bad bignum encoding for curve25519-sha256 at libssh.org

mancha mancha1 at zoho.com
Mon Apr 21 04:26:58 EST 2014


On Sun, Apr 20, 2014 at 05:14:08PM +1000, Damien Miller wrote:
> Hi,
> 
> The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
> to distinguish itself from the incorrect versions so the compatibility
> code to disable the affected KEX isn't activated.

Thanks for the patch. I can provide independent confirmation it fixes
things. I got 0 failures during key exchange post-patch using my 
custom KEX checker (built against libssl). Pre-patch I was experiencing
about a 0.17% failure rate.

--mancha

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140420/42572ccd/attachment.bin>


More information about the openssh-unix-dev mailing list