[ssh_x509] BN_mod_sqrt issue in cryptograpic libraries

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Wed Mar 16 09:41:37 EET 2022


OpenSSL announces new release that fixes endless loop in BN_mod_sqrt in certain conditions. For protocol issue affects all previous releases of cryptograpic library including forks.

PKIX-SSH, first performs check for allowed algorithms. So expected work-around is to stop temporary X.509 certificates based on EC keys. Related options are PubkeyAlgorithms and HostbasedAlgorithms with pattern like !x509v3-ecdsa-*.

Roumen Petrov

More information about the ssh_x509 mailing list