[Bug 3337] Will OpenSSH support SMx series algorithms in the future?

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Aug 11 10:22:28 AEST 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3337

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to kircher from comment #0)
> The support for SMx algorithms has been added by OpenSSL to the sm2,
> sm3, and sm4 files in the crypto directory. Does openssh have any
> plans to add support for these algorithms?

Not that I know of.  I am also not aware of any work to specify it for
the SSH protocol.

> For example, if we want to add support for sm4-ctr, we only need to
> add this line to cipher.c:
> 
> {"sm4-ctr", 16, 16, 0, 0, 0, EVP_sm4_ctr},

Note that unless the cipher is defined in an SSH RFC the name needs to
be a vendor extension (see RFC4251 section 6).

It's a 128 bit block cipher that's not specified for SSH. There are
already several 128 bit block ciphers that are specified including one
that's RECOMMENDED.  What benefit would it provide over the existing
ones that would warrant maintaining it as a non-standard extension?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list