upstream commit

support plain curve25519-sha256 KEX algorithm now that it
is approaching standardisation (same algorithm is currently supported as
curve25519-sha256@libssh.org)

Upstream-ID: 5e2b6db2e72667048cf426da43c0ee3fc777baa2

2 files changed, 7 insertions, 3 deletions

diff --git a/kex.c b/kex.c
index edb61bee7..811e2cf6c 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.123 2016/09/21 19:53:12 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.124 2016/09/22 17:52:53 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -109,6 +109,7 @@ static const struct kexalg kexalgs[] = {
 #endif /* WITH_OPENSSL */
 #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
         { KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
+        { KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
         { NULL, -1, -1, -1},
 };
diff --git a/myproposal.h b/myproposal.h
index 5c088e5e9..4729b30b0 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.52 2016/09/05 14:02:42 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.53 2016/09/22 17:52:53 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -84,7 +84,9 @@
 
 #ifdef WITH_OPENSSL
 # ifdef HAVE_EVP_SHA256
-#  define KEX_CURVE25519_METHODS "curve25519-sha256@libssh.org,"
+#  define KEX_CURVE25519_METHODS \
+        "curve25519-sha256," \
+        "curve25519-sha256@libssh.org,"
 # else
 #  define KEX_CURVE25519_METHODS ""
 # endif
@@ -139,6 +141,7 @@
 #else /* WITH_OPENSSL */
 
 #define KEX_SERVER_KEX          \
+        "curve25519-sha256," \
         "curve25519-sha256@libssh.org"
 #define KEX_DEFAULT_PK_ALG      \
         "ssh-ed25519-cert-v01@openssh.com," \