summaryrefslogtreecommitdiff
path: root/auth-passwd.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2014-04-20 13:47:45 +1000
committerColin Watson <cjwatson@debian.org>2014-04-21 21:22:36 +0100
commit02883061577ec43ff8d0e8f0cf486bc5131db507 (patch)
treecff56a0039ff84648c22cb1fabc141844ee4d1ac /auth-passwd.c
parent08a63152deb5deda168aaef870bdb9f56425acb3 (diff)
bad bignum encoding for curve25519-sha256@libssh.org
Hi, So I screwed up when writing the support for the curve25519 KEX method that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left leading zero bytes where they should have been skipped. The impact of this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a peer that implements curve25519-sha256@libssh.org properly about 0.2% of the time (one in every 512ish connections). We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256 key exchange for previous versions, but I'd recommend distributors of OpenSSH apply this patch so the affected code doesn't become too entrenched in LTS releases. The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as to distinguish itself from the incorrect versions so the compatibility code to disable the affected KEX isn't activated. I've committed this on the 6.6 branch too. Apologies for the hassle. -d Origin: upstream, https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html Forwarded: not-needed Last-Update: 2014-04-21 Patch-Name: curve25519-sha256-bignum-encoding.patch
Diffstat (limited to 'auth-passwd.c')
0 files changed, 0 insertions, 0 deletions