Re: Missing signed-off for pkg chacha20 patches

Wed, 13 Jun 2018 07:35:39 -0700 

On Saturday, 9 June 2018 01:58:57 CEST Jon Simons wrote:
> On 6/8/18 7:09 AM, Andreas Schneider wrote:
> > I'm currently working on chacha20 to merge Aris his work. There are two
> > pkd
> > patches from you which don't have a Signed-off-by tag from you.
> > 
> > Could you please give me the permission to add it or send the attached
> > patch back with them?
> > 
> > Also, could you test this patchset?
> 
> Excited to see the chacha20 work headed to master.
> 
> I gave the patchset some review and testing this afternoon and I've attached
> a respin of the patchset that includes:
> 
>  * fixes for current master pkd:
> https://www.libssh.org/archive/libssh/2018-05/0000009.html * the older
> chacha20 patches now with my Signed-off
>  * a couple of minor adjustments plus fix for the mbedTLS build
> 
> These should apply cleanly on to 0940b0f29b4fef86e56dffdd13d978f9692b78fc.
> 
> I tested this series with these combinations of pkd:
> 
>  * Debian Jessie with OpenSSL 1.0.1, libgcrypt20
>  * Debian Stretch with OpenSSL 1.1.0, libgcrypt20, mbedTLS
> 
> Please let me know if I can be of any further help or if you'd like to
> see any changes to the adjustments I made.  I can also send out the patches
> in another format if that would be helpful.

Also the pkd test doesn't work on Fedora 26. The reason is the default config. 
There is:

/etc/ssh/ssh_config.d/05-redhat.conf

which includes

/etc/crypto-policies/back-ends/openssh.config

and that files sets:

Ciphers aes256-...@openssh.com,chacha20-poly1...@openssh.com,aes256-
ctr,aes256-cbc,aes128-...@openssh.com,aes128-ctr,aes128-cbc                     
                     
MACs hmac-sha2-256-...@openssh.com,hmac-sha1-...@openssh.com,umac-128-
e...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha2-256,hmac-
sha1,umac-...@openssh.com,hmac-sha2-512
GSSAPIKexAlgorithms gss-gex-sha1-,gss-group14-sha1-
KexAlgorithms curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-
nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-
hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-
exchange-sha1,diffie-hellman-group14-sha1


So you're not allowed to use certain ciphers!


So you need to create a ssh config file and use 'ssh -F configfile' which 
already sets the above to allow all ciphers we want to test.


        Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                a...@cryptomilk.org

Reply via email to