Hi,
This is mostly a note for downstream distributors of OpenSSH. I've
just pushed fixes to the V_9_9 stable branch for a bug in the
mlkem768x25519-sha256 key exchange algorithm that was added in this
release that causes connection failures when connecting between
big-endian and little-endian hosts.
The problem is on the big-endian side. No change is required for
the more common little-endian architectures (e.g. x86, ARM).
If you distribute OpenSSH to big-endian systems and have packaged
OpenSSH 9.9 already, then I recommend you include these fixes as the
next release of OpenSSH will make this key exchange algorithm the
default.
Thanks,
Damien
--- Begin Message ---
- To: openssh-commits@xxxxxxxxxxx
- Subject: [openssh-commits] [openssh] branch V_9_9 updated (19bcb2d9 -> 33c5f384)
- From: git+noreply@xxxxxxxxxxx
- Date: Sun, 27 Oct 2024 15:37:01 +1100
- Reply-to: openssh-unix-dev@xxxxxxxxxxx
This is an automated email from the git hooks/post-receive script.
djm pushed a change to branch V_9_9
in repository openssh.
from 19bcb2d9 upstream: fix previous change to ssh_config Match, which broken on
new 11f34819 upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by
new fe8d28a7 upstream: explicitly include endian.h
new 33c5f384 htole64() etc for systems without endian.h
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Detailed log of new commits:
commit 33c5f384ae03a5d1a0bd46ca0fac3c62e4eaf784
Author: Damien Miller <djm@xxxxxxxxxxx>
Date: Sun Oct 27 13:28:11 2024 +1100
htole64() etc for systems without endian.h
commit fe8d28a7ebbaa35cfc04a21263627f05c237e460
Author: djm@xxxxxxxxxxx <djm@xxxxxxxxxxx>
Date: Sun Oct 27 02:06:59 2024 +0000
upstream: explicitly include endian.h
OpenBSD-Commit-ID: 13511fdef7535bdbc35b644c90090013da43a318
commit 11f348196b3fb51c3d8d1f4f36db9d73f03149ed
Author: djm@xxxxxxxxxxx <djm@xxxxxxxxxxx>
Date: Sun Oct 27 02:06:01 2024 +0000
upstream: fix ML-KEM768x25519 KEX on big-endian systems; spotted by
jsg@ feedback/ok deraadt@
OpenBSD-Commit-ID: 26d81a430811672bc762687166986cad40d28cc0
Summary of changes:
configure.ac | 1 -
defines.h | 26 ++++++++++++++++++++++++++
kexmlkem768x25519.c | 5 ++++-
libcrux_mlkem768_sha3.h | 8 +++++---
mlkem768.sh | 17 ++++++++++++-----
5 files changed, 47 insertions(+), 10 deletions(-)
--
To stop receiving notification emails like this one, please contact
djm@xxxxxxxxxxx.
_______________________________________________
openssh-commits mailing list
openssh-commits@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-commits
--- End Message ---
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
