Remove DSA from default cipher list and disable SSH1.

Upstream did this a long time ago, but we kept DSA and SSH1 in FreeBSD for
reasons which boil down to POLA.  Now is a good time to catch up.

MFC after:	3 days
Relnotes:	yes

crypto/openssh/FREEBSD-upgrade

@@ -142,30 +142,25 @@
    Support for TCP wrappers was removed in upstream 6.7p1.  We've
    added it back by porting the 6.6p1 code forward.
 
-6) DSA keys
-
-   DSA keys were disabled by default in upstream 6.9p1.  We've added
-   them back.
-
-7) Agent client reference counting
+6) Agent client reference counting
 
    We've added code to ssh-agent.c to implement client reference
    counting; the agent will automatically exit when the last client
    disconnects.
 
-8) Class-based login restrictions
+7) Class-based login restrictions
 
    We've added code to auth2.c to enforce the host.allow, host.deny,
    times.allow and times.deny login class capabilities.
 
-9) HPN
+8) HPN
 
    We no longer have the HPN patches (adaptive buffer size for
    increased throughput on high-BxD links), but we recognize and
    ignore HPN-related configuration options to avoid breaking existing
    configurations.
 
-A) AES-CBC
+9) AES-CBC
 
    The AES-CBC ciphers were removed from the server-side proposal list
    in 6.7p1 due to theoretical weaknesses and the availability of

crypto/openssh/config.h

@@ -1701,7 +1701,7 @@
 /* #undef WITH_SELINUX */
 
 /* include SSH protocol version 1 support */
-#define WITH_SSH1 1
+/* #undef WITH_SSH1 */
 
 /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
    significant byte first (like Motorola and SPARC, unlike Intel). */

crypto/openssh/configure.ac

@@ -123,7 +123,7 @@ AC_CHECK_DECL([PR_SET_NO_NEW_PRIVS], [have_linux_no_new_privs=1], , [
 ])
 
 openssl=yes
-ssh1=yes
+ssh1=no
 AC_ARG_WITH([openssl],
 	[  --without-openssl       Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL** ],
 	[  if test "x$withval" = "xno" ; then

crypto/openssh/myproposal.h

@@ -100,13 +100,11 @@
 	HOSTKEY_ECDSA_CERT_METHODS \
 	"ssh-ed25519-cert-v01@openssh.com," \
 	"ssh-rsa-cert-v01@openssh.com," \
-	"ssh-dss-cert-v01@openssh.com," \
 	HOSTKEY_ECDSA_METHODS \
 	"ssh-ed25519," \
 	"rsa-sha2-512," \
 	"rsa-sha2-256," \
-	"ssh-rsa," \
-	"ssh-dss"
+	"ssh-rsa"
 
 /* the actual algorithms */
 

crypto/openssh/servconf.c

@@ -206,8 +206,6 @@ fill_default_server_options(ServerOptions *options)
 	/* Standard Options */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
 		options->protocol = SSH_PROTO_2;
-	if (options->protocol & SSH_PROTO_1)
-		error("WARNING: SSH protocol version 1 enabled");
 	if (options->num_host_key_files == 0) {
 		/* fill default hostkeys for protocols */
 		if (options->protocol & SSH_PROTO_1)

crypto/openssh/ssh_config.5

@@ -871,10 +871,8 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,
-ssh-dss-cert-v01@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
-ecdsa-sha2-nistp521,ssh-ed25519,
-ssh-rsa,ssh-dss
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
 .Ed
 .Pp
 The
@@ -896,10 +894,8 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,
-ssh-dss-cert-v01@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
-ecdsa-sha2-nistp521,ssh-ed25519,
-ssh-rsa,ssh-dss
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
 .Ed
 .Pp
 If hostkeys are known for the destination host then this default is modified
@@ -1336,10 +1332,8 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,
-ssh-dss-cert-v01@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
-ecdsa-sha2-nistp521,ssh-ed25519,
-ssh-rsa,ssh-dss
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
 .Ed
 .Pp
 The

crypto/openssh/sshd_config.5

@@ -659,10 +659,8 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,
-ssh-dss-cert-v01@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
-ecdsa-sha2-nistp521,ssh-ed25519,
-ssh-rsa,ssh-dss
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
 .Ed
 .Pp
 The
@@ -753,10 +751,8 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,
-ssh-dss-cert-v01@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
-ecdsa-sha2-nistp521,ssh-ed25519,
-ssh-rsa,ssh-dss
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
 .Ed
 .Pp
 The list of available key types may also be obtained using the
@@ -1372,10 +1368,8 @@ ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,
-ssh-dss-cert-v01@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,
-ecdsa-sha2-nistp521,ssh-ed25519,
-ssh-rsa,ssh-dss
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ssh-ed25519,ssh-rsa
 .Ed
 .Pp
 The