http://bugzilla.mindrot.org/show_bug.cgi?id=877
------- Additional Comments From markus@openbsd.org 2004-06-08 07:24 -------
How can the user tell that the traffic is still IPsec protected?
IPsec is per packet, and after flushing SAs the connection
might be unprotected. How can SSH tell?
Please show me how much faster none is. here's a patch:
folly% cat dontuse.dif
Index: cipher.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/cipher.c,v
retrieving revision 1.66
diff -u -r1.66 cipher.c
--- cipher.c 10 Nov 2003 16:23:41 -0000 1.66
+++ cipher.c 19 Nov 2003 18:01:04 -0000
@@ -60,11 +60,12 @@
u_int key_len;
const EVP_CIPHER *(*evptype)(void);
} ciphers[] = {
- { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },
+ { "none1", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },
{ "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc },
{ "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des },
{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf },
+ { "none", SSH_CIPHER_SSH2, 8, 0, EVP_enc_null },
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc },
{ "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },
{ "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },
Index: mac.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/mac.c,v
retrieving revision 1.6
diff -u -r1.6 mac.c
--- mac.c 18 Sep 2003 13:02:21 -0000 1.6
+++ mac.c 19 Nov 2003 18:01:04 -0000
@@ -45,6 +45,7 @@
{ "hmac-md5-96", EVP_md5, 96 },
{ "hmac-ripemd160", EVP_ripemd160, 0 },
{ "hmac-ripemd160@openssh.com", EVP_ripemd160, 0 },
+ { "none", EVP_md_null, 0 },
{ NULL, NULL, 0 }
};
folly%
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
------- Additional Comments From markus@openbsd.org 2004-06-08 07:24 -------
How can the user tell that the traffic is still IPsec protected?
IPsec is per packet, and after flushing SAs the connection
might be unprotected. How can SSH tell?
Please show me how much faster none is. here's a patch:
folly% cat dontuse.dif
Index: cipher.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/cipher.c,v
retrieving revision 1.66
diff -u -r1.66 cipher.c
--- cipher.c 10 Nov 2003 16:23:41 -0000 1.66
+++ cipher.c 19 Nov 2003 18:01:04 -0000
@@ -60,11 +60,12 @@
u_int key_len;
const EVP_CIPHER *(*evptype)(void);
} ciphers[] = {
- { "none", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },
+ { "none1", SSH_CIPHER_NONE, 8, 0, EVP_enc_null },
{ "des", SSH_CIPHER_DES, 8, 8, EVP_des_cbc },
{ "3des", SSH_CIPHER_3DES, 8, 16, evp_ssh1_3des },
{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, evp_ssh1_bf },
+ { "none", SSH_CIPHER_SSH2, 8, 0, EVP_enc_null },
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, EVP_des_ede3_cbc },
{ "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_bf_cbc },
{ "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, EVP_cast5_cbc },
Index: mac.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/mac.c,v
retrieving revision 1.6
diff -u -r1.6 mac.c
--- mac.c 18 Sep 2003 13:02:21 -0000 1.6
+++ mac.c 19 Nov 2003 18:01:04 -0000
@@ -45,6 +45,7 @@
{ "hmac-md5-96", EVP_md5, 96 },
{ "hmac-ripemd160", EVP_ripemd160, 0 },
{ "hmac-ripemd160@openssh.com", EVP_ripemd160, 0 },
+ { "none", EVP_md_null, 0 },
{ NULL, NULL, 0 }
};
folly%
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.