upstream commit

support plain curve25519-sha256 KEX algorithm now that it
is approaching standardisation (same algorithm is currently supported as
curve25519-sha256@libssh.org)

Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2

diff --git a/kex.c b/kex.c
index edb61bee7080f9a7f70cf7714152b6c9afc1f6e5..811e2cf6c499afc41e28ab694caa124c409b5e09 100644 (file)
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.123 2016/09/21 19:53:12 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.124 2016/09/22 17:52:53 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -109,6 +109,7 @@ static const struct kexalg kexalgs[] = {
 #endif /* WITH_OPENSSL */
 #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
        { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
+       { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
        { NULL, -1, -1, -1},
 };

diff --git a/myproposal.h b/myproposal.h
index 5c088e5e9338a91847f624206afb9f2d59c5fc8a..4729b30b07ca778b409fa3f7ada2a15f16c44261 100644 (file)
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.52 2016/09/05 14:02:42 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.53 2016/09/22 17:52:53 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -84,7 +84,9 @@
 
 #ifdef WITH_OPENSSL
 # ifdef HAVE_EVP_SHA256
-#  define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org,"
+#  define KEX_CURVE25519_METHODS \
+       "curve25519-sha256," \
+       "curve25519-sha256@libssh.org,"
 # else
 #  define KEX_CURVE25519_METHODS ""
 # endif
@@ -139,6 +141,7 @@
 #else /* WITH_OPENSSL */
 
 #define KEX_SERVER_KEX         \
+       "curve25519-sha256," \
        "curve25519-sha256@libssh.org"
 #define        KEX_DEFAULT_PK_ALG      \
        "ssh-ed25519-cert-v01@openssh.com," \