openssh bugs - Apr 2021 - [Bug 3306] New: test_kex.c should check #ifdef USE_SNTRUP761X25519

https://bugzilla.mindrot.org/show_bug.cgi?id=3306

            Bug ID: 3306
           Summary: test_kex.c should check #ifdef USE_SNTRUP761X25519
           Product: Portable OpenSSH
           Version: 8.6p1
          Hardware: Other
                OS: Windows 10
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Regression tests
          Assignee: unassigned-bugs at mindrot.org
          Reporter: balu.gajjala at gmail.com

V8_5 introduced an experimental key exchange method
sntrup761x25519-sha512 at openssh.com which is disabled by default.

test_kex.c assume the new kex method is enabled which is not true.

Code change - 
https://github.com/openssh/openssh-portable/blob/e86968280e358e62649d268d41f698d64d0dc9fa/regress/unittests/kex/test_kex.c#L205

From
    do_kex("sntrup761x25519-sha512 at openssh.com");

To
#ifdef USE_SNTRUP761X25519
        do_kex("sntrup761x25519-sha512 at openssh.com");
#endif

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3306

balu <balu.gajjala at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |balu.gajjala at gmail.com

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3306

--- Comment #1 from balu <balu.gajjala at gmail.com> ---
Can you please clarify if sntrup761x25519-sha512 at openssh.com is enabled
by default or not? Also is it an experimental algorithm?

release page (https://www.openssh.com/releasenotes.html) says it's
disable by default.

 ssh(1), sshd(8): update/replace the experimental post-quantum
   hybrid key exchange method based on Streamlined NTRU Prime coupled
   with X25519.

   The previous sntrup4591761x25519-sha512 at tinyssh.org method is
   replaced with sntrup761x25519-sha512 at openssh.com. Per its
   designers, the sntrup4591761 algorithm was superseded almost two
   years ago by sntrup761.

   (note this both the updated method and the one that it replaced are
   disabled by default)

openbsd man page (https://man.openbsd.org/sshd_config.5) says it's
supported which means it's enabled.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3306

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to balu from comment #1)
> Can you please clarify if sntrup761x25519-sha512 at openssh.com is
> enabled by default or not?
It's compiled in by default:
$ ssh -Q kex | grep sntrup
sntrup761x25519-sha512 at openssh.com

as long as the compiler supports variable length arrays:
/*
 * sntrup761 uses variable length arrays, only enable if the compiler
 * supports them.
 */
#ifdef VARIABLE_LENGTH_ARRAYS
# define USE_SNTRUP761X25519 1
#endif

but it is not in the default KexAlgorithms list in either client:
$ ssh -F /dev/null -G localhost | grep kex
kexalgorithms
curve25519-sha256,curve25519-sha256 at
libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

or server:
$ sudo /usr/sbin/sshd -f /dev/null -T | grep kex
kexalgorithms
curve25519-sha256,curve25519-sha256 at
libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

so it is disabled by default and will never be used unless enabled at
runtime by the user/admin in the configuration or flags.
> Also is it an experimental algorithm?
Yes.

[...]
> openbsd man page (https://man.openbsd.org/sshd_config.5) says it's
> supported which means it's enabled.
Those are not the same thing.  For example, diffie-hellman-group1-sha1
is also supported but not enabled by default.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3306

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |3302


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3302
[Bug 3302] Tracking bug for openssh-8.7
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3306

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #3 from Darren Tucker <dtucker at dtucker.net> ---
Fixed.  Thanks for the report.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3306

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
closing bugs resolved before openssh-8.9

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.