Subject: libssh2 crypto back-ends: need for bignum access

libssh2 crypto back-ends: need for bignum access

From: Chris Hanson <>
Date: Sun, 27 Nov 2016 16:37:56 -0800

I was wondering if someone who has an understanding of libssh2 crypto back-end implementation could describe why it needs access to the crypto system’s bignum implementation. What I’d like to know specifically is whether this just an implementation artifact (i.e. just how libssh2 happened to be written) or whether this is actually necessary to implement the SSHv2 protocol correctly/securely.

What am I really trying to do? Right now there’s no back-end that can use CommonCrypto on Darwin-based platforms without using internals, because CommonCrypto doesn’t expose its bignum implementation as public API. If there’s a real need to expose this for a correct implementation, I’d like to file a bug with Apple that contains a detailed justification. If there’s not a real need for it, then I might look into what’s needed to wire CommonCrypto up without using its bignum implementation.

  -- Chris

Received on 2016-11-28