Page MenuHomePhabricator

Consider libsodium as an alternative to nacl
Open, Needs TriagePublic


Currently libssh is built without nacl in Ubuntu. A request has been made to add nacl to the list of supported packages so the option can be turned on in libssh

but it has been pointed out that Ubuntu already support libsodium which has a compatible API and seems better maintained. Would upstream be open to allow building with libsodium as an alternative?

Event Timeline

seb128 created this task.Mon, Jun 29, 10:25 AM
Jakuje added a subscriber: Jakuje.Tue, Jun 30, 12:54 PM

I do not think nacl is used for anything at this moment when libssh is built against current openssl, which already supports X25519 curve for all we need. At least in Fedora, nacl is not listed as dependency of libssh at all.

When nacl is not found (and old openssl or lobgcrypt/mbedtls is used), the local implementation (copied from nacl?) is used for x25519 implementation to have matching support. If libsodium has compatible api, adding support for it in libssh should be only about adjusting the CMake check to check also for libsodium + adding a CI target to verify functionality, which should be pretty easy task to do.

Feel free to submit merge request on Gitlab:

@Jakuje thanks for your reply and the details, the build system doesn't really make clear than nacl is not needed when building with openssl. In regard of your explanation I don't think adding libsodium as yet another alternative is really needed so feel free to close the request. I've submitted a request to Debian now also to stop pulling nacl in their build