bad bignum encoding for curve25519-sha256 at

mancha mancha1 at
Thu Apr 24 12:24:39 EST 2014

On Thu, Apr 24, 2014 at 11:15:49AM +1000, Damien Miller wrote:
> On Wed, 23 Apr 2014, Bryan Drewery wrote:
> > Am I the only one who finds a bugfix non-release via unsigned mail with
> > an inline patch a problem?
> It's only a problem if you can't/won't read the code.
> -d

I don't think Bryan's comment is without merit. When I saw the ML patch
I reconstructed it from commits in portable's git repo for my own peace
of mind [1].

Would it be possible to have "official" patches provided via the ML be
PGP-signed in the future? I think many would appreciate it.


PS Also, not sure what git you use on mindrot but by way of FYI, as of
version 1.7.9, git allows PGP signing individual commits (e.g. git
commit -S -m "blah").

[1] Ingredients of Curve25519 bugfix patch:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list