[openssl-users] Adding EVP cipher into SSL library
Hello,
Can anyone give some insight on how to implement a new EVP symmetric
cipher into the SSL library? I have the cipher integrated into the EVP
and tested as working.
I know it's old but I followed AES's integration from this commit:
https://github.com/openssl/openssl/commit/deb2c1a1c58fb738b3216b663212572170de8183
Does anyone know of a more updated commit for a symmetric cipher I could
follow?
When debugging a client/server test program I receive the following
error client side:
SSL routines:ssl_cipher_list_to_bytes:no ciphers
available:ssl/statem/statem_clnt.c:3564:
This leads me to believe I'm missing a crucial step somewhere for the
SSL library to find my EVP instance?
Best,
Rob Schmicker
P.S. I have done the following so far:
Added defines in include/openssl/tls1.h:
# define TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA3840x03001306
# define TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384
"ECDHE-ECDSA-MYCHIPHER-SHA384"
Added a define in include/openssl/ssl.h:
# define SSL_TXT_MYCIPHER "MYCIPHER"
Integrated into ssl/s3_lib.c:
static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
SSL_kECDHE,
SSL_aECDSA,
SSL_MYCIPHER,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
64,
64,
},
Added the binary representation in ssl/ssl_locl.h:
# define SSL_MYCIPHER 0x0010U
Integrated into ssl/ssl_ciph.c:
#define SSL_ENC_CHACHA_IDX 19
#define SSL_ENC_MYCIPHER 20
#define SSL_ENC_NUM_IDX 21
/* Table of NIDs for each cipher */
static const ssl_cipher_table
ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
{SSL_MYCIPHER, NID_MYCIPHER},
static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_MYCIPHER, 0, 0, 0, SSL_MYCIPHER},
Added the loading of the cipher into ssl/ssl_init.c:
DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
{
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
#endif
EVP_add_cipher(EVP_mycipher());
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] openssl-compat patch for OpenSSL 1.0.2 and below?
I was looking at Kurt Roeckx 's patches for OpenSSH at https://github.com/openssh/openssh-portable/pull/48/files. See libcrypto-compat.h and libcrypto-compat.c. Are the source files distributed by OpenSSL? If so, where is the download? If not, can the OpenSSL project consider adding them. They are very useful for managing projects that depend on older and newer OpenSSL libraries. OpenSSL taking on the responsibility would help ensure consistency and quality. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Adding EVP cipher into SSL library
This more recent PR adds a symmetric cipher to libcrypto:
https://github.com/openssl/openssl/pull/2337
It doesn't include TLS support however.
Pauli
--
Oracle
Dr Paul Dale | Cryptographer | Network Security & Encryption
Phone +61 7 3031 7217
Oracle Australia
-Original Message-
From: Schmicker, Robert [mailto:rsc...@unh.newhaven.edu]
Sent: Monday, 3 April 2017 2:19 AM
To: openssl-users@openssl.org
Subject: [openssl-users] Adding EVP cipher into SSL library
Hello,
Can anyone give some insight on how to implement a new EVP symmetric cipher
into the SSL library? I have the cipher integrated into the EVP and tested as
working.
I know it's old but I followed AES's integration from this commit:
https://github.com/openssl/openssl/commit/deb2c1a1c58fb738b3216b663212572170de8183
Does anyone know of a more updated commit for a symmetric cipher I could follow?
When debugging a client/server test program I receive the following error
client side:
SSL routines:ssl_cipher_list_to_bytes:no ciphers
available:ssl/statem/statem_clnt.c:3564:
This leads me to believe I'm missing a crucial step somewhere for the SSL
library to find my EVP instance?
Best,
Rob Schmicker
P.S. I have done the following so far:
Added defines in include/openssl/tls1.h:
# define TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA3840x03001306
# define TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384
"ECDHE-ECDSA-MYCHIPHER-SHA384"
Added a define in include/openssl/ssl.h:
# define SSL_TXT_MYCIPHER "MYCIPHER"
Integrated into ssl/s3_lib.c:
static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
SSL_kECDHE,
SSL_aECDSA,
SSL_MYCIPHER,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
64,
64,
},
Added the binary representation in ssl/ssl_locl.h:
# define SSL_MYCIPHER 0x0010U
Integrated into ssl/ssl_ciph.c:
#define SSL_ENC_CHACHA_IDX 19
#define SSL_ENC_MYCIPHER 20
#define SSL_ENC_NUM_IDX 21
/* Table of NIDs for each cipher */
static const ssl_cipher_table
ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
{SSL_MYCIPHER, NID_MYCIPHER},
static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_MYCIPHER, 0, 0, 0, SSL_MYCIPHER},
Added the loading of the cipher into ssl/ssl_init.c:
DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
{
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
#endif
EVP_add_cipher(EVP_mycipher());
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
