Call for testing: OpenSSH 8.5

Dmitry Belyavskiy dbelyavs at redhat.com
Fri Feb 26 19:19:08 AEDT 2021


Dear Damien

On Thu, Feb 25, 2021 at 11:17 PM Damien Miller <djm at mindrot.org> wrote:

> On Fri, 26 Feb 2021, Darren Tucker wrote:
>
> > On Fri, 26 Feb 2021 at 01:21, Dmitry Belyavskiy <dbelyavs at redhat.com>
> wrote:
> > > If the proposed Edwards solution (
> https://github.com/openssh/openssh-portable/pull/230) is not too big, I'd
> like to clean it up and get it added.
> >
> > I'll defer to Damien but to me that looks too big to go in this late
> > in the release cycle.
>
> yes, it's too late in the cycle for this.


Pity but understandable.


> We also don't have any
> hardware to test it against - experience has made me reticent to ship
> anything to do with PKCS#11 that we can test against only a single
> software implementation.
>

Even more pity, but even more understandable.

>
> A bigger problem however is libcrypto compatibility. The last time I
> checked, libressl lacks the EVP_PKEY functionality for ED25519 keys.
> They were considering it then, but I'll have to check back and see
> what the status is.
>

I've added linking-time detection for the  EVP_PKEY functionality for
ED25519 keys.
We will not be able to work with keys from X509 certificates but it seems
the only limitation.

Many thanks anyway!

-- 
Dmitry Belyavskiy


More information about the openssh-unix-dev mailing list