GytwRDegAAAIEAkRYPjSVcUxfUHhHdpP6V8CuY1+CYSs9EPJ7iiWTDuXWVIBTU32oJLAnrmAcOwtIzEfPvm+rff5FI/Yhon2pB3VTXhPPEBjYzE5qANanAT4e6tzAVc5f3DUhHaDknwRYfDz86GFvuLtDjeE/UZ9t6OofYoEsCBpYozLAprBvNIQY= DSA #1
+@what ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDg4hB4vAZHJ0PVRiJajOv/GlytFWNpv5/9xgB9+5BIbvp8LOrFZ5D9K0Gsmwpd4G4rfaAz8j896DhMArg0vtkilIPPGt/6VzWMERgvaIQPJ/IE99X3+fjcAG56oAWwy29JX10lQMzBPU6XJIaN/zqpkb6qUBiAHBdLpxrFBBU0/w== RSA #1
sisyphus.example.com
prometheus.example.com ssh-ed25519
-sisyphus.example.com ssh-dsa AAAATgAAAAdz
+sisyphus.example.com ssh-ed25519 AAAATgAAAAdz
sisyphus.example.com ssh-XXX AAAATgAAAAdzc2gtWFhYAAAAP0ZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRg==
prometheus.example.com ssh-rsa AAAATgAAAAdzc2gtWFhYAAAAP0ZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRkZVQ0tPRkZGVUNLT0ZGRlVDS09GRg==
Index: regress/usr.bin/ssh/unittests/kex/Makefile
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/kex/Makefile,v
diff -u -p -r1.17 Makefile
--- regress/usr.bin/ssh/unittests/kex/Makefile 15 Apr 2025 04:00:42 -0000 1.17
+++ regress/usr.bin/ssh/unittests/kex/Makefile 5 May 2025 06:32:44 -0000
@@ -6,7 +6,7 @@ SRCS=tests.c test_kex.c test_proposal.c
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
SRCS+=compat.c ed25519.c hash.c
Index: regress/usr.bin/ssh/unittests/kex/test_kex.c
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/kex/test_kex.c,v
diff -u -p -r1.10 test_kex.c
--- regress/usr.bin/ssh/unittests/kex/test_kex.c 15 Apr 2025 04:00:42 -0000 1.10
+++ regress/usr.bin/ssh/unittests/kex/test_kex.c 5 May 2025 06:32:44 -0000
@@ -209,9 +209,6 @@ do_kex(char *kex)
}
do_kex_with_key(kex, NULL, NULL, NULL, KEY_RSA, 2048);
- #ifdef WITH_DSA
- do_kex_with_key(kex, NULL, NULL, NULL, KEY_DSA, 1024);
- #endif
do_kex_with_key(kex, NULL, NULL, NULL, KEY_ECDSA, 256);
do_kex_with_key(kex, NULL, NULL, NULL, KEY_ED25519, 256);
}
Index: regress/usr.bin/ssh/unittests/sshkey/Makefile
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshkey/Makefile,v
diff -u -p -r1.12 Makefile
--- regress/usr.bin/ssh/unittests/sshkey/Makefile 15 Jan 2023 23:35:10 -0000 1.12
+++ regress/usr.bin/ssh/unittests/sshkey/Makefile 5 May 2025 06:32:44 -0000
@@ -6,7 +6,7 @@ SRCS=tests.c test_sshkey.c test_file.c t
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c
SRCS+=ed25519.c hash.c
Index: regress/usr.bin/ssh/unittests/sshkey/common.c
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshkey/common.c,v
diff -u -p -r1.6 common.c
--- regress/usr.bin/ssh/unittests/sshkey/common.c 15 Aug 2024 00:52:23 -0000 1.6
+++ regress/usr.bin/ssh/unittests/sshkey/common.c 5 May 2025 06:32:44 -0000
@@ -17,7 +17,6 @@
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include <openssl/objects.h>
#include "test_helper.h"
@@ -115,37 +114,3 @@ rsa_q(struct sshkey *k)
RSA_get0_factors(EVP_PKEY_get0_RSA(k->pkey), NULL, &q);
return q;
}
-
-const BIGNUM *
-dsa_g(struct sshkey *k)
-{
- const BIGNUM *g = NULL;
-
- ASSERT_PTR_NE(k, NULL);
- ASSERT_PTR_NE(k->dsa, NULL);
- DSA_get0_pqg(k->dsa, NULL, NULL, &g);
- return g;
-}
-
-const BIGNUM *
-dsa_pub_key(struct sshkey *k)
-{
- const BIGNUM *pub_key = NULL;
-
- ASSERT_PTR_NE(k, NULL);
- ASSERT_PTR_NE(k->dsa, NULL);
- DSA_get0_key(k->dsa, &pub_key, NULL);
- return pub_key;
-}
-
-const BIGNUM *
-dsa_priv_key(struct sshkey *k)
-{
- const BIGNUM *priv_key = NULL;
-
- ASSERT_PTR_NE(k, NULL);
- ASSERT_PTR_NE(k->dsa, NULL);
- DSA_get0_key(k->dsa, NULL, &priv_key);
- return priv_key;
-}
-
Index: regress/usr.bin/ssh/unittests/sshkey/common.h
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshkey/common.h,v
diff -u -p -r1.2 common.h
--- regress/usr.bin/ssh/unittests/sshkey/common.h 13 Sep 2018 09:03:20 -0000 1.2
+++ regress/usr.bin/ssh/unittests/sshkey/common.h 5 May 2025 06:32:44 -0000
@@ -19,7 +19,4 @@ const BIGNUM *rsa_n(struct sshkey *k);
const BIGNUM *rsa_e(struct sshkey *k);
const BIGNUM *rsa_p(struct sshkey *k);
const BIGNUM *rsa_q(struct sshkey *k);
-const BIGNUM *dsa_g(struct sshkey *k);
-const BIGNUM *dsa_pub_key(struct sshkey *k);
-const BIGNUM *dsa_priv_key(struct sshkey *k);
Index: regress/usr.bin/ssh/unittests/sshkey/mktestdata.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshkey/mktestdata.sh,v
diff -u -p -r1.11 mktestdata.sh
--- regress/usr.bin/ssh/unittests/sshkey/mktestdata.sh 19 Jun 2020 03:48:49 -0000 1.11
+++ regress/usr.bin/ssh/unittests/sshkey/mktestdata.sh 5 May 2025 06:32:44 -0000
@@ -24,27 +24,6 @@ rsa_params() {
done
}
-dsa_params() {
- _in="$1"
- _outbase="$2"
- set -e
- openssl dsa -noout -text -in $_in | \
- awk '/^priv:$/,/^pub:/' | \
- grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.priv
- openssl dsa -noout -text -in $_in | \
- awk '/^pub:/,/^P:/' | #\
- grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.pub
- openssl dsa -noout -text -in $_in | \
- awk '/^G:/,0' | \
- grep -v '^[a-zA-Z]' | tr -d ' \n:' > ${_outbase}.g
- for x in priv pub g ; do
- echo "" >> ${_outbase}.$x
- echo ============ ${_outbase}.$x
- cat ${_outbase}.$x
- echo ============
- done
-}
-
ecdsa_params() {
_in="$1"
_outbase="$2"
@@ -79,15 +58,14 @@ else
exit 1
fi
-rm -f rsa_1 dsa_1 ecdsa_1 ed25519_1
-rm -f rsa_2 dsa_2 ecdsa_2 ed25519_2
-rm -f rsa_n dsa_n ecdsa_n # new-format keys
-rm -f rsa_1_pw dsa_1_pw ecdsa_1_pw ed25519_1_pw
-rm -f rsa_n_pw dsa_n_pw ecdsa_n_pw
+rm -f rsa_1 ecdsa_1 ed25519_1
+rm -f rsa_2 ecdsa_2 ed25519_2
+rm -f rsa_n ecdsa_n # new-format keys
+rm -f rsa_1_pw ecdsa_1_pw ed25519_1_pw
+rm -f rsa_n_pw ecdsa_n_pw
rm -f pw *.pub *.bn.* *.param.* *.fp *.fp.bb
ssh-keygen -t rsa -b 1024 -C "RSA test key #1" -N "" -f rsa_1 -m PEM
-ssh-keygen -t dsa -b 1024 -C "DSA test key #1" -N "" -f dsa_1 -m PEM
ssh-keygen -t ecdsa -b 256 -C "ECDSA test key #1" -N "" -f ecdsa_1 -m PEM
ssh-keygen -t ed25519 -C "ED25519 test key #1" -N "" -f ed25519_1
ssh-keygen -w "$SK_DUMMY" -t ecdsa-sk -C "ECDSA-SK test key #1" \
@@ -97,7 +75,6 @@ ssh-keygen -w "$SK_DUMMY" -t ed25519-sk
ssh-keygen -t rsa -b 2048 -C "RSA test key #2" -N "" -f rsa_2 -m PEM
-ssh-keygen -t dsa -b 1024 -C "DSA test key #2" -N "" -f dsa_2 -m PEM
ssh-keygen -t ecdsa -b 521 -C "ECDSA test key #2" -N "" -f ecdsa_2 -m PEM
ssh-keygen -t ed25519 -C "ED25519 test key #2" -N "" -f ed25519_2
ssh-keygen -w "$SK_DUMMY" -t ecdsa-sk -C "ECDSA-SK test key #2" \
@@ -106,37 +83,29 @@ ssh-keygen -w "$SK_DUMMY" -t ed25519-sk
-N "" -f ed25519_sk2
cp rsa_1 rsa_n
-cp dsa_1 dsa_n
cp ecdsa_1 ecdsa_n
ssh-keygen -pf rsa_n -N ""
-ssh-keygen -pf dsa_n -N ""
ssh-keygen -pf ecdsa_n -N ""
cp rsa_1 rsa_1_pw
-cp dsa_1 dsa_1_pw
cp ecdsa_1 ecdsa_1_pw
cp ed25519_1 ed25519_1_pw
cp ecdsa_sk1 ecdsa_sk1_pw
cp ed25519_sk1 ed25519_sk1_pw
cp rsa_1 rsa_n_pw
-cp dsa_1 dsa_n_pw
cp ecdsa_1 ecdsa_n_pw
ssh-keygen -pf rsa_1_pw -m PEM -N "$PW"
-ssh-keygen -pf dsa_1_pw -m PEM -N "$PW"
ssh-keygen -pf ecdsa_1_pw -m PEM -N "$PW"
ssh-keygen -pf ed25519_1_pw -N "$PW"
ssh-keygen -pf ecdsa_sk1_pw -m PEM -N "$PW"
ssh-keygen -pf ed25519_sk1_pw -N "$PW"
ssh-keygen -pf rsa_n_pw -N "$PW"
-ssh-keygen -pf dsa_n_pw -N "$PW"
ssh-keygen -pf ecdsa_n_pw -N "$PW"
rsa_params rsa_1 rsa_1.param
rsa_params rsa_2 rsa_2.param
-dsa_params dsa_1 dsa_1.param
-dsa_params dsa_1 dsa_1.param
ecdsa_params ecdsa_1 ecdsa_1.param
ecdsa_params ecdsa_2 ecdsa_2.param
# XXX ed25519, *sk params
@@ -146,9 +115,6 @@ ssh-keygen -s rsa_2 -I hugo -n user1,use
-V 19990101:20110101 -z 1 rsa_1.pub
ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
-Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
- -V 19990101:20110101 -z 2 dsa_1.pub
-ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
- -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
-V 19990101:20110101 -z 3 ecdsa_1.pub
ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
-Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
@@ -175,8 +141,6 @@ ssh-keygen -s rsa_2 -I hugo -n user1,use
ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
-V 19990101:20110101 -z 5 rsa_1.pub
-ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
- -V 19990101:20110101 -z 6 dsa_1.pub
ssh-keygen -s ecdsa_1 -I julius -n host1,host2 -h \
-V 19990101:20110101 -z 7 ecdsa_1.pub
ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
@@ -187,33 +151,28 @@ ssh-keygen -s ed25519_1 -I julius -n hos
-V 19990101:20110101 -z 8 ed25519_sk1.pub
ssh-keygen -lf rsa_1 | awk '{print $2}' > rsa_1.fp
-ssh-keygen -lf dsa_1 | awk '{print $2}' > dsa_1.fp
ssh-keygen -lf ecdsa_1 | awk '{print $2}' > ecdsa_1.fp
ssh-keygen -lf ed25519_1 | awk '{print $2}' > ed25519_1.fp
ssh-keygen -lf ecdsa_sk1 | awk '{print $2}' > ecdsa_sk1.fp
ssh-keygen -lf ed25519_sk1 | awk '{print $2}' > ed25519_sk1.fp
ssh-keygen -lf rsa_2 | awk '{print $2}' > rsa_2.fp
-ssh-keygen -lf dsa_2 | awk '{print $2}' > dsa_2.fp
ssh-keygen -lf ecdsa_2 | awk '{print $2}' > ecdsa_2.fp
ssh-keygen -lf ed25519_2 | awk '{print $2}' > ed25519_2.fp
ssh-keygen -lf ecdsa_sk2 | awk '{print $2}' > ecdsa_sk2.fp
ssh-keygen -lf ed25519_sk2 | awk '{print $2}' > ed25519_sk2.fp
ssh-keygen -lf rsa_1-cert.pub | awk '{print $2}' > rsa_1-cert.fp
-ssh-keygen -lf dsa_1-cert.pub | awk '{print $2}' > dsa_1-cert.fp
ssh-keygen -lf ecdsa_1-cert.pub | awk '{print $2}' > ecdsa_1-cert.fp
ssh-keygen -lf ed25519_1-cert.pub | awk '{print $2}' > ed25519_1-cert.fp
ssh-keygen -lf ecdsa_sk1-cert.pub | awk '{print $2}' > ecdsa_sk1-cert.fp
ssh-keygen -lf ed25519_sk1-cert.pub | awk '{print $2}' > ed25519_sk1-cert.fp
ssh-keygen -Bf rsa_1 | awk '{print $2}' > rsa_1.fp.bb
-ssh-keygen -Bf dsa_1 | awk '{print $2}' > dsa_1.fp.bb
ssh-keygen -Bf ecdsa_1 | awk '{print $2}' > ecdsa_1.fp.bb
ssh-keygen -Bf ed25519_1 | awk '{print $2}' > ed25519_1.fp.bb
ssh-keygen -Bf ecdsa_sk1 | awk '{print $2}' > ecdsa_sk1.fp.bb
ssh-keygen -Bf ed25519_sk1 | awk '{print $2}' > ed25519_sk1.fp.bb
ssh-keygen -Bf rsa_2 | awk '{print $2}' > rsa_2.fp.bb
-ssh-keygen -Bf dsa_2 | awk '{print $2}' > dsa_2.fp.bb
ssh-keygen -Bf ecdsa_2 | awk '{print $2}' > ecdsa_2.fp.bb
ssh-keygen -Bf ed25519_2 | awk '{print $2}' > ed25519_2.fp.bb
ssh-keygen -Bf ecdsa_sk2 | awk '{print $2}' > ecdsa_sk2.fp.bb
Index: regress/usr.bin/ssh/unittests/sshkey/test_file.c
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshkey/test_file.c,v
diff -u -p -r1.12 test_file.c
--- regress/usr.bin/ssh/unittests/sshkey/test_file.c 15 Aug 2024 00:52:23 -0000 1.12
+++ regress/usr.bin/ssh/unittests/sshkey/test_file.c 5 May 2025 06:32:44 -0000
@@ -17,7 +17,6 @@
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include <openssl/objects.h>
#include "test_helper.h"
@@ -154,98 +153,6 @@ sshkey_file_tests(void)
sshkey_free(k1);
-#ifdef WITH_DSA
- TEST_START("parse DSA from private");
- buf = load_file("dsa_1");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
- sshbuf_free(buf);
- ASSERT_PTR_NE(k1, NULL);
- a = load_bignum("dsa_1.param.g");
- b = load_bignum("dsa_1.param.priv");
- c = load_bignum("dsa_1.param.pub");
- ASSERT_BIGNUM_EQ(dsa_g(k1), a);
- ASSERT_BIGNUM_EQ(dsa_priv_key(k1), b);
- ASSERT_BIGNUM_EQ(dsa_pub_key(k1), c);
- BN_free(a);
- BN_free(b);
- BN_free(c);
- TEST_DONE();
-
- TEST_START("parse DSA from private w/ passphrase");
- buf = load_file("dsa_1_pw");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
- (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
- sshbuf_free(buf);
- ASSERT_PTR_NE(k2, NULL);
- ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
- sshkey_free(k2);
- TEST_DONE();
-
- TEST_START("parse DSA from new-format");
- buf = load_file("dsa_n");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k2, NULL), 0);
- sshbuf_free(buf);
- ASSERT_PTR_NE(k2, NULL);
- ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
- sshkey_free(k2);
- TEST_DONE();
-
- TEST_START("parse DSA from new-format w/ passphrase");
- buf = load_file("dsa_n_pw");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
- (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
- sshbuf_free(buf);
- ASSERT_PTR_NE(k2, NULL);
- ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
- sshkey_free(k2);
- TEST_DONE();
-
- TEST_START("load DSA from public");
- ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_1.pub"), &k2,
- NULL), 0);
- ASSERT_PTR_NE(k2, NULL);
- ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
- sshkey_free(k2);
- TEST_DONE();
-
- TEST_START("load DSA cert");
- ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k2), 0);
- ASSERT_PTR_NE(k2, NULL);
- ASSERT_INT_EQ(k2->type, KEY_DSA_CERT);
- ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
- ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
- TEST_DONE();
-
- TEST_START("DSA key hex fingerprint");
- buf = load_text_file("dsa_1.fp");
- cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
- ASSERT_PTR_NE(cp, NULL);
- ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
- sshbuf_free(buf);
- free(cp);
- TEST_DONE();
-
- TEST_START("DSA cert hex fingerprint");
- buf = load_text_file("dsa_1-cert.fp");
- cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
- ASSERT_PTR_NE(cp, NULL);
- ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
- sshbuf_free(buf);
- free(cp);
- sshkey_free(k2);
- TEST_DONE();
-
- TEST_START("DSA key bubblebabble fingerprint");
- buf = load_text_file("dsa_1.fp.bb");
- cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
- ASSERT_PTR_NE(cp, NULL);
- ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
- sshbuf_free(buf);
- free(cp);
- TEST_DONE();
-
- sshkey_free(k1);
-#endif
TEST_START("parse ECDSA from private");
buf = load_file("ecdsa_1");
Index: regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c,v
diff -u -p -r1.14 test_fuzz.c
--- regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c 11 Jan 2024 01:45:58 -0000 1.14
+++ regress/usr.bin/ssh/unittests/sshkey/test_fuzz.c 5 May 2025 06:32:44 -0000
@@ -17,7 +17,6 @@
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include <openssl/objects.h>
#include "test_helper.h"
@@ -152,51 +151,6 @@ sshkey_fuzz_tests(void)
fuzz_cleanup(fuzz);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("fuzz DSA private");
- buf = load_file("dsa_1");
- fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
- sshbuf_len(buf));
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
- sshkey_free(k1);
- sshbuf_free(buf);
- ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
- TEST_ONERROR(onerror, fuzz);
- for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
- r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
- ASSERT_INT_EQ(r, 0);
- if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
- sshkey_free(k1);
- sshbuf_reset(fuzzed);
- if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
- break;
- }
- sshbuf_free(fuzzed);
- fuzz_cleanup(fuzz);
- TEST_DONE();
-
- TEST_START("fuzz DSA new-format private");
- buf = load_file("dsa_n");
- fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
- sshbuf_len(buf));
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
- sshkey_free(k1);
- sshbuf_free(buf);
- ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
- TEST_ONERROR(onerror, fuzz);
- for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
- r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
- ASSERT_INT_EQ(r, 0);
- if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
- sshkey_free(k1);
- sshbuf_reset(fuzzed);
- if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
- break;
- }
- sshbuf_free(fuzzed);
- fuzz_cleanup(fuzz);
- TEST_DONE();
-#endif
TEST_START("fuzz ECDSA private");
buf = load_file("ecdsa_1");
@@ -278,21 +232,6 @@ sshkey_fuzz_tests(void)
sshkey_free(k1);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("fuzz DSA public");
- buf = load_file("dsa_1");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
- sshbuf_free(buf);
- public_fuzz(k1);
- sshkey_free(k1);
- TEST_DONE();
-
- TEST_START("fuzz DSA cert");
- ASSERT_INT_EQ(sshkey_load_cert(test_data_file("dsa_1"), &k1), 0);
- public_fuzz(k1);
- sshkey_free(k1);
- TEST_DONE();
-#endif
TEST_START("fuzz ECDSA public");
buf = load_file("ecdsa_1");
@@ -346,15 +285,6 @@ sshkey_fuzz_tests(void)
sshkey_free(k1);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("fuzz DSA sig");
- buf = load_file("dsa_1");
- ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
- sshbuf_free(buf);
- sig_fuzz(k1, NULL);
- sshkey_free(k1);
- TEST_DONE();
-#endif
TEST_START("fuzz ECDSA sig");
buf = load_file("ecdsa_1");
Index: regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c,v
diff -u -p -r1.28 test_sshkey.c
--- regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c 15 Apr 2025 05:31:24 -0000 1.28
+++ regress/usr.bin/ssh/unittests/sshkey/test_sshkey.c 5 May 2025 06:32:44 -0000
@@ -14,7 +14,6 @@
#include <openssl/bn.h>
#include <openssl/ec.h>
#include <openssl/rsa.h>
-#include <openssl/dsa.h>
#include "test_helper.h"
@@ -255,15 +254,6 @@ sshkey_tests(void)
sshkey_free(k1);
TEST_DONE();
-#ifdef WiTH_DSA
- TEST_START("new/free KEY_DSA");
- k1 = sshkey_new(KEY_DSA);
- ASSERT_PTR_NE(k1, NULL);
- ASSERT_PTR_NE(k1->dsa, NULL);
- sshkey_free(k1);
- TEST_DONE();
-#endif
-
TEST_START("new/free KEY_ECDSA");
k1 = sshkey_new(KEY_ECDSA);
ASSERT_PTR_NE(k1, NULL);
@@ -292,14 +282,6 @@ sshkey_tests(void)
ASSERT_PTR_EQ(k1, NULL);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("generate KEY_DSA wrong bits");
- ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 2048, &k1),
- SSH_ERR_KEY_LENGTH);
- ASSERT_PTR_EQ(k1, NULL);
- sshkey_free(k1);
- TEST_DONE();
-#endif
TEST_START("generate KEY_ECDSA wrong bits");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 42, &k1),
@@ -320,15 +302,6 @@ sshkey_tests(void)
ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("generate KEY_DSA");
- ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
- ASSERT_PTR_NE(kd, NULL);
- ASSERT_PTR_NE(kd->dsa, NULL);
- ASSERT_PTR_NE(dsa_g(kd), NULL);
- ASSERT_PTR_NE(dsa_priv_key(kd), NULL);
- TEST_DONE();
-#endif
TEST_START("generate KEY_ECDSA");
ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &ke), 0);
@@ -364,22 +337,6 @@ sshkey_tests(void)
sshkey_free(k1);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("demote KEY_DSA");
- ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0);
- ASSERT_PTR_NE(k1, NULL);
- ASSERT_PTR_NE(kd, k1);
- ASSERT_INT_EQ(k1->type, KEY_DSA);
- ASSERT_PTR_NE(k1->dsa, NULL);
- ASSERT_PTR_NE(dsa_g(k1), NULL);
- ASSERT_PTR_EQ(dsa_priv_key(k1), NULL);
- TEST_DONE();
-
- TEST_START("equal KEY_DSA/demoted KEY_DSA");
- ASSERT_INT_EQ(sshkey_equal(kd, k1), 1);
- sshkey_free(k1);
- TEST_DONE();
-#endif
TEST_START("demote KEY_ECDSA");
ASSERT_INT_EQ(sshkey_from_private(ke, &k1), 0);
@@ -511,16 +468,6 @@ sshkey_tests(void)
sshkey_free(k2);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("sign and verify DSA");
- k1 = get_private("dsa_1");
- ASSERT_INT_EQ(sshkey_load_public(test_data_file("dsa_2.pub"), &k2,
- NULL), 0);
- signature_tests(k1, k2, NULL);
- sshkey_free(k1);
- sshkey_free(k2);
- TEST_DONE();
-#endif
TEST_START("sign and verify ECDSA");
k1 = get_private("ecdsa_1");
@@ -579,15 +526,6 @@ sshkey_benchmarks(void)
TEST_DONE();
BENCH_FINISH("keys");
-#ifdef WITH_DSA
- BENCH_START("generate DSA-1024");
- TEST_START("generate KEY_DSA");
- ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &k), 0);
- ASSERT_PTR_NE(k, NULL);
- sshkey_free(k);
- TEST_DONE();
- BENCH_FINISH("keys");
-#endif
BENCH_START("generate ECDSA-256");
TEST_START("generate KEY_ECDSA");
@@ -630,9 +568,6 @@ sshkey_benchmarks(void)
signature_benchmark("RSA-2048/SHA1", KEY_RSA, 2048, "ssh-rsa", 0);
signature_benchmark("RSA-2048/SHA256", KEY_RSA, 2048, "rsa-sha2-256", 0);
signature_benchmark("RSA-2048/SHA512", KEY_RSA, 2048, "rsa-sha2-512", 0);
-#ifdef WITH_DSA
- signature_benchmark("DSA-1024", KEY_DSA, 1024, NULL, 0);
-#endif
signature_benchmark("ECDSA-256", KEY_ECDSA, 256, NULL, 0);
signature_benchmark("ECDSA-384", KEY_ECDSA, 384, NULL, 0);
signature_benchmark("ECDSA-521", KEY_ECDSA, 521, NULL, 0);
@@ -645,9 +580,6 @@ sshkey_benchmarks(void)
signature_benchmark("RSA-2048/SHA1", KEY_RSA, 2048, "ssh-rsa", 1);
signature_benchmark("RSA-2048/SHA256", KEY_RSA, 2048, "rsa-sha2-256", 1);
signature_benchmark("RSA-2048/SHA512", KEY_RSA, 2048, "rsa-sha2-512", 1);
-#ifdef WITH_DSA
- signature_benchmark("DSA-1024", KEY_DSA, 1024, NULL, 1);
-#endif
signature_benchmark("ECDSA-256", KEY_ECDSA, 256, NULL, 1);
signature_benchmark("ECDSA-384", KEY_ECDSA, 384, NULL, 1);
signature_benchmark("ECDSA-521", KEY_ECDSA, 521, NULL, 1);
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBvAIBAAKBgQD6kutNFRsHTwEAv6d39Lhsqy1apdHBZ9c2HfyRr7WmypyGIy2m
-Ka43vzXI8CNwmRSYs+A6d0vJC7Pl+f9QzJ/04NWOA+MiwfurwrR3CRe61QRYb8Py
-mcHOxueHs95IcjrbIPNn86cjnPP5qvv/guUzCjuww4zBdJOXpligrGt2XwIVAKMD
-/50qQy7j8JaMk+1+Xtg1pK01AoGBAO7l9QVVbSSoy5lq6cOtvpf8UlwOa6+zBwbl
-o4gmFd1RwX1yWkA8kQ7RrhCSg8Hc6mIGnKRgKRli/3LgbSfZ0obFJehkRtEWtN4P
-h8fVUeS74iQbIwFQeKlYHIlNTRoGtAbdi3nHdV+BBkEQc1V3rjqYqhjOoz/yNsgz
-LND26HrdAoGBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxb
-OXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joo
-t+LK84ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQtAhRYIbQ5
-KfXsZuBPuWe5FJz3ldaEgw==
------END DSA PRIVATE KEY-----
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1-cert.fp
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1-cert.fp
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1-cert.fp
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1-cert.fp 7 Jul 2015 14:54:16 -0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-SHA256:kOLgXSoAT8O5T6r36n5NJUYigbux1d7gdH/rmWiJm6s
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1-cert.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1-cert.pub
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1-cert.pub
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1-cert.pub 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-ssh-dss-cert-v01@openssh.com AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgdTlbNU9Hn9Qng3FHxwH971bxCIoq1ern/QWFFDWXgmYAAACBAPqS600VGwdPAQC/p3f0uGyrLVql0cFn1zYd/JGvtabKnIYjLaYprje/NcjwI3CZFJiz4Dp3S8kLs+X5/1DMn/Tg1Y4D4yLB+6vCtHcJF7rVBFhvw/KZwc7G54ez3khyOtsg82fzpyOc8/mq+/+C5TMKO7DDjMF0k5emWKCsa3ZfAAAAFQCjA/+dKkMu4/CWjJPtfl7YNaStNQAAAIEA7uX1BVVtJKjLmWrpw62+l/xSXA5rr7MHBuWjiCYV3VHBfXJaQDyRDtGuEJKDwdzqYgacpGApGWL/cuBtJ9nShsUl6GRG0Ra03g+Hx9VR5LviJBsjAVB4qVgciU1NGga0Bt2Lecd1X4EGQRBzVXeuOpiqGM6jP/I2yDMs0Pboet0AAACBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxbOXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joot+LK84ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQtAAAAAAAAAAYAAAACAAAABmp1bGl1cwAAABIAAAAFaG9zdDEAAAAFaG9zdDIAAAAANowB8AAAAABNHmBwAAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACBThupGO0X+FLQhbz8CoKPwc7V3JNsQuGtlsgN+F7SMGQAAAFMAAAALc3NoLWVkMjU1MTkAAABAh/z1LIdNL1b66tQ8t9DY9BTB3BQKpTKmc7ezyFKLwl96yaIniZwD9Ticdbe/8i/Li3uCFE3EAt8NAIv9zff8Bg== DSA test key #1
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.fp
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.fp
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.fp
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.fp 7 Jul 2015 14:54:16 -0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-SHA256:kOLgXSoAT8O5T6r36n5NJUYigbux1d7gdH/rmWiJm6s
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.fp.bb
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.fp.bb
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.fp.bb
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.fp.bb 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-xetag-todiz-mifah-torec-mynyv-cyvit-gopon-pygag-rupic-cenav-bexax
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.g
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.g
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.g
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.g 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-00eee5f505556d24a8cb996ae9c3adbe97fc525c0e6bafb30706e5a3882615dd51c17d725a403c910ed1ae109283c1dcea62069ca460291962ff72e06d27d9d286c525e86446d116b4de0f87c7d551e4bbe2241b23015078a9581c894d4d1a06b406dd8b79c7755f81064110735577ae3a98aa18cea33ff236c8332cd0f6e87add
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.priv
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.priv
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.priv
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.priv 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-5821b43929f5ec66e04fb967b9149cf795d68483
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.pub
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.pub
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.param.pub 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-00e757a727e6a1b10168ea9902ebe08f53f4ba18c6d8fdf551fbabbf6d8558f054dc0f6aae4c5b397c04d0bc2f8c2bebb1057f96b621273fed8b2b38d1579a86e956644e520073171887fde4b88b4a0697323928ee3a28b7e2caf3896d2f29b067840c9d88e765249c95fd54bb240c714b5bdf8f88d2ef58727ca1a7699216c42d
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.pub
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.pub
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1.pub 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBAPqS600VGwdPAQC/p3f0uGyrLVql0cFn1zYd/JGvtabKnIYjLaYprje/NcjwI3CZFJiz4Dp3S8kLs+X5/1DMn/Tg1Y4D4yLB+6vCtHcJF7rVBFhvw/KZwc7G54ez3khyOtsg82fzpyOc8/mq+/+C5TMKO7DDjMF0k5emWKCsa3ZfAAAAFQCjA/+dKkMu4/CWjJPtfl7YNaStNQAAAIEA7uX1BVVtJKjLmWrpw62+l/xSXA5rr7MHBuWjiCYV3VHBfXJaQDyRDtGuEJKDwdzqYgacpGApGWL/cuBtJ9nShsUl6GRG0Ra03g+Hx9VR5LviJBsjAVB4qVgciU1NGga0Bt2Lecd1X4EGQRBzVXeuOpiqGM6jP/I2yDMs0Pboet0AAACBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxbOXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joot+LK84ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQt DSA test key #1
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1_pw
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1_pw
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1_pw
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_1_pw 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,15 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,BC8386C373B22EB7F00ADC821D5D8BE9
-
-+HDV2DQ09sxrIAeXTz9r3YFuPRa2hk1+NGcr3ETkXbC6KiZ14wpTnGTloKwaQjIW
-eXTa9mpCOWAoohgvsVb+hOuOlP7AfeHu1IXV4EAS+GDpkiV5UxlCXXwqlD75Buu4
-wwDd/p4SWzILH3WGjDk5JIXoxWNY13LHwC7Q6gtGJx4AicUG7YBRTXMIBDa/Kh77
-6o2rFETKmp4VHBvHbakmiETfptdM8bbWxKWeY2vakThyESgeofsLoTOQCIwlEfJC
-s2D/KYL65C8VbHYgIoSLTQnooO45DDyxIuhCqP+H23mhv9vB1Od3nc2atgHj/XFs
-dcOPFkF/msDRYqxY3V0AS6+jpKwFodZ7g/hyGcyPxOkzlJVuKoKuH6P5PyQ69Gx0
-iqri0xEPyABr7kGlXNrjjctojX+B4WwSnjg/2euXXWFXCRalIdA7ErATTiQbGOx7
-Vd6Gn8PZbSy1MkqEDrZRip0pfAFJYI/8GXPC75BpnRsrVlfhtrngbW+kBP35LzaN
-l2K+RQ3gSB3iFoqNb1Kuu6T5MZlyVl5H2dVlJSeb1euQ2OycXdDoFTyJ4AiyWS7w
-Vlh8zeJnso5QRDjMwx99pZilbbuFGSLsahiGEveFc6o=
------END DSA PRIVATE KEY-----
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBvQIBAAKBgQCbyPXNdHeLsjpobPVCMkfagBkt15Zsltqf/PGNP1y1cuz7rsTX
-ZekQwUkSTNm5coqXe+ZOw2O4tjobJDd60I1/VPgaB0NYlQR9Hn87M284WD4f6VY+
-aunHmP134a8ybG5G4NqVNF3ihvxAR2pVITqb7kE46r2uYZNcNlHI8voRCwIVAMcP
-bwqFNsQbH5pJyZW30wj4KVZ3AoGBAIK98BVeKQVf8qDFqx9ovMuNgVSxpd+N0Yta
-5ZEy1OI2ziu5RhjueIM2K7Gq2Mnp38ob1AM53BUxqlcBJaHEDa6rj6yvuMgW9oCJ
-dImBM8sIFxfBbXNbpJiMaDwa6WyT84OkpDE6uuAepTMnWOUWkUVkAiyokHDUGXkG
-GyoQblbXAoGBAIsf7TaZ804sUWwRV0wI8DYx+hxD5QdrfYPYMtL2fHn3lICimGt0
-FTtUZ25jKg0E0DMBPdET6ZEHB3ZZkR8hFoUzZhdnyJMu3UjVtgaV88Ue3PrXxchk
-0W2jHPaAgQU3JIWzo8HFIFqvC/HEL+EyW3rBTY2uXM3XGI+YcWSA4ZrZAhUAsY2f
-bDFNzgZ4DaZ9wLRzTgOswPU=
------END DSA PRIVATE KEY-----
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.fp
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.fp
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.fp
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.fp 7 Jul 2015 14:54:16 -0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-SHA256:ecwhWcXgpdBxZ2e+OjpRRY7dqXHHCD62BGtoVQQBwCk
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.fp.bb
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.fp.bb
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.fp.bb
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.fp.bb 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-xeser-megad-pocan-rozit-belup-tapoh-fapif-kyvit-vonav-cehab-naxax
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.pub
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.pub
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_2.pub 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBAJvI9c10d4uyOmhs9UIyR9qAGS3XlmyW2p/88Y0/XLVy7PuuxNdl6RDBSRJM2blyipd75k7DY7i2OhskN3rQjX9U+BoHQ1iVBH0efzszbzhYPh/pVj5q6ceY/XfhrzJsbkbg2pU0XeKG/EBHalUhOpvuQTjqva5hk1w2Ucjy+hELAAAAFQDHD28KhTbEGx+aScmVt9MI+ClWdwAAAIEAgr3wFV4pBV/yoMWrH2i8y42BVLGl343Ri1rlkTLU4jbOK7lGGO54gzYrsarYyenfyhvUAzncFTGqVwElocQNrquPrK+4yBb2gIl0iYEzywgXF8Ftc1ukmIxoPBrpbJPzg6SkMTq64B6lMydY5RaRRWQCLKiQcNQZeQYbKhBuVtcAAACBAIsf7TaZ804sUWwRV0wI8DYx+hxD5QdrfYPYMtL2fHn3lICimGt0FTtUZ25jKg0E0DMBPdET6ZEHB3ZZkR8hFoUzZhdnyJMu3UjVtgaV88Ue3PrXxchk0W2jHPaAgQU3JIWzo8HFIFqvC/HEL+EyW3rBTY2uXM3XGI+YcWSA4ZrZ DSA test key #2
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_n
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_n
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_n
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_n 1 May 2020 04:03:14 -0000 1.4
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABswAAAAdzc2gtZH
-NzAAAAgQD6kutNFRsHTwEAv6d39Lhsqy1apdHBZ9c2HfyRr7WmypyGIy2mKa43vzXI8CNw
-mRSYs+A6d0vJC7Pl+f9QzJ/04NWOA+MiwfurwrR3CRe61QRYb8PymcHOxueHs95IcjrbIP
-Nn86cjnPP5qvv/guUzCjuww4zBdJOXpligrGt2XwAAABUAowP/nSpDLuPwloyT7X5e2DWk
-rTUAAACBAO7l9QVVbSSoy5lq6cOtvpf8UlwOa6+zBwblo4gmFd1RwX1yWkA8kQ7RrhCSg8
-Hc6mIGnKRgKRli/3LgbSfZ0obFJehkRtEWtN4Ph8fVUeS74iQbIwFQeKlYHIlNTRoGtAbd
-i3nHdV+BBkEQc1V3rjqYqhjOoz/yNsgzLND26HrdAAAAgQDnV6cn5qGxAWjqmQLr4I9T9L
-oYxtj99VH7q79thVjwVNwPaq5MWzl8BNC8L4wr67EFf5a2ISc/7YsrONFXmobpVmROUgBz
-FxiH/eS4i0oGlzI5KO46KLfiyvOJbS8psGeEDJ2I52UknJX9VLskDHFLW9+PiNLvWHJ8oa
-dpkhbELQAAAdhWTOFbVkzhWwAAAAdzc2gtZHNzAAAAgQD6kutNFRsHTwEAv6d39Lhsqy1a
-pdHBZ9c2HfyRr7WmypyGIy2mKa43vzXI8CNwmRSYs+A6d0vJC7Pl+f9QzJ/04NWOA+Miwf
-urwrR3CRe61QRYb8PymcHOxueHs95IcjrbIPNn86cjnPP5qvv/guUzCjuww4zBdJOXplig
-rGt2XwAAABUAowP/nSpDLuPwloyT7X5e2DWkrTUAAACBAO7l9QVVbSSoy5lq6cOtvpf8Ul
-wOa6+zBwblo4gmFd1RwX1yWkA8kQ7RrhCSg8Hc6mIGnKRgKRli/3LgbSfZ0obFJehkRtEW
-tN4Ph8fVUeS74iQbIwFQeKlYHIlNTRoGtAbdi3nHdV+BBkEQc1V3rjqYqhjOoz/yNsgzLN
-D26HrdAAAAgQDnV6cn5qGxAWjqmQLr4I9T9LoYxtj99VH7q79thVjwVNwPaq5MWzl8BNC8
-L4wr67EFf5a2ISc/7YsrONFXmobpVmROUgBzFxiH/eS4i0oGlzI5KO46KLfiyvOJbS8psG
-eEDJ2I52UknJX9VLskDHFLW9+PiNLvWHJ8oadpkhbELQAAABRYIbQ5KfXsZuBPuWe5FJz3
-ldaEgwAAAAAB
------END OPENSSH PRIVATE KEY-----
Index: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_n_pw
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_n_pw
diff -N regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_n_pw
--- regress/usr.bin/ssh/unittests/sshkey/testdata/dsa_n_pw 7 Jul 2015 14:54:16 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABCVs+LsMJ
-wnB5zM9U9pTXrGAAAAEAAAAAEAAAGzAAAAB3NzaC1kc3MAAACBAPqS600VGwdPAQC/p3f0
-uGyrLVql0cFn1zYd/JGvtabKnIYjLaYprje/NcjwI3CZFJiz4Dp3S8kLs+X5/1DMn/Tg1Y
-4D4yLB+6vCtHcJF7rVBFhvw/KZwc7G54ez3khyOtsg82fzpyOc8/mq+/+C5TMKO7DDjMF0
-k5emWKCsa3ZfAAAAFQCjA/+dKkMu4/CWjJPtfl7YNaStNQAAAIEA7uX1BVVtJKjLmWrpw6
-2+l/xSXA5rr7MHBuWjiCYV3VHBfXJaQDyRDtGuEJKDwdzqYgacpGApGWL/cuBtJ9nShsUl
-6GRG0Ra03g+Hx9VR5LviJBsjAVB4qVgciU1NGga0Bt2Lecd1X4EGQRBzVXeuOpiqGM6jP/
-I2yDMs0Pboet0AAACBAOdXpyfmobEBaOqZAuvgj1P0uhjG2P31Ufurv22FWPBU3A9qrkxb
-OXwE0LwvjCvrsQV/lrYhJz/tiys40VeahulWZE5SAHMXGIf95LiLSgaXMjko7joot+LK84
-ltLymwZ4QMnYjnZSSclf1UuyQMcUtb34+I0u9Ycnyhp2mSFsQtAAAB4HiOcRW4w+sIqBL0
-TPVbf0glN1hUi0rcE63Pqxmvxb8LkldC4IxAUagPrjhNAEW2AY42+CvPrtGB1z7gDADAIW
-xZX6wKwIcXP0Qh+xHE12F4u6mwfasssnAp4t1Ki8uCjMjnimgb3KdWpp0kiUV0oR062TXV
-PAdfrWjaq4fw0KOqbHIAG/v36AqzuqjSTfDbqvLZM3y0gp2Q1RxaQVJA5ZIKKyqRyFX7sr
-BaEIyCgeE3hM0EB7BycY1oIcS/eNxrACBWVJCENl5N7LtEYXNX7TANFniztfXzwaqGTT6A
-fCfbW4gz1UKldLUBzbIrPwMWlirAstbHvOf/2Iay2pNAs/SHhI0aF2jsGfvv5/D6N+r9dG
-B2SgDKBg7pywMH1DTvg6YT3P4GjCx0GUHqRCFLvD1rDdk4KSjvaRMpVq1PJ0/Wv6UGtsMS
-TR0PaEHDRNZqAX4YxqujnWrGKuRJhuz0eUvp7fZvbWHtiAMKV7368kkeUmkOHanb+TS+zs
-KINX8ev8zJZ6WVr8Vl+IQavpv0i2bXwS6QqbEuifpv/+uBb7pqRiU4u8en0eMdX1bZoTPM
-R6xHCnGD/Jpb3zS91Ya57T6CiXZ12KCaL6nWGnCkZVpzkfJ2HjFklWSWBQ6uyaosDQ==
------END OPENSSH PRIVATE KEY-----
Index: regress/usr.bin/ssh/unittests/sshsig/Makefile
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshsig/Makefile,v
diff -u -p -r1.3 Makefile
--- regress/usr.bin/ssh/unittests/sshsig/Makefile 15 Jan 2023 23:35:10 -0000 1.3
+++ regress/usr.bin/ssh/unittests/sshsig/Makefile 5 May 2025 06:32:44 -0000
@@ -6,7 +6,7 @@ SRCS=tests.c
# From usr.bin/ssh
SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
-SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
SRCS+=addr.c addrmatch.c bitmap.c sshsig.c
SRCS+=ed25519.c hash.c
Index: regress/usr.bin/ssh/unittests/sshsig/mktestdata.sh
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshsig/mktestdata.sh,v
diff -u -p -r1.1 mktestdata.sh
--- regress/usr.bin/ssh/unittests/sshsig/mktestdata.sh 19 Jun 2020 04:32:09 -0000 1.1
+++ regress/usr.bin/ssh/unittests/sshsig/mktestdata.sh 5 May 2025 06:32:44 -0000
@@ -17,14 +17,13 @@ else
fi
rm -f signed-data namespace
-rm -f rsa dsa ecdsa ed25519 ecdsa_sk ed25519_sk
-rm -f rsa.sig dsa.sig ecdsa.sig ed25519.sig ecdsa_sk.sig ed25519_sk.sig
+rm -f rsa ecdsa ed25519 ecdsa_sk ed25519_sk
+rm -f rsa.sig ecdsa.sig ed25519.sig ecdsa_sk.sig ed25519_sk.sig
printf "This is a test, this is only a test" > signed-data
printf "$NAMESPACE" > namespace
ssh-keygen -t rsa -C "RSA test" -N "" -f rsa -m PEM
-ssh-keygen -t dsa -C "DSA test" -N "" -f dsa -m PEM
ssh-keygen -t ecdsa -C "ECDSA test" -N "" -f ecdsa -m PEM
ssh-keygen -t ed25519 -C "ED25519 test key" -N "" -f ed25519
ssh-keygen -w "$SK_DUMMY" -t ecdsa-sk -C "ECDSA-SK test key" \
@@ -33,7 +32,6 @@ ssh-keygen -w "$SK_DUMMY" -t ed25519-sk
-N "" -f ed25519_sk
ssh-keygen -Y sign -f rsa -n $NAMESPACE - < signed-data > rsa.sig
-ssh-keygen -Y sign -f dsa -n $NAMESPACE - < signed-data > dsa.sig
ssh-keygen -Y sign -f ecdsa -n $NAMESPACE - < signed-data > ecdsa.sig
ssh-keygen -Y sign -f ed25519 -n $NAMESPACE - < signed-data > ed25519.sig
ssh-keygen -w "$SK_DUMMY" \
Index: regress/usr.bin/ssh/unittests/sshsig/tests.c
===================================================================
RCS file: /cvs/src/regress/usr.bin/ssh/unittests/sshsig/tests.c,v
diff -u -p -r1.5 tests.c
--- regress/usr.bin/ssh/unittests/sshsig/tests.c 15 Apr 2025 04:00:42 -0000 1.5
+++ regress/usr.bin/ssh/unittests/sshsig/tests.c 5 May 2025 06:32:44 -0000
@@ -94,11 +94,6 @@ tests(void)
check_sig("rsa.pub", "rsa.sig", msg, namespace);
TEST_DONE();
-#ifdef WITH_DSA
- TEST_START("check DSA signature");
- check_sig("dsa.pub", "dsa.sig", msg, namespace);
- TEST_DONE();
-#endif
TEST_START("check ECDSA signature");
check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace);
Index: regress/usr.bin/ssh/unittests/sshsig/testdata/dsa
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshsig/testdata/dsa
diff -N regress/usr.bin/ssh/unittests/sshsig/testdata/dsa
--- regress/usr.bin/ssh/unittests/sshsig/testdata/dsa 19 Jun 2020 04:32:09 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,12 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBuwIBAAKBgQCXpndQdz2mQVnk+lYOF3nxDT+h6SiJmUvBFhnFWBv8tG4pTOkb
-EwGufLEzGpzjTj+3bjVau7LFt37AFrqs4Num272BWNsYNIjOlGPgq7Xjv32FN00x
-JYh1DoRs1cGGnvohlsWEamGGhTHD1a9ipctPEBV+NrxtZMrl+pO/ZZg8vQIVAKJB
-P3iNYSpSuW74+q4WxLCuK8O3AoGAQldE+BIuxlvoG1IFiWesx0CU+H2KO0SEZc9A
-SX/qjOabh0Fb78ofTlEf9gWHFfat8SvSJQIOPMVlb76Lio8AAMT8Eaa/qQKKYmQL
-dNq4MLhhjxx5KLGt6J2JyFPExCv+qnHYHD59ngtLwKyqGjpSC8LPLktdXn8W/Aad
-Ly1K7+MCgYBsMHBczhSeUh8w7i20CVg4OlNTmfJRVU2tO6OpMxZ/quitRm3hLKSN
-u4xRkvHJwi4LhQtv1SXvLI5gs5P3gCG8tsIAiyCqLinHha63iBdJpqhnV/x/j7dB
-yJr3xJbnmLdWLkkCtNk1Ir1/CuEz+ufAyLGdKWksEAu1UUlb501BkwIVAILIa3Rg
-0h7J9lQpHJphvF3K0M1T
------END DSA PRIVATE KEY-----
Index: regress/usr.bin/ssh/unittests/sshsig/testdata/dsa.pub
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshsig/testdata/dsa.pub
diff -N regress/usr.bin/ssh/unittests/sshsig/testdata/dsa.pub
--- regress/usr.bin/ssh/unittests/sshsig/testdata/dsa.pub 19 Jun 2020 04:32:09 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1 +0,0 @@
-ssh-dss AAAAB3NzaC1kc3MAAACBAJemd1B3PaZBWeT6Vg4XefENP6HpKImZS8EWGcVYG/y0bilM6RsTAa58sTManONOP7duNVq7ssW3fsAWuqzg26bbvYFY2xg0iM6UY+CrteO/fYU3TTEliHUOhGzVwYae+iGWxYRqYYaFMcPVr2Kly08QFX42vG1kyuX6k79lmDy9AAAAFQCiQT94jWEqUrlu+PquFsSwrivDtwAAAIBCV0T4Ei7GW+gbUgWJZ6zHQJT4fYo7RIRlz0BJf+qM5puHQVvvyh9OUR/2BYcV9q3xK9IlAg48xWVvvouKjwAAxPwRpr+pAopiZAt02rgwuGGPHHkosa3onYnIU8TEK/6qcdgcPn2eC0vArKoaOlILws8uS11efxb8Bp0vLUrv4wAAAIBsMHBczhSeUh8w7i20CVg4OlNTmfJRVU2tO6OpMxZ/quitRm3hLKSNu4xRkvHJwi4LhQtv1SXvLI5gs5P3gCG8tsIAiyCqLinHha63iBdJpqhnV/x/j7dByJr3xJbnmLdWLkkCtNk1Ir1/CuEz+ufAyLGdKWksEAu1UUlb501Bkw== DSA test
Index: regress/usr.bin/ssh/unittests/sshsig/testdata/dsa.sig
===================================================================
RCS file: regress/usr.bin/ssh/unittests/sshsig/testdata/dsa.sig
diff -N regress/usr.bin/ssh/unittests/sshsig/testdata/dsa.sig
--- regress/usr.bin/ssh/unittests/sshsig/testdata/dsa.sig 19 Jun 2020 04:32:09 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,13 +0,0 @@
------BEGIN SSH SIGNATURE-----
-U1NIU0lHAAAAAQAAAbEAAAAHc3NoLWRzcwAAAIEAl6Z3UHc9pkFZ5PpWDhd58Q0/oekoiZ
-lLwRYZxVgb/LRuKUzpGxMBrnyxMxqc404/t241Wruyxbd+wBa6rODbptu9gVjbGDSIzpRj
-4Ku14799hTdNMSWIdQ6EbNXBhp76IZbFhGphhoUxw9WvYqXLTxAVfja8bWTK5fqTv2WYPL
-0AAAAVAKJBP3iNYSpSuW74+q4WxLCuK8O3AAAAgEJXRPgSLsZb6BtSBYlnrMdAlPh9ijtE
-hGXPQEl/6ozmm4dBW+/KH05RH/YFhxX2rfEr0iUCDjzFZW++i4qPAADE/BGmv6kCimJkC3
-TauDC4YY8ceSixreidichTxMQr/qpx2Bw+fZ4LS8Csqho6UgvCzy5LXV5/FvwGnS8tSu/j
-AAAAgGwwcFzOFJ5SHzDuLbQJWDg6U1OZ8lFVTa07o6kzFn+q6K1GbeEspI27jFGS8cnCLg
-uFC2/VJe8sjmCzk/eAIby2wgCLIKouKceFrreIF0mmqGdX/H+Pt0HImvfElueYt1YuSQK0
-2TUivX8K4TP658DIsZ0paSwQC7VRSVvnTUGTAAAACHVuaXR0ZXN0AAAAAAAAAAZzaGE1MT
-IAAAA3AAAAB3NzaC1kc3MAAAAodi5lr0pqBpO76OY4N1CtfR85BCgZ95qfVjP/e9lToj0q
-lwjSJJXUjw==
------END SSH SIGNATURE-----
die DSA die