openssh bugs - Aug 2021 - [Bug 3337] New: Will OpenSSH support SMx series algorithms in the future?

https://bugzilla.mindrot.org/show_bug.cgi?id=3337

            Bug ID: 3337
           Summary: Will OpenSSH support SMx series algorithms in the
                    future?
           Product: Portable OpenSSH
           Version: 8.6p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: kircherlike at outlook.com

The support for SMx algorithms has been added by OpenSSL to the sm2,
sm3, and sm4 files in the crypto directory. Does openssh have any plans
to add support for these algorithms?

For example, if we want to add support for sm4-ctr, we only need to add
this line to cipher.c:

{"sm4-ctr", 16, 16, 0, 0, 0, EVP_sm4_ctr},

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3337

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to kircher from comment #0)
> The support for SMx algorithms has been added by OpenSSL to the sm2,
> sm3, and sm4 files in the crypto directory. Does openssh have any
> plans to add support for these algorithms?
Not that I know of.  I am also not aware of any work to specify it for
the SSH protocol.
> For example, if we want to add support for sm4-ctr, we only need to
> add this line to cipher.c:
> 
> {"sm4-ctr", 16, 16, 0, 0, 0, EVP_sm4_ctr},
Note that unless the cipher is defined in an SSH RFC the name needs to
be a vendor extension (see RFC4251 section 6).

It's a 128 bit block cipher that's not specified for SSH. There are
already several 128 bit block ciphers that are specified including one
that's RECOMMENDED.  What benefit would it provide over the existing
ones that would warrant maintaining it as a non-standard extension?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3337

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX
                 CC|                            |djm at mindrot.org

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
No plans to implement SMx ciphers. We don't have any desire to chase
individual national standard ciphers (e.g. Camellia, GOST, etc.)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.