[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Fix ability to use ECDSA host keys
[Thread Prev] | [Thread Next]
- Subject: Re: [PATCH] Fix ability to use ECDSA host keys
- From: Aris Adamantiadis <aris@xxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Sat, 15 Feb 2014 20:52:51 +0100
- To: libssh@xxxxxxxxxx
Hi Alan, Thanks for your patch. I did not review your patch but there's already something that needs change. You use EVP_* functions in pki.c which is supposed to be crypto backend independant. I think your code will not compile on libgcrypt builds. On your last question if we should add the option or keep the HOSTKEYS options: I think you're right, and why not keep both ? In OpenSSH semantic, the Hostkey option can be used several time to add keys to the list while our implementation use the latest. We can easily fix that behaviour. thanks, Aris Le 15/02/14 20:17, Alan Dunn a écrit : > Hi folks, > > After our previous discussion on the inability to enable ECDSA keys, I > found some bugs in how they are actually used in libssh (even if one > were able to enable them). With these changes, and some version of > changes to allow ECDSA host keys to be enabled (I used my prior patch > for testing and added an option to samplesshd), I was able to > successfully get examples sample and samplesshd to communicate, as > well as an OpenSSH client and samplesshd. > > There were two issues: > - ecdsa_nid was not copied to duplicated ECDSA private keys > - SHA-2 hashing was not used for sessionid generation for ECDSA keys > (instead SHA-1 was being used) > > Thanks, > - Alan
| Re: [PATCH] Fix ability to use ECDSA host keys | Alan Dunn <amdunn@xxxxxxxxx> |
| [PATCH] Fix ability to use ECDSA host keys | Alan Dunn <amdunn@xxxxxxxxx> |