[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Missing signed-off for pkg chacha20 patches

Subject: Re: Missing signed-off for pkg chacha20 patches
From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Wed, 13 Jun 2018 16:35:16 +0200
To: libssh@xxxxxxxxxx

On Saturday, 9 June 2018 01:58:57 CEST Jon Simons wrote:
> On 6/8/18 7:09 AM, Andreas Schneider wrote:
> > I'm currently working on chacha20 to merge Aris his work. There are two
> > pkd
> > patches from you which don't have a Signed-off-by tag from you.
> > 
> > Could you please give me the permission to add it or send the attached
> > patch back with them?
> > 
> > Also, could you test this patchset?
> 
> Excited to see the chacha20 work headed to master.
> 
> I gave the patchset some review and testing this afternoon and I've attached
> a respin of the patchset that includes:
> 
>  * fixes for current master pkd:
> https://www.libssh.org/archive/libssh/2018-05/0000009.html * the older
> chacha20 patches now with my Signed-off
>  * a couple of minor adjustments plus fix for the mbedTLS build
> 
> These should apply cleanly on to 0940b0f29b4fef86e56dffdd13d978f9692b78fc.
> 
> I tested this series with these combinations of pkd:
> 
>  * Debian Jessie with OpenSSL 1.0.1, libgcrypt20
>  * Debian Stretch with OpenSSL 1.1.0, libgcrypt20, mbedTLS
> 
> Please let me know if I can be of any further help or if you'd like to
> see any changes to the adjustments I made.  I can also send out the patches
> in another format if that would be helpful.

Also the pkd test doesn't work on Fedora 26. The reason is the default config. 
There is:

/etc/ssh/ssh_config.d/05-redhat.conf

which includes

/etc/crypto-policies/back-ends/openssh.config

and that files sets:

Ciphers aes256-gcm@xxxxxxxxxxx,chacha20-poly1305@xxxxxxxxxxx,aes256-
ctr,aes256-cbc,aes128-gcm@xxxxxxxxxxx,aes128-ctr,aes128-cbc                                          
MACs hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-128-
etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha2-256,hmac-
sha1,umac-128@xxxxxxxxxxx,hmac-sha2-512
GSSAPIKexAlgorithms gss-gex-sha1-,gss-group14-sha1-
KexAlgorithms curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-
nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-
hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-
exchange-sha1,diffie-hellman-group14-sha1


So you're not allowed to use certain ciphers!


So you need to create a ssh config file and use 'ssh -F configfile' which 
already sets the above to allow all ciphers we want to test.


	Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx

Follow-Ups:
Re: Missing signed-off for pkg chacha20 patches	Andreas Schneider <asn@xxxxxxxxxxxxxx>

References:
Missing signed-off for pkg chacha20 patches	Andreas Schneider <asn@xxxxxxxxxxxxxx>
Re: Missing signed-off for pkg chacha20 patches	Jon Simons <jon@xxxxxxxxxxxxx>

Archive administrator: postmaster@lists.cynapses.org