Re: bad bignum encoding for curve25519-sha256@xxxxxxxxxx

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 4/20/2014 2:14 AM, Damien Miller wrote:
> Hi,
> 
> So I screwed up when writing the support for the curve25519 KEX method
> that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
> leading zero bytes where they should have been skipped. The impact of
> this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
> peer that implements curve25519-sha256@xxxxxxxxxx properly about 0.2%
> of the time (one in every 512ish connections).
> 
> We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256
> key exchange for previous versions, but I'd recommend distributors
> of OpenSSH apply this patch so the affected code doesn't become
> too entrenched in LTS releases.
> 
> The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
> to distinguish itself from the incorrect versions so the compatibility
> code to disable the affected KEX isn't activated.
> 
> I've committed this on the 6.6 branch too.
> 
> Apologies for the hassle.
> 
> -d

Am I the only one who finds a bugfix non-release via unsigned mail with
an inline patch a problem?

-- 
Regards,
Bryan Drewery

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux