Subject: [libssh2] Libgcrypt port update

[libssh2] Libgcrypt port update

From: Simon Josefsson <>
Date: Thu, 18 Jan 2007 12:46:30 +0100

Hi! I have been busy the last few days with libgcrypt porting, and I
thought I'd give you and update on its status.

I have converted all uses of encryption, hashes, RNG, and RSA/DSA
verification to use a "generic" crypto API. What remains are private
key PEM file reading, RSA/DSA signing, and bignum (Diffie-Hellman).
libssh2_priv.h now contains:

#include "libgcrypt.h"
#include "openssl.h"

The files libgcrypt.?/openssl.? contains the implementations of the
generic interface. Right now there is no documentation on the
internal API, but you can see in libgcrypt.h and openssl.h two
examples of how to implement the same API using two different
libraries. Some APIs are done through CPP macros, and some are real C

If you build libssh2 with --with-libgcrypt, you will today get a
library with the following dependencies on OpenSSL:

jas_at_mocca:~/src/libssh2/src$ nm -B .libs/|grep -i -e openssl
         U BN_bin2bn@@OPENSSL_0.9.8
         U BN_bn2bin@@OPENSSL_0.9.8
         U BN_clear_free@@OPENSSL_0.9.8
         U BN_CTX_free@@OPENSSL_0.9.8
         U BN_CTX_new@@OPENSSL_0.9.8
         U BN_mod_exp@@OPENSSL_0.9.8
         U BN_new@@OPENSSL_0.9.8
         U BN_num_bits@@OPENSSL_0.9.8
         U BN_rand@@OPENSSL_0.9.8
         U BN_set_word@@OPENSSL_0.9.8
         U DSA_do_sign@@OPENSSL_0.9.8
         U DSA_SIG_free@@OPENSSL_0.9.8
         U EVP_get_cipherbyname@@OPENSSL_0.9.8
         U OpenSSL_add_all_ciphers@@OPENSSL_0.9.8
         U PEM_read_DSAPrivateKey@@OPENSSL_0.9.8
         U PEM_read_RSAPrivateKey@@OPENSSL_0.9.8
         U RSA_sign@@OPENSSL_0.9.8
         U RSA_size@@OPENSSL_0.9.8
jas_at_mocca:~/src/libssh2/src$ grep -l -i openssl *.{c,h}

I.e., OpenSSL symbols are still used in hostkey.c and kex.c.

Most of the BN_* symbols are used in kex.c, and I should be able to
solve this within a few days (although this part is definitely the
most tricky).

The rest are related to reading private keys from PEM files, and
RSA/DSA signing using those private keys. I can't test signing in
libgcrypt until I can read PEM files without OpenSSL.

I need a break from this now, which might give Sara some time to find
the PEM code, but I'll get back to it next week or so. (Or sooner if
I get bored.. :)).

Let me know if you have any comments or thoughts on the code, my
approach, or whatever.


Take Surveys. Earn Cash. Influence the Future of IT
Join's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
libssh2-devel mailing list
Received on 2007-01-18