[openssh-commits] CVS: fuyu.mindrot.org: openssh

Damien Miller djm at fuyu.mindrot.org
Fri Sep 10 11:23:35 EST 2010 

CVSROOT:        /var/cvs
Module name:    openssh
Changes by:     djm at fuyu.mindrot.org 10/09/10 11:23:35

Modified files:
    .               : ChangeLog kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c

Log message:
   - djm at cvs.openbsd.org 2010/09/09 10:45:45
     [kex.c kex.h kexecdh.c key.c key.h monitor.c ssh-ecdsa.c]
     ECDH/ECDSA compliance fix: these methods vary the hash function they use
     (SHA256/384/512) depending on the length of the curve in use. The previous
     code incorrectly used SHA256 in all cases.

     This fix will cause authentication failure when using 384 or 521-bit curve
     keys if one peer hasn't been upgraded and the other has. (256-bit curve
     keys work ok). In particular you may need to specify HostkeyAlgorithms
     when connecting to a server that has not been upgraded from an upgraded
     client.

     ok naddy@

Diff commands:
cvs -nQq rdiff -u -r1.5667 -r1.5668 openssh/ChangeLog
cvs -nQq rdiff -u -r1.91 -r1.92 openssh/kex.c
cvs -nQq rdiff -u -r1.53 -r1.54 openssh/kex.h
cvs -nQq rdiff -u -r1.2 -r1.3 openssh/kexecdh.c
cvs -nQq rdiff -u -r1.95 -r1.96 openssh/key.c
cvs -nQq rdiff -u -r1.33 -r1.34 openssh/key.h
cvs -nQq rdiff -u -r1.143 -r1.144 openssh/monitor.c
cvs -nQq rdiff -u -r1.3 -r1.4 openssh/ssh-ecdsa.c

ViewVC:
http://anoncvs.mindrot.org/index.cgi/openssh/ChangeLog?r1=1.5667;r2=1.5668&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/kex.c?r1=1.91;r2=1.92&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/kex.h?r1=1.53;r2=1.54&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/kexecdh.c?r1=1.2;r2=1.3&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/key.c?r1=1.95;r2=1.96&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/key.h?r1=1.33;r2=1.34&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/monitor.c?r1=1.143;r2=1.144&view=patch
http://anoncvs.mindrot.org/index.cgi/openssh/ssh-ecdsa.c?r1=1.3;r2=1.4&view=patch

Please note that there may be a delay before commits are available
on the public ViewVC site.

More information about the openssh-commits mailing list