Without OpenSSL?

Daniel Cegiełka daniel.cegielka at gmail.com
Fri Mar 7 07:32:35 EST 2014


2014-03-06 21:00 GMT+01:00 Iain Morgan <imorgan at nas.nasa.gov>:
> On Thu, Mar 06, 2014 at 19:39:33 +0000, Scott Neugroschl wrote:
>> Quoth Iain:
>> >I'm not sure if the work being done to allow OpenSSH to be built without OpenSSL includes SHA-1 support.
>>
>> Hi Iain.  I haven't heard of this effort before.  Can you give a few more details?
>>
>> Thanks,
>>
>> ScottN
>>
>
> Well, I'm not in a position to give any authoritative information, but
> here is what I know: With the addition of curve25519, ed25519, and
> chacha20+poly1305, the developers have commented about the possibility
> of building an RFC non-compliant OpenSSH without OpenSSL.
>
> If you search through the mailing list archive, I believe you chould see
> some references to this. There are also commtnes in the CVS commits
> regarding this. And, I believe Damien mentioned about this in his
> interview on bsdnow.tv.
>
> In one of the CVS commits, I noticed that there is support for falling
> back on libc for digest support when building without OpenSSL, but I
> don't recall if this is both MD5 and SHA1 or not.
>
> --
> Iain Morgan

Hi Iain,
sha1 and md5 are not used in nacl. You need only sha256 or sha512, eg:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/hash.c?rev=1.3;content-type=text%2Fplain

Best regards,
Daniel


> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list