On Fri, Jan 19, 2007 at 05:21:01PM -0300, Alejandro Mery wrote: > Am 2007-01-19 schrieb Rob Landley <[EMAIL PROTECTED]>: > > On Thursday 18 January 2007 10:58 pm, Matt Johnston wrote: > > > > > I'm unlikely to develop my own sftp-server for Dropbear in > > > the near future. > > > > On a related note, how much work would it be to add stunnel support > > to dropbear? (It's an https passthrough filter. Pipe an http > > transaction through it and it's https.) > > > > Are they remotely similar algorithms? I suspect libtomcrypt has most > > of it, but haven't programmed against that directly before... > > libtomcrypt does include these days lot of things dropbear had to > implement (rsa, asn.1,...) .... there was a mail long time ago from a > person who wanted to get a tls library out of dropear.. what happened > with that? that would clean up dropbear a lot and help to have nice > things like a ltc-powered stunnel.
The SSH protocol [1] doesn't involve SSL or TLS, so implementing stunnel (or similar) would be somewhat orthogonal to Dropbear's SSH implementation. Some savings in binary size would be realised since they could share LTC/LTM's underlying cipher/hash/bignum code. There's already MatrixSSL which does SSL/TLS on top of LTC/LTM, though is GPL (or commercial) rather than BSD-style. With regard to using LTC's RSA or ASN.1, the SSH protocol uses PKCS#1 v1.5 for RSA, while LTC only has v2.0 (afaict). ASN.1 is only used by SSH for padding in those RSA signatures, as a static string. Dropbear could potentially use LTC's DSA code, though that would draw in otherwise-unused DER code from LTC (unless the code is modified, making it a bit moot). I haven't heard anything more from people looking at SSL libs from Dropbear, I guess there wasn't any progress? Cheers, Matt [1] http://www.ietf.org/rfc/rfc4253.txt