[Bug 3306] test_kex.c should check #ifdef USE_SNTRUP761X25519
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Apr 29 09:47:15 AEST 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3306
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to balu from comment #1)
> Can you please clarify if sntrup761x25519-sha512 at openssh.com is
> enabled by default or not?
It's compiled in by default:
$ ssh -Q kex | grep sntrup
sntrup761x25519-sha512 at openssh.com
as long as the compiler supports variable length arrays:
/*
* sntrup761 uses variable length arrays, only enable if the compiler
* supports them.
*/
#ifdef VARIABLE_LENGTH_ARRAYS
# define USE_SNTRUP761X25519 1
#endif
but it is not in the default KexAlgorithms list in either client:
$ ssh -F /dev/null -G localhost | grep kex
kexalgorithms
curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
or server:
$ sudo /usr/sbin/sshd -f /dev/null -T | grep kex
kexalgorithms
curve25519-sha256,curve25519-sha256 at libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
so it is disabled by default and will never be used unless enabled at
runtime by the user/admin in the configuration or flags.
> Also is it an experimental algorithm?
Yes.
[...]
> openbsd man page (https://man.openbsd.org/sshd_config.5) says it's
> supported which means it's enabled.
Those are not the same thing. For example, diffie-hellman-group1-sha1
is also supported but not enabled by default.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list