diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2024-08-22 23:11:31 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2024-08-22 23:11:31 +0000 |
commit | ba68be9241fa5d3b4e9edb848e402fa2e341222b (patch) | |
tree | 1db581df3c089ecdb808b23a8240dd04c0029a6f | |
parent | 5560f5318cb7213f5f9a49c930b57846ada9754b (diff) |
sntrup761x25519-sha512 now has an IANA codepoint assigned,
so we can make the algorithm available without the @openssh.com
suffix too. ok markus@ deraadt@
-rw-r--r-- | usr.bin/ssh/kex-names.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/kex.h | 5 | ||||
-rw-r--r-- | usr.bin/ssh/myproposal.h | 3 | ||||
-rw-r--r-- | usr.bin/ssh/ssh_config.5 | 6 | ||||
-rw-r--r-- | usr.bin/ssh/sshd_config.5 | 8 |
5 files changed, 16 insertions, 10 deletions
diff --git a/usr.bin/ssh/kex-names.c b/usr.bin/ssh/kex-names.c index 7eebc7a5636..82ff37344b8 100644 --- a/usr.bin/ssh/kex-names.c +++ b/usr.bin/ssh/kex-names.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kex-names.c,v 1.1 2024/05/17 00:32:32 djm Exp $ */ +/* $OpenBSD: kex-names.c,v 1.2 2024/08/22 23:11:30 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * @@ -70,6 +70,8 @@ static const struct kexalg kexalgs[] = { { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 }, { KEX_SNTRUP761X25519_SHA512, KEX_KEM_SNTRUP761X25519_SHA512, 0, SSH_DIGEST_SHA512 }, + { KEX_SNTRUP761X25519_SHA512_OLD, KEX_KEM_SNTRUP761X25519_SHA512, 0, + SSH_DIGEST_SHA512 }, { NULL, 0, -1, -1}, }; diff --git a/usr.bin/ssh/kex.h b/usr.bin/ssh/kex.h index ca8d5aa4744..0d66b87a913 100644 --- a/usr.bin/ssh/kex.h +++ b/usr.bin/ssh/kex.h @@ -1,4 +1,4 @@ -/* $OpenBSD: kex.h,v 1.123 2024/05/17 00:30:23 djm Exp $ */ +/* $OpenBSD: kex.h,v 1.124 2024/08/22 23:11:30 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -55,7 +55,8 @@ #define KEX_ECDH_SHA2_NISTP521 "ecdh-sha2-nistp521" #define KEX_CURVE25519_SHA256 "curve25519-sha256" #define KEX_CURVE25519_SHA256_OLD "curve25519-sha256@libssh.org" -#define KEX_SNTRUP761X25519_SHA512 "sntrup761x25519-sha512@openssh.com" +#define KEX_SNTRUP761X25519_SHA512 "sntrup761x25519-sha512" +#define KEX_SNTRUP761X25519_SHA512_OLD "sntrup761x25519-sha512@openssh.com" #define COMP_NONE 0 /* pre-auth compression (COMP_ZLIB) is only supported in the client */ diff --git a/usr.bin/ssh/myproposal.h b/usr.bin/ssh/myproposal.h index ee6e9f74152..bef6569085b 100644 --- a/usr.bin/ssh/myproposal.h +++ b/usr.bin/ssh/myproposal.h @@ -1,4 +1,4 @@ -/* $OpenBSD: myproposal.h,v 1.71 2022/03/30 21:13:23 djm Exp $ */ +/* $OpenBSD: myproposal.h,v 1.72 2024/08/22 23:11:30 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -25,6 +25,7 @@ */ #define KEX_SERVER_KEX \ + "sntrup761x25519-sha512," \ "sntrup761x25519-sha512@openssh.com," \ "curve25519-sha256," \ "curve25519-sha256@libssh.org," \ diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 874874bd07d..81dccf8a567 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.398 2024/07/14 10:19:23 jsg Exp $ -.Dd $Mdocdate: July 14 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.399 2024/08/22 23:11:30 djm Exp $ +.Dd $Mdocdate: August 22 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1282,7 +1282,7 @@ default set. .Pp The default is: .Bd -literal -offset indent -sntrup761x25519-sha512@openssh.com, +sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com, curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 9170c489278..d42ca0eaddd 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.368 2024/07/26 15:24:49 naddy Exp $ -.Dd $Mdocdate: July 26 2024 $ +.\" $OpenBSD: sshd_config.5,v 1.369 2024/08/22 23:11:30 djm Exp $ +.Dd $Mdocdate: August 22 2024 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1051,12 +1051,14 @@ ecdh-sha2-nistp384 .It ecdh-sha2-nistp521 .It +sntrup761x25519-sha512 +.It sntrup761x25519-sha512@openssh.com .El .Pp The default is: .Bd -literal -offset indent -sntrup761x25519-sha512@openssh.com, +sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com, curve25519-sha256,curve25519-sha256@libssh.org, ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256, |