Re: Alternate Open Source Crypto Solution in OpenSSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, 5 Jan 2016, Bostjan Skufca wrote:

> (I did not look at the code yet, begging forgiveness:)
> 
> How well structured is OpenSSH if one would want to use alternative SSL
> implementation? Or, if I rephrase the question - how married is OpenSSH to
> OpenSSL?
> 
> Would it make sense to refactor (if it is not done yet) openssh to use
> generic API for communicating with any SSL implementation? Or is the
> general stance on this subject "the new SSL implementation should provide
> openssl-compatible API to be usable with openssh"?
> 
> I have no interest in any side of the argument, just curious.

We're happy to factor out the openssl API, and I've started doing so:

https://github.com/djmdjm/openssh-openbsd/tree/openssl-wrap

This is doing some of the harder parts first: DH and BIGNUM, though
the latter only in KEX. I'd like to wrap all BIGNUM use eventually
though.

Replacing symmetric ciphers and MACs are considerably easier, since
most use of them is via cipher.h and digest.h APIs.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux