Various new cipher registration questions

Fri, 27 Apr 2007 10:42:21 -0700 

Hello,

I'm developing an engine to support hardware acceleration of a number
of different block ciphers, some of which OpenSSL does not (yet) have
native support for (e.g. AES 128 CTR, TEA, etc).

One of the problems I'm trying to solve is registering these new
ciphers with OpenSSL.  My understanding, reading snippets of -dev
and the source code, is that I must create a new nid using
OBJ_create(), and then use EVP_add_cipher() with the resulting
NID.  Then I'll add the cipher to the list made available by the
function I register with ENGINE_set_ciphers().

Does that sound correct?

If so, is there a standard naming scheme to pass for the oid and
sn arguments to OBJ_create()?  I'd like, if possible, to end up
with the same names that OpenSSL would use, if these ciphers are
ever supported in the mainline OpenSSL software.

Second, I'd like to make this cipher registration as robust as
possible given that future versions of OpenSSL may have native
support for these ciphers.  Do you see any problems with the
following pseudo-code (lack of error handling aside)?

        if (NULL == EVP_get_cipherbyname(cipher_name)) {
                nid = OBJ_create(cipher_oid, cipher_sn, cipher_ln);
                EVP_add_cipher(new_cipher);
        }

This would, hopefully, allow run-time detection of the built-in ciphers,
and install the new cipher if it is not built-in.  EVP_get_cipherbyname()
doesn't take any functional/structural references that I need to free,
does it?  (I don't think so, as I can't find any release functions.)

Finally, is there a clear illustration of what sort of information
I need to add with regards to ASN.1 and the newly registered cipher?
I've looked through the code, Wikipedia, and done some Google searches,
and think I understand the general concept, but not exactly what I'm
expected to provide within an OpenSSL engine.

Thanks,
Brent Casavant

-- 
Brent Casavant                          All music is folk music.  I ain't
[EMAIL PROTECTED]                        never heard a horse sing a song.
Silicon Graphics, Inc.                    -- Louis Armstrong
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to