[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: libssh - SSH and SCP library

On Sun, Jul 10, 2005 at 02:04:32PM +0900, Junichi Uekawa wrote :
> > > > That said, I think too we should favor libgcrypt, because it has a
> > > > lighter security record.
> > > 
> > >   I mailed him about that and SONAME versionning.
> > 
> > I got his reply. As Junichi thought, he doesn't know about SONAME
> > versionning. I pointed to him chapter 6 of the libtool manual.
> > He said he's only using "basic cryptographic stuff from libcrypto,
> > which are less likely to have security problems." As he has been
> > approved by google's "Summer of Code", the next two months' work will
> > only be functionnality adds. Changing cryptographic library is not a
> > priority, but at queue of the TODO.
> You could do that kind of dirty work for him;

I've started doing it. It's a bit difficult since I knew nothing about
cryptography, but it's nearly finished. The main problem is that
upstream use libcrypto functions for reading DSA and RSA private key
files that have no equivalent in libgcrypt. I've started to look
libcrypto source to see how they work, but it seems complicated. Should
I try to understand libcrypto code and adapt it to libssh?


Jean-Philippe Garcia Ballester

Attachment: signature.asc
Description: Digital signature

Reply to: