Alternate Open Source Crypto Solution in OpenSSH
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jan 5 14:10:51 AEDT 2016
On Mon 2016-01-04 20:35:05 -0500, Bostjan Skufca wrote:
> Would it make sense to refactor (if it is not done yet) openssh to use
> generic API for communicating with any SSL implementation? Or is the
> general stance on this subject "the new SSL implementation should provide
> openssl-compatible API to be usable with openssh"?
OpenSSH doesn't use any of the "SSL" (or TLS) features of OpenSSL. It
just uses it for its library of cryptoprimitives. There have been
several mentions of possibly swapping out crypto libraries in the past
(a few in the last few months iirc), but it is currently not designed
with such a platform-independent crypto-primitive API in mind.
Damien, you said you're uninterested in linking to a GPL library -- is
OpenSSH policy the same for LGPL libraries as well? (i'm thinking of
nettle, which is licensed LGPL-2.1+, and has a very nice API for
cryptoprimitives)
--dkg
More information about the openssh-unix-dev
mailing list