bad bignum encoding for curve25519-sha256 at libssh.org
Bryan Drewery
bdrewery at FreeBSD.org
Thu Apr 24 11:03:43 EST 2014
On 4/20/2014 2:14 AM, Damien Miller wrote:
> Hi,
>
> So I screwed up when writing the support for the curve25519 KEX method
> that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
> leading zero bytes where they should have been skipped. The impact of
> this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
> peer that implements curve25519-sha256 at libssh.org properly about 0.2%
> of the time (one in every 512ish connections).
>
> We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256
> key exchange for previous versions, but I'd recommend distributors
> of OpenSSH apply this patch so the affected code doesn't become
> too entrenched in LTS releases.
>
> The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
> to distinguish itself from the incorrect versions so the compatibility
> code to disable the affected KEX isn't activated.
>
> I've committed this on the 6.6 branch too.
>
> Apologies for the hassle.
>
> -d
Am I the only one who finds a bugfix non-release via unsigned mail with
an inline patch a problem?
--
Regards,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140423/3667aad7/attachment.bin>
More information about the openssh-unix-dev
mailing list