FYI: fix for big-endian systems pushed to V_9_9 branch

Tue Oct 29 04:24:02 AEDT 2024

Thanks, applied to Fedora rawhide

On Sun, Oct 27, 2024 at 5:48 AM Damien Miller <djm at mindrot.org> wrote:

> Hi,
>
> This is mostly a note for downstream distributors of OpenSSH. I've
> just pushed fixes to the V_9_9 stable branch for a bug in the
> mlkem768x25519-sha256 key exchange algorithm that was added in this
> release that causes connection failures when connecting between
> big-endian and little-endian hosts.
>
> The problem is on the big-endian side. No change is required for
> the more common little-endian architectures (e.g. x86, ARM).
>
> If you distribute OpenSSH to big-endian systems and have packaged
> OpenSSH 9.9 already, then I recommend you include these fixes as the
> next release of OpenSSH will make this key exchange algorithm the
> default.
>
> Thanks,
> Damien
>
>
> ---------- Forwarded message ----------
> From: git+noreply at mindrot.org
> To: openssh-commits at mindrot.org
> Cc:
> Bcc:
> Date: Sun, 27 Oct 2024 15:37:01 +1100
> Subject: [openssh-commits] [openssh] branch V_9_9 updated (19bcb2d9 ->
> 33c5f384)
>
> This is an automated email from the git hooks/post-receive script.
>
> djm pushed a change to branch V_9_9
> in repository openssh.
>
>     from 19bcb2d9 upstream: fix previous change to ssh_config Match, which
> broken on
>      new 11f34819 upstream: fix ML-KEM768x25519 KEX on big-endian systems;
> spotted by
>      new fe8d28a7 upstream: explicitly include endian.h
>      new 33c5f384 htole64() etc for systems without endian.h
>
> The 3 revisions listed above as "new" are entirely new to this
> repository and will be described in separate emails.  The revisions
> listed as "add" were already present in the repository and have only
> been added to this reference.
>
>
> Detailed log of new commits:
>
> commit 33c5f384ae03a5d1a0bd46ca0fac3c62e4eaf784
> Author: Damien Miller <djm at mindrot.org>
> Date:   Sun Oct 27 13:28:11 2024 +1100
>
>     htole64() etc for systems without endian.h
>
> commit fe8d28a7ebbaa35cfc04a21263627f05c237e460
> Author: djm at openbsd.org <djm at openbsd.org>
> Date:   Sun Oct 27 02:06:59 2024 +0000
>
>     upstream: explicitly include endian.h
>
>     OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318
>
> commit 11f348196b3fb51c3d8d1f4f36db9d73f03149ed
> Author: djm at openbsd.org <djm at openbsd.org>
> Date:   Sun Oct 27 02:06:01 2024 +0000
>
>     upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by
>
>     jsg@ feedback/ok deraadt@
>
>     OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0
>
> Summary of changes:
>  configure.ac            |  1 -
>  defines.h               | 26 ++++++++++++++++++++++++++
>  kexmlkem768x25519.c     |  5 ++++-
>  libcrux_mlkem768_sha3.h |  8 +++++---
>  mlkem768.sh             | 17 ++++++++++++-----
>  5 files changed, 47 insertions(+), 10 deletions(-)
>
> --
> To stop receiving notification emails like this one, please contact
> djm at mindrot.org.
> _______________________________________________
> openssh-commits mailing list
> openssh-commits at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-commits
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

-- 
Dmitry Belyavskiy