[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Fix ability to use ECDSA host keys

Hi Alan,

Thanks for your patch. I did not review your patch but there's already
something that needs change. You use EVP_* functions in pki.c which is
supposed to be crypto backend independant. I think your code will not
compile on libgcrypt builds.

On your last question if we should add the option or keep the HOSTKEYS
options: I think you're right, and why not keep both ? In OpenSSH
semantic, the Hostkey option can be used several time to add keys to the
list while our implementation use the latest. We can easily fix that


Le 15/02/14 20:17, Alan Dunn a écrit :
> Hi folks,
> After our previous discussion on the inability to enable ECDSA keys, I
> found some bugs in how they are actually used in libssh (even if one
> were able to enable them).  With these changes, and some version of
> changes to allow ECDSA host keys to be enabled (I used my prior patch
> for testing and added an option to samplesshd), I was able to
> successfully get examples sample and samplesshd to communicate, as
> well as an OpenSSH client and samplesshd.
> There were two issues:
> - ecdsa_nid was not copied to duplicated ECDSA private keys
> - SHA-2 hashing was not used for sessionid generation for ECDSA keys
> (instead SHA-1 was being used)
> Thanks,
> - Alan

Re: [PATCH] Fix ability to use ECDSA host keysAlan Dunn <amdunn@xxxxxxxxx>
[PATCH] Fix ability to use ECDSA host keysAlan Dunn <amdunn@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org