OpenSSL 1.1 support status : what next?
George M. Garner Jr.
ggarner_online at gmgsystemsinc.com
Mon Jun 26 09:47:28 AEST 2017
Emmanuel,
The task becomes an "XKCD problem" only because you define the problem
in terms of support for every conceivable crypto library. In practice
there are only libraries a few in common use with SSH (e.g. openssl,
libressl). If you define the task in terms of providing an abstraction
that is able to support these common crypto libraries (with some measure
of forward compatiblity) the task becomes more manageable. In most
cases a crypto api function can be defined in terms of an opaque state
variable, a state type variable, input, input size, output, output size
and a return value.
Any thing would be better than having #ifdef's scattered throughout the
code.
Regards,
George.
More information about the openssh-unix-dev
mailing list