[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Missing signed-off for pkg chacha20 patches


On Wednesday, 13 June 2018 16:35:16 CEST Andreas Schneider wrote:
> On Saturday, 9 June 2018 01:58:57 CEST Jon Simons wrote:
> > On 6/8/18 7:09 AM, Andreas Schneider wrote:
> > > I'm currently working on chacha20 to merge Aris his work. There are two
> > > pkd
> > > patches from you which don't have a Signed-off-by tag from you.
> > > 
> > > Could you please give me the permission to add it or send the attached
> > > patch back with them?
> > > 
> > > Also, could you test this patchset?
> > 
> > Excited to see the chacha20 work headed to master.
> > 
> > I gave the patchset some review and testing this afternoon and I've
> > attached> 
> > a respin of the patchset that includes:
> >  * fixes for current master pkd:
> > https://www.libssh.org/archive/libssh/2018-05/0000009.html * the older
> > chacha20 patches now with my Signed-off
> > 
> >  * a couple of minor adjustments plus fix for the mbedTLS build
> > 
> > These should apply cleanly on to 0940b0f29b4fef86e56dffdd13d978f9692b78fc.
> > 
> > I tested this series with these combinations of pkd:
> >  * Debian Jessie with OpenSSL 1.0.1, libgcrypt20
> >  * Debian Stretch with OpenSSL 1.1.0, libgcrypt20, mbedTLS
> > 
> > Please let me know if I can be of any further help or if you'd like to
> > see any changes to the adjustments I made.  I can also send out the
> > patches
> > in another format if that would be helpful.
> 
> Also the pkd test doesn't work on Fedora 26. The reason is the default
> config. There is:
> 
> /etc/ssh/ssh_config.d/05-redhat.conf
> 
> which includes
> 
> /etc/crypto-policies/back-ends/openssh.config
> 
> and that files sets:
> 
> Ciphers aes256-gcm@xxxxxxxxxxx,chacha20-poly1305@xxxxxxxxxxx,aes256-
> ctr,aes256-cbc,aes128-gcm@xxxxxxxxxxx,aes128-ctr,aes128-cbc
> MACs hmac-sha2-256-etm@xxxxxxxxxxx,hmac-sha1-etm@xxxxxxxxxxx,umac-128-
> etm@xxxxxxxxxxx,hmac-sha2-512-etm@xxxxxxxxxxx,hmac-sha2-256,hmac-
> sha1,umac-128@xxxxxxxxxxx,hmac-sha2-512
> GSSAPIKexAlgorithms gss-gex-sha1-,gss-group14-sha1-
> KexAlgorithms curve25519-sha256@xxxxxxxxxx,ecdh-sha2-nistp256,ecdh-sha2-
> nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-
> hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-
> exchange-sha1,diffie-hellman-group14-sha1
> 
> 
> So you're not allowed to use certain ciphers!
> 
> 
> So you need to create a ssh config file and use 'ssh -F configfile' which
> already sets the above to allow all ciphers we want to test.
> 
> 
> 	Andreas


Looks like openssh removed support for ssh-dss. At least my openssh 7.7 
doesn't know about it at all.

I would remove it from libssh after the release of 0.8 together with SSHv1 
support.

I think we can remove it from pkd already? Comments?

-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx



References:
Missing signed-off for pkg chacha20 patchesAndreas Schneider <asn@xxxxxxxxxxxxxx>
Re: Missing signed-off for pkg chacha20 patchesJon Simons <jon@xxxxxxxxxxxxx>
Re: Missing signed-off for pkg chacha20 patchesAndreas Schneider <asn@xxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org