- djm@cvs.openbsd.org 2014/04/18 23:52:25 [compat.c compat.h sshconnect2.c sshd.c version.h] OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the spec properly. Disable this KEX method when speaking to one of the affected versions. reported by Aris Adamantiadis; ok markus@

commit: 9395b28223334826837c15e8c1bb4dfb3b0d2ca5 [log] [tgz]
author: Damien Miller <djm@mindrot.org> Sun Apr 20 13:25:30 2014 +1000
committer: Damien Miller <djm@mindrot.org> Sun Apr 20 13:25:30 2014 +1000
tree: eea6ad14b14f5fe4f3eb0b791a76f73b706635dc
parent: 8c492da58f8ceb85cf5f7066f23e26fb813a963d [diff] [blame]
diff --git a/compat.h b/compat.h
index b174fa1..2e25d5b 100644
--- a/compat.h
+++ b/compat.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.44 2013/12/30 23:52:27 djm Exp $ */
+/* $OpenBSD: compat.h,v 1.45 2014/04/18 23:52:25 djm Exp $ */
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -59,6 +59,7 @@
 #define SSH_BUG_RFWD_ADDR	0x02000000
 #define SSH_NEW_OPENSSH		0x04000000
 #define SSH_BUG_DYNAMIC_RPORT	0x08000000
+#define SSH_BUG_CURVE25519PAD	0x10000000
 
 void     enable_compat13(void);
 void     enable_compat20(void);
@@ -66,6 +67,7 @@
 int	 proto_spec(const char *);
 char	*compat_cipher_proposal(char *);
 char	*compat_pkalg_proposal(char *);
+char	*compat_kex_proposal(char *);
 
 extern int compat13;
 extern int compat20;
commit	9395b28223334826837c15e8c1bb4dfb3b0d2ca5	[log] [tgz]
author	Damien Miller <djm@mindrot.org>	Sun Apr 20 13:25:30 2014 +1000
committer	Damien Miller <djm@mindrot.org>	Sun Apr 20 13:25:30 2014 +1000
tree	eea6ad14b14f5fe4f3eb0b791a76f73b706635dc
parent	8c492da58f8ceb85cf5f7066f23e26fb813a963d [diff] [blame]