For discussion of Alpine Linux development and developer support

4 2

Re: [alpine-devel] [PATCH] main/openssh: curve25519pad patch added

Timo Teras
Details
Message ID
<20140902082034.0b8bffb4@vostro>
Sender timestamp
1409635234
DKIM signature
missing
Download raw message
On Mon, 01 Sep 2014 16:05:55 +0000
Johannes Matheis <jomat+alpinebuild@jmt.gr> wrote:

> https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032494.html:
> > bad bignum encoding for curve25519-sha256 at libssh.org
> >[…]
> > So I screwed up when writing the support for the curve25519 KEX
> > method that doesn't depend on OpenSSL's BIGNUM type - a bug in my
> > code left leading zero bytes where they should have been skipped.
> > The impact of this is that OpenSSH 6.5 and 6.6 will fail during key
> > exchange with a peer that implements curve25519-sha256 at
> > libssh.org properly about 0.2% of the time (one in every 512ish
> > connections).

The mailing list archives seem to have auto-converted all '@' symbols to
string ' at ' including the patch's string literals. The patch you have
attached is mangled and incorrect.

Care to resend with pristine diff generated from upstream version
control system?

Thanks,
Timo


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Re: [alpine-devel] [PATCH] main/openssh: curve25519pad patch added

Johannes Matheis
Details
Message ID
<1409658864-turnsole-7471@jmt.gr>
In-Reply-To
<20140902082034.0b8bffb4@vostro> (view parent)
Sender timestamp
1409660709
DKIM signature
missing
Download raw message
Excerpts from Timo Teras's message of 2014-09-02 05:20:34 +0000:
> The mailing list archives seem to have auto-converted all '@' symbols to
> string ' at ' including the patch's string literals. The patch you have
> attached is mangled and incorrect.

I can't reconstruct that. The attached file is identical with the output
of 'git format-patch'. It applies without errors. The md5sum of it is:
1e38829821d8b2759ac106b644a11e7d

~/aports/main/openssh% wget -qO- http://lists.alpinelinux.org/alpine-devel/\
att-4054/0001-main-openssh-curve25519pad-patch-added.patch | patch
patching file APKBUILD
patching file openssh-curve25519pad.patch
~/aports/main/openssh%

I additionally uploaded it to http://sprunge.us/LMhW

Please don't hesitate to contact me again if you're still experiencing
problems with it.

Thanks,
Johannes


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Re: [alpine-devel] [PATCH] main/openssh: curve25519pad patch added

Johannes Matheis
Details
Message ID
<1409671062-turnsole-67885@jmt.gr>
In-Reply-To
<20140902160947.51e99956@vostro> (view parent)
Sender timestamp
1409671301
DKIM signature
missing
Download raw message
Excerpts from Timo Teras's message of 2014-09-02 13:09:47 +0000:
> No, nothing wrong with the patch against aports. It's the
> openssh-curve25519pad.patch that you are adding (which you assumedly
> wgetted from openssl archives).

Thanks for clarification, I must have been blind on both eyes. Sorry for the
hassle.

Attached is a correct version.

Thanks,
Johannes

Re: [alpine-devel] [PATCH] main/openssh: curve25519pad patch added

Timo Teras
Details
Message ID
<20140902160947.51e99956@vostro>
In-Reply-To
<1409658864-turnsole-7471@jmt.gr> (view parent)
Sender timestamp
1409663387
DKIM signature
missing
Download raw message
On Tue, 02 Sep 2014 12:25:09 +0000
Johannes Matheis <jomat+alpinebuild@jmt.gr> wrote:

> Excerpts from Timo Teras's message of 2014-09-02 05:20:34 +0000:
> > The mailing list archives seem to have auto-converted all '@'
> > symbols to string ' at ' including the patch's string literals. The
> > patch you have attached is mangled and incorrect.
> 
> I can't reconstruct that. The attached file is identical with the
> output of 'git format-patch'. It applies without errors. The md5sum
> of it is: 1e38829821d8b2759ac106b644a11e7d
> 
> ~/aports/main/openssh% wget -qO-
> http://lists.alpinelinux.org/alpine-devel/\
> att-4054/0001-main-openssh-curve25519pad-patch-added.patch | patch
> patching file APKBUILD patching file openssh-curve25519pad.patch
> ~/aports/main/openssh%
> 
> I additionally uploaded it to http://sprunge.us/LMhW
> 
> Please don't hesitate to contact me again if you're still experiencing
> problems with it.

No, nothing wrong with the patch against aports. It's the
openssh-curve25519pad.patch that you are adding (which you assumedly
wgetted from openssl archives).

That file has:

+	kex_prop = filter_proposal(kex_prop, "curve25519-sha256 at
libssh.org");

But if you look cvsweb, the real code is:

	kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org");

See:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/compat.c?rev=1.85&content-type=text/x-cvsweb-markup

In otherwords, wget from openssh mailing list archive produces
incorrect patch file. You need to find better archive, the original bug
report, or recreate the original patch from openssh version control.


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---

Re: [alpine-devel] [PATCH] main/openssh: curve25519pad patch added

Timo Teras
Details
Message ID
<20140903152948.67d9ac6f@vostro>
In-Reply-To
<1409671062-turnsole-67885@jmt.gr> (view parent)
Sender timestamp
1409747388
DKIM signature
missing
Download raw message
On Tue, 02 Sep 2014 15:21:41 +0000
Johannes Matheis <jomat+alpinebuild@jmt.gr> wrote:

> Excerpts from Timo Teras's message of 2014-09-02 13:09:47 +0000:
> > No, nothing wrong with the patch against aports. It's the
> > openssh-curve25519pad.patch that you are adding (which you assumedly
> > wgetted from openssl archives).
> 
> Thanks for clarification, I must have been blind on both eyes. Sorry
> for the hassle.
> 
> Attached is a correct version.

Applied. Thanks.


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---