[PATCH] use ecdh/X25519 from openssl when possible (openssl-1.1.0+)

[Yuriy M. Kaminskiy]

See attached:

(1) patch against 7.9p1, tested with openssl 1.1.0j and openssl 1.1.1a on linux/i386; passes regression
test and connects to unpatched sshd without problems;

I hacked a bit regress/unittests/kex, and benchmarked
    do_kex_with_key("curve25519-sha256 at libssh.org", KEY_ED25519, 256);
Before:
  0.3295s per call
After:
  0.2183s per call

That is, 50% speedup; assuming ed25519 (added to openssl in 1.1.1) takes about same time as ecdh/x25519,
there are potential for total 200% speedup in KEX.

(2) rebased patch against git master; passes regression test;

I relied on presence of NID_X25519 for autodetection; probably it makes sense to check if is
actually working it autoconf; then again, maybe not (it won't work when cross-compiling anyway).

P.S. given amount of feedback I received so far, it seems everyone follows motto "it cannot be secure
if it is not slow".
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 7.9p1-0001-use-kex-x25519-from-openssl-when-possible.patch
Type: text/x-patch
Size: 9337 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190217/7dce2537/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: master-0001-use-kex-x25519-from-openssl-when-possible.patch
Type: text/x-patch
Size: 11456 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190217/7dce2537/attachment-0003.bin>