Subject: Re: [libssh2] Remove OPENSSL_NO_SHA ifdef's?

Re: [libssh2] Remove OPENSSL_NO_SHA ifdef's?

From: Sara Golemon <pollita_at_libssh2.org>
Date: Mon, 15 Jan 2007 09:57:52 -0800

> Btw, is it ok to install my libgcrypt patches? If you'd like more
> time to review them, how about if I install it on a branch? That
> creates more work eventually, when the branch has to be merged with
> HEAD, but it will makes things easier for me and Daniel to test things
> with curl.
>
Knock yourself out. I'm still under a gun with work, but I can see
light at the end of the tunnel. Btw- I've been idling in #curl (as well
as #libssh2) lately if you feel the need to poke me in real time.
(Freenode for anyone who's not sure where those channels are).

> I was thinking about such an approach as well... the things that are
> missing above seem to be random number generation, RSA/DSA signing,
> and PEM-file reading. Libgcrypt does not contain PEM-file reading, so
> I will likely be implementing something like that in libgcrypt.c in
> libssh2 for that. For other projects, I have been using
> /dev/{u,}random as RNG, but seeing some research on the quality of
> various OS RNG's (including Linux), I'm not sure it is a good idea.
>
Yeah, Random number generation is a pita, but from what I can tell,
others don't seem to do much more than that. Mixing in some other
psuedo-random source might help the excess entropy there..

As for PEM reading, I slammed my head through a wall with that subject a
year or so ago and have some decent parsers available. I'll look at
pushing these some point after the dust settles on your gcrypt work.

> Sure, what I meant was that if someone adds SHA-2 to the protocol, or
> just want to experiment with it. It probably won't take long until
> someone writes an IETF draft about that...
>
Sounds like fun ;) I may have to resubscribe to the secsh mailing list.

-Sara

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2007-01-15