bad bignum encoding for curve25519-sha256 at

Aris Adamantiadis aris at
Tue Apr 22 03:58:30 EST 2014

Le 20/04/14 20:26, mancha a écrit :
> On Sun, Apr 20, 2014 at 05:14:08PM +1000, Damien Miller wrote:
>> Hi,
>> The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
>> to distinguish itself from the incorrect versions so the compatibility
>> code to disable the affected KEX isn't activated.
> Thanks for the patch. I can provide independent confirmation it fixes
> things. I got 0 failures during key exchange post-patch using my
> custom KEX checker (built against libssl). Pre-patch I was experiencing
> about a 0.17% failure rate.
> --mancha
A libssh contributor noticed this as well. We'll introduce the same
workaround as OpenSSH to avoid interoperability problems.


More information about the openssh-unix-dev mailing list