- djm@cvs.openbsd.org 2014/04/18 23:52:25
[compat.c compat.h sshconnect2.c sshd.c version.h]
OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections
using the curve25519-sha256@libssh.org KEX exchange method to fail
when connecting with something that implements the spec properly.
Disable this KEX method when speaking to one of the affected
versions.
reported by Aris Adamantiadis; ok markus@
diff --git a/compat.c b/compat.c
index 9d9fabe..64f9790 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.82 2013/12/30 23:52:27 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.83 2014/04/18 23:52:25 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
@@ -95,6 +95,8 @@
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
{ "OpenSSH_4*", 0 },
{ "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
+ { "OpenSSH_6.5*,"
+ "OpenSSH_6.6", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
{ "OpenSSH*", SSH_NEW_OPENSSH },
{ "*MindTerm*", 0 },
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
@@ -251,7 +253,6 @@
return cipher_prop;
}
-
char *
compat_pkalg_proposal(char *pkalg_prop)
{
@@ -265,3 +266,16 @@
return pkalg_prop;
}
+char *
+compat_kex_proposal(char *kex_prop)
+{
+ if (!(datafellows & SSH_BUG_CURVE25519PAD))
+ return kex_prop;
+ debug2("%s: original KEX proposal: %s", __func__, kex_prop);
+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org");
+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
+ if (*kex_prop == '\0')
+ fatal("No supported key exchange algorithms found");
+ return kex_prop;
+}
+