Peter Stuge <peter_at_stuge.se> writes:
> libssh2_at_git.stuge.se wrote:
>> +void
>> +libssh2_md5(const unsigned char *message, unsigned long len,
>> + unsigned char *out)
>> +{
>> + EVP_MD_CTX ctx;
>> +
>> + EVP_DigestInit(&ctx, EVP_get_digestbyname("md5"));
>> + EVP_DigestUpdate(&ctx, message, len);
>> + EVP_DigestFinal(&ctx, out, NULL);
>> +}
>
> Guys, MD5 is not required for SSH so it MUST NOT be required for
> libssh2!
How does the patch change anything compared to before? That function is
not used if md5 support is disabled.
We can wrap the libssh2_md5 function in a '#if !LIBSSH2_MD5' if you
want? It won't change anything as far as I can tell though.
If the patch DID change anything in libssh2's behaviour, I'd like to
understand what, because then I have misunderstood some logic in how the
code worked.
> I'm quite annoyed with some of these changes from Lars that have been
> committed in a hurry.
>
> Don't get me wrong - we must make libssh2 work also for Lars, but we
> should remember that his requirements seem to be fairly specialized
> and I do not think it is acceptable for libssh2 to be optimized for,
> or assume, such situations.
I agree fully. Any such change is accidental. Libssh2 should be a
standards-compliant implementation, and it should ideally warn the user
if she tries to build it in any other way.
/Simon
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2010-03-21