diff options
author | Damien Miller <djm@mindrot.org> | 2014-04-20 13:47:45 +1000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-04-21 21:22:36 +0100 |
commit | 02883061577ec43ff8d0e8f0cf486bc5131db507 (patch) | |
tree | cff56a0039ff84648c22cb1fabc141844ee4d1ac /compat.h | |
parent | 08a63152deb5deda168aaef870bdb9f56425acb3 (diff) |
bad bignum encoding for curve25519-sha256@libssh.org
Hi,
So I screwed up when writing the support for the curve25519 KEX method
that doesn't depend on OpenSSL's BIGNUM type - a bug in my code left
leading zero bytes where they should have been skipped. The impact of
this is that OpenSSH 6.5 and 6.6 will fail during key exchange with a
peer that implements curve25519-sha256@libssh.org properly about 0.2%
of the time (one in every 512ish connections).
We've fixed this for OpenSSH 6.7 by avoiding the curve25519-sha256
key exchange for previous versions, but I'd recommend distributors
of OpenSSH apply this patch so the affected code doesn't become
too entrenched in LTS releases.
The patch fixes the bug and makes OpenSSH identify itself as 6.6.1 so as
to distinguish itself from the incorrect versions so the compatibility
code to disable the affected KEX isn't activated.
I've committed this on the 6.6 branch too.
Apologies for the hassle.
-d
Origin: upstream, https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html
Forwarded: not-needed
Last-Update: 2014-04-21
Patch-Name: curve25519-sha256-bignum-encoding.patch
Diffstat (limited to 'compat.h')
-rw-r--r-- | compat.h | 2 |
1 files changed, 2 insertions, 0 deletions
@@ -59,6 +59,7 @@ | |||
59 | #define SSH_BUG_RFWD_ADDR 0x02000000 | 59 | #define SSH_BUG_RFWD_ADDR 0x02000000 |
60 | #define SSH_NEW_OPENSSH 0x04000000 | 60 | #define SSH_NEW_OPENSSH 0x04000000 |
61 | #define SSH_BUG_DYNAMIC_RPORT 0x08000000 | 61 | #define SSH_BUG_DYNAMIC_RPORT 0x08000000 |
62 | #define SSH_BUG_CURVE25519PAD 0x10000000 | ||
62 | 63 | ||
63 | void enable_compat13(void); | 64 | void enable_compat13(void); |
64 | void enable_compat20(void); | 65 | void enable_compat20(void); |
@@ -66,6 +67,7 @@ void compat_datafellows(const char *); | |||
66 | int proto_spec(const char *); | 67 | int proto_spec(const char *); |
67 | char *compat_cipher_proposal(char *); | 68 | char *compat_cipher_proposal(char *); |
68 | char *compat_pkalg_proposal(char *); | 69 | char *compat_pkalg_proposal(char *); |
70 | char *compat_kex_proposal(char *); | ||
69 | 71 | ||
70 | extern int compat13; | 72 | extern int compat13; |
71 | extern int compat20; | 73 | extern int compat20; |