On Sun, Oct 17, 2004, Richard Levitte - VMS Whacker wrote: > In message <[EMAIL PROTECTED]> on Sun, 17 Oct 2004 14:07:20 +0200, "Dr. Stephen > Henson" <[EMAIL PROTECTED]> said: > > steve> On Sun, Oct 17, 2004, Ng Pheng Siong wrote: > steve> > steve> > On Sat, Oct 16, 2004 at 02:32:54PM +0000, Paolo Serra wrote: > steve> > > crytpo/objects/obj_dat.num > steve> > > crypto/objects/objects.txt > steve> > > steve> > Did you modify these two files to give your new ciphers names/ids? In > steve> > 0.9.7d the numbers run sequentially and the last number is ms_upn == 649. > steve> > Just pick some numbers for yours, e.g., I have, > steve> > > steve> > aes_128_ctr128 900 > steve> > aes_192_ctr128 901 > steve> > aes_256_ctr128 902 > steve> > > steve> > (So please don't choose those numbers for your AES-CCM. ;-) > steve> > > steve> > Speaking of which, who's playing IANA for OpenSSL? At the least, we should > steve> > decide on a range of "private" numbers a la RFC 1918. > steve> > > steve> > steve> That isn't advisable. You should instead dynamically create some NIDs using > steve> OBJ_create() preferably using the registered OID value for the algorithm. > > Uhmm, Steve, he's talking about adding code to OpenSSL, and if I > understand correctly, he will send a patch to us when it's done. In > such a case, I disagree with you, and think he should make additions > to crypto/objects/objects.txt. >
The OP is talking about that though I'm not sure if he'll send us a patch. If he is then I'd agree that adding the OIDs to objects.txt is the way to go. There's a second case (which I think this specific reply refers to) where local changes to OpenSSL are being made and this also applies to applications which need NIDs for their own purposes (independently of OpenSSL assignment). In that case adding objects to objects.txt can produce conflicts with our assignment or ASN1 OID issues. In that case calling OBJ_create() and handling the returned NID appropriately will avoid such problems. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
