[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Missing signed-off for pkg chacha20 patches
[Thread Prev] | [Thread Next]
- Subject: Re: Missing signed-off for pkg chacha20 patches
- From: Andreas Schneider <asn@xxxxxxxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Thu, 14 Jun 2018 17:22:39 +0200
- To: libssh@xxxxxxxxxx
On Thursday, 14 June 2018 16:06:20 CEST Andreas Schneider wrote: > On Thursday, 14 June 2018 16:03:29 CEST Andreas Schneider wrote: > > On Wednesday, 13 June 2018 16:35:16 CEST Andreas Schneider wrote: > > > On Saturday, 9 June 2018 01:58:57 CEST Jon Simons wrote: > > > > On 6/8/18 7:09 AM, Andreas Schneider wrote: > > > > > I'm currently working on chacha20 to merge Aris his work. There are > > > > > two > > > > > pkd > > > > > patches from you which don't have a Signed-off-by tag from you. > > > > > > > > > > Could you please give me the permission to add it or send the > > > > > attached > > > > > patch back with them? > > > > > > > > > > Also, could you test this patchset? > > > > > > > > Excited to see the chacha20 work headed to master. > > > > > > > > I gave the patchset some review and testing this afternoon and I've > > > > attached> > > > > > > > > a respin of the patchset that includes: > > > > * fixes for current master pkd: > > > > https://www.libssh.org/archive/libssh/2018-05/0000009.html * the older > > > > chacha20 patches now with my Signed-off > > > > > > > > * a couple of minor adjustments plus fix for the mbedTLS build > > > > > > > > These should apply cleanly on to > > > > 0940b0f29b4fef86e56dffdd13d978f9692b78fc. > > > > > > > > I tested this series with these combinations of pkd: > > > > * Debian Jessie with OpenSSL 1.0.1, libgcrypt20 > > > > * Debian Stretch with OpenSSL 1.1.0, libgcrypt20, mbedTLS > > > > > > > > Please let me know if I can be of any further help or if you'd like to > > > > see any changes to the adjustments I made. I can also send out the > > > > patches > > > > in another format if that would be helpful. > > > > > > Also the pkd test doesn't work on Fedora 26. The reason is the default > > > config. There is: > > > > > > /etc/ssh/ssh_config.d/05-redhat.conf > > > > > > which includes > > > > > > /etc/crypto-policies/back-ends/openssh.config > > > > > > and that files sets: > > > > > > Ciphers aes256-gcm@xxxxxxxxxxx,chacha20-poly1305@xxxxxxxxxxx,aes256- > > > ctr,aes256-cbc,aes128-gcm@xxxxxxxxxxx,aes128-ctr,aes128-cbc > > > MACs hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-128- > > > etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha2-256,hmac- > > > sha1,umac-128@xxxxxxxxxxx,hmac-sha2-512 > > > GSSAPIKexAlgorithms gss-gex-sha1-,gss-group14-sha1- > > > KexAlgorithms curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2- > > > nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie- > > > hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-grou > > > p- > > > exchange-sha1,diffie-hellman-group14-sha1 > > > > > > > > > So you're not allowed to use certain ciphers! > > > > > > > > > So you need to create a ssh config file and use 'ssh -F configfile' > > > which > > > already sets the above to allow all ciphers we want to test. > > > > > > Andreas > > > > Looks like openssh removed support for ssh-dss. At least my openssh 7.7 > > doesn't know about it at all. > > > > I would remove it from libssh after the release of 0.8 together with SSHv1 > > support. > > > > I think we can remove it from pkd already? Comments? > > Same for blowfish_cbc. Ok, the plan is to remove SSHv1, ssh-dss and blowfish-cbc should be optional but turned off by default. pkd should detect the ssh version (ssh -V) and turn off ssh-dss and blowfish- cbc checks if not supported, if we have it compiled it. Maybe the easiest is to run system("ssh -V > /tmp/ssh_versionXXXX); and read with rc = sscanf(str, "OpenSSH_%u.%u", &major, &minor); Could you implement that in pkd? -- Andreas Schneider GPG-ID: CC014E3D www.cryptomilk.org asn@xxxxxxxxxxxxxx
Re: Missing signed-off for pkg chacha20 patches | Jon Simons <jon@xxxxxxxxxxxxx> |
Missing signed-off for pkg chacha20 patches | Andreas Schneider <asn@xxxxxxxxxxxxxx> |
Re: Missing signed-off for pkg chacha20 patches | Andreas Schneider <asn@xxxxxxxxxxxxxx> |
Re: Missing signed-off for pkg chacha20 patches | Andreas Schneider <asn@xxxxxxxxxxxxxx> |