On Tue, 5 Jan 2016, Bostjan Skufca wrote: > (I did not look at the code yet, begging forgiveness:) > > How well structured is OpenSSH if one would want to use alternative SSL > implementation? Or, if I rephrase the question - how married is OpenSSH to > OpenSSL? > > Would it make sense to refactor (if it is not done yet) openssh to use > generic API for communicating with any SSL implementation? Or is the > general stance on this subject "the new SSL implementation should provide > openssl-compatible API to be usable with openssh"? > > I have no interest in any side of the argument, just curious. We're happy to factor out the openssl API, and I've started doing so: https://github.com/djmdjm/openssh-openbsd/tree/openssl-wrap This is doing some of the harder parts first: DH and BIGNUM, though the latter only in KEX. I'd like to wrap all BIGNUM use eventually though. Replacing symmetric ciphers and MACs are considerably easier, since most use of them is via cipher.h and digest.h APIs. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
