summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2024-08-22 23:11:31 +0000
committerDamien Miller <djm@cvs.openbsd.org>2024-08-22 23:11:31 +0000
commitba68be9241fa5d3b4e9edb848e402fa2e341222b (patch)
tree1db581df3c089ecdb808b23a8240dd04c0029a6f
parent5560f5318cb7213f5f9a49c930b57846ada9754b (diff)
sntrup761x25519-sha512 now has an IANA codepoint assigned,
so we can make the algorithm available without the @openssh.com suffix too. ok markus@ deraadt@
-rw-r--r--usr.bin/ssh/kex-names.c4
-rw-r--r--usr.bin/ssh/kex.h5
-rw-r--r--usr.bin/ssh/myproposal.h3
-rw-r--r--usr.bin/ssh/ssh_config.56
-rw-r--r--usr.bin/ssh/sshd_config.58
5 files changed, 16 insertions, 10 deletions
diff --git a/usr.bin/ssh/kex-names.c b/usr.bin/ssh/kex-names.c
index 7eebc7a5636..82ff37344b8 100644
--- a/usr.bin/ssh/kex-names.c
+++ b/usr.bin/ssh/kex-names.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex-names.c,v 1.1 2024/05/17 00:32:32 djm Exp $ */
+/* $OpenBSD: kex-names.c,v 1.2 2024/08/22 23:11:30 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
*
@@ -70,6 +70,8 @@ static const struct kexalg kexalgs[] = {
{ KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
{ KEX_SNTRUP761X25519_SHA512, KEX_KEM_SNTRUP761X25519_SHA512, 0,
SSH_DIGEST_SHA512 },
+ { KEX_SNTRUP761X25519_SHA512_OLD, KEX_KEM_SNTRUP761X25519_SHA512, 0,
+ SSH_DIGEST_SHA512 },
{ NULL, 0, -1, -1},
};
diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h
index ca8d5aa4744..0d66b87a913 100644
--- a/usr.bin/ssh/kex.h
+++ b/usr.bin/ssh/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.123 2024/05/17 00:30:23 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.124 2024/08/22 23:11:30 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -55,7 +55,8 @@
#define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521"
#define KEX_CURVE25519_SHA256 "curve25519-sha256"
#define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org"
-#define KEX_SNTRUP761X25519_SHA512 "sntrup761x25519-sha512@openssh.com"
+#define KEX_SNTRUP761X25519_SHA512 "sntrup761x25519-sha512"
+#define KEX_SNTRUP761X25519_SHA512_OLD "sntrup761x25519-sha512@openssh.com"
#define COMP_NONE 0
/* pre-auth compression (COMP_ZLIB) is only supported in the client */
diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h
index ee6e9f74152..bef6569085b 100644
--- a/usr.bin/ssh/myproposal.h
+++ b/usr.bin/ssh/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.71 2022/03/30 21:13:23 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.72 2024/08/22 23:11:30 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -25,6 +25,7 @@
*/
#define KEX_SERVER_KEX \
+ "sntrup761x25519-sha512," \
"sntrup761x25519-sha512@openssh.com," \
"curve25519-sha256," \
"curve25519-sha256@libssh.org," \
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 874874bd07d..81dccf8a567 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.398 2024/07/14 10:19:23 jsg Exp $
-.Dd $Mdocdate: July 14 2024 $
+.\" $OpenBSD: ssh_config.5,v 1.399 2024/08/22 23:11:30 djm Exp $
+.Dd $Mdocdate: August 22 2024 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -1282,7 +1282,7 @@ default set.
.Pp
The default is:
.Bd -literal -offset indent
-sntrup761x25519-sha512@openssh.com,
+sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
curve25519-sha256,curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index 9170c489278..d42ca0eaddd 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.368 2024/07/26 15:24:49 naddy Exp $
-.Dd $Mdocdate: July 26 2024 $
+.\" $OpenBSD: sshd_config.5,v 1.369 2024/08/22 23:11:30 djm Exp $
+.Dd $Mdocdate: August 22 2024 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -1051,12 +1051,14 @@ ecdh-sha2-nistp384
.It
ecdh-sha2-nistp521
.It
+sntrup761x25519-sha512
+.It
sntrup761x25519-sha512@openssh.com
.El
.Pp
The default is:
.Bd -literal -offset indent
-sntrup761x25519-sha512@openssh.com,
+sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,
curve25519-sha256,curve25519-sha256@libssh.org,
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
diffie-hellman-group-exchange-sha256,