- djm@cvs.openbsd.org 2014/04/18 23:52:25

     [compat.c compat.h sshconnect2.c sshd.c version.h]
     OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
     using the curve25519-sha256@libssh.org KEX exchange method to fail
     when connecting with something that implements the spec properly.

     Disable this KEX method when speaking to one of the affected
     versions.

     reported by Aris Adamantiadis; ok markus@

1 files changed, 3 insertions, 1 deletions

diff --git a/compat.h b/compat.h
index b174fa171..2e25d5ba9 100644
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.44 2013/12/30 23:52:27 djm Exp $ */
+/* $OpenBSD: compat.h,v 1.45 2014/04/18 23:52:25 djm Exp $ */
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -59,6 +59,7 @@
 #define SSH_BUG_RFWD_ADDR       0x02000000
 #define SSH_NEW_OPENSSH         0x04000000
 #define SSH_BUG_DYNAMIC_RPORT   0x08000000
+#define SSH_BUG_CURVE25519PAD   0x10000000
 
 void     enable_compat13(void);
 void     enable_compat20(void);
@@ -66,6 +67,7 @@ void     compat_datafellows(const char *);
 int      proto_spec(const char *);
 char    *compat_cipher_proposal(char *);
 char    *compat_pkalg_proposal(char *);
+char    *compat_kex_proposal(char *);
 
 extern int compat13;
 extern int compat20;