Chris Hanson wrote:
> I was wondering if someone who has an understanding of libssh2
> crypto back-end implementation could describe why it needs access
> to the crypto system’s bignum implementation.
The SSH 2 protocol sends "mpint" values in various messages.
See RFC 4251 5. on bottom of page 8 for the wire format.
The ssh-dss public key format is REQUIRED, and ssh-rsa is RECOMMENDED,
by RFC 4253 6.6. on pages 13-14.
Finally, RFC 4253 8. also uses mpint in the DH key exchange. Search
for SSH_MSG_KEXDH_INIT and SSH_MSG_KEXDH_REPLY.
> whether this is actually necessary to implement the SSHv2 protocol
> correctly/securely.
Yes.
> If there’s a real need to expose this for a correct implementation,
> I’d like to file a bug with Apple that contains a detailed
> justification.
Cool. RFC 4251 and 4253 are good references. See also RFC 4419.
//Peter
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2016-11-28