CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2010/09/09 04:45:45
Modified files:
usr.bin/ssh : kex.c kex.h kexecdh.c key.c key.h monitor.c
ssh-ecdsa.c
Log message:
ECDH/ECDSA compliance fix: these methods vary the hash function they use
(SHA256/384/512) depending on the length of the curve in use. The previous
code incorrectly used SHA256 in all cases.
This fix will cause authentication failure when using 384 or 521-bit curve
keys if one peer hasn't been upgraded and the other has. (256-bit curve
keys work ok). In particular you may need to specify HostkeyAlgorithms
when connecting to a server that has not been upgraded from an upgraded
client.
ok naddy@
