Hello everybody, I am working on a project trying to port openSSH and have noticed that some of the components rely on SSL which is a pretty big program as well. Is there any way to just rip out certain modules from SSL to get openSSH to work with out porting all of the SSL components, and if so what are the only SSL modules I need to get SSH to work properly. Any help will be greatly appreciated. Thank you, Joey _________________________________________________________________ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
On Thu, Jul 10, 2003 at 09:31:03PM +0000, Joey Doughly wrote:> Hello everybody, > I am working on a project trying to port openSSH and have noticed that some > of the components rely on SSL which is a pretty big program as well. Is > there any way to just rip out certain modules from SSL to get openSSH to > work with out porting all of the SSL components, and if so what are the > only SSL modules I need to get SSH to work properly. Any help will beyou need bignum, rsa, dh and a at least 3des from libcrypto. you don't need libssl at all.
Joey Doughly wrote:> Hello everybody, > I am working on a project trying to port openSSH and have noticed that some > of the components rely on SSL which is a pretty big program as well. Is > there any way to just rip out certain modules from SSL to get openSSH to > work with out porting all of the SSL components, and if so what are the only > SSL modules I need to get SSH to work properly. Any help will be greatly > appreciated.OpenSSH depends on the libcrypto component of OpenSSL only and it certainly doesn't use all of the functionality it provides. You could start by not installing libssl and turning off unused ciphers in libcrypto. Alternately, you could statically link the OpenSSH binaries. This would make them larger, but they would only include the object files from libcrypto that were used. -d
Joey Doughly wrote:> Hello everybody, > I am working on a project trying to port openSSH and have noticed that > some of the components rely on SSL which is a pretty big program as > well. Is there any way to just rip out certain modules from SSL to > get openSSH to work with out porting all of the SSL components, and if > so what are the only SSL modules I need to get SSH to work properly. > Any help will be greatly appreciated.Libtomcrypt provides an _extremely_ portable interface to everything you're looking for. I'd argue we should use it, but I think the benefit of access to OpenSSL acceleration exceeds the cost of slightly limited portability and vulnerability to OpenSSL exploits. http://www.libtomcrypt.org --Dan