[openssl-users] Adding EVP cipher into SSL library
Hello, Can anyone give some insight on how to implement a new EVP symmetric cipher into the SSL library? I have the cipher integrated into the EVP and tested as working. I know it's old but I followed AES's integration from this commit: https://github.com/openssl/openssl/commit/deb2c1a1c58fb738b3216b663212572170de8183 Does anyone know of a more updated commit for a symmetric cipher I could follow? When debugging a client/server test program I receive the following error client side: SSL routines:ssl_cipher_list_to_bytes:no ciphers available:ssl/statem/statem_clnt.c:3564: This leads me to believe I'm missing a crucial step somewhere for the SSL library to find my EVP instance? Best, Rob Schmicker P.S. I have done the following so far: Added defines in include/openssl/tls1.h: # define TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA3840x03001306 # define TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384 "ECDHE-ECDSA-MYCHIPHER-SHA384" Added a define in include/openssl/ssl.h: # define SSL_TXT_MYCIPHER "MYCIPHER" Integrated into ssl/s3_lib.c: static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384, SSL_kECDHE, SSL_aECDSA, SSL_MYCIPHER, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 64, 64, }, Added the binary representation in ssl/ssl_locl.h: # define SSL_MYCIPHER 0x0010U Integrated into ssl/ssl_ciph.c: #define SSL_ENC_CHACHA_IDX 19 #define SSL_ENC_MYCIPHER 20 #define SSL_ENC_NUM_IDX 21 /* Table of NIDs for each cipher */ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_MYCIPHER, NID_MYCIPHER}, static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_MYCIPHER, 0, 0, 0, SSL_MYCIPHER}, Added the loading of the cipher into ssl/ssl_init.c: DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) { #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); #endif EVP_add_cipher(EVP_mycipher()); #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); #endif -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] openssl-compat patch for OpenSSL 1.0.2 and below?
I was looking at Kurt Roeckx 's patches for OpenSSH at https://github.com/openssh/openssh-portable/pull/48/files. See libcrypto-compat.h and libcrypto-compat.c. Are the source files distributed by OpenSSL? If so, where is the download? If not, can the OpenSSL project consider adding them. They are very useful for managing projects that depend on older and newer OpenSSL libraries. OpenSSL taking on the responsibility would help ensure consistency and quality. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Adding EVP cipher into SSL library
This more recent PR adds a symmetric cipher to libcrypto: https://github.com/openssl/openssl/pull/2337 It doesn't include TLS support however. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -Original Message- From: Schmicker, Robert [mailto:rsc...@unh.newhaven.edu] Sent: Monday, 3 April 2017 2:19 AM To: openssl-users@openssl.org Subject: [openssl-users] Adding EVP cipher into SSL library Hello, Can anyone give some insight on how to implement a new EVP symmetric cipher into the SSL library? I have the cipher integrated into the EVP and tested as working. I know it's old but I followed AES's integration from this commit: https://github.com/openssl/openssl/commit/deb2c1a1c58fb738b3216b663212572170de8183 Does anyone know of a more updated commit for a symmetric cipher I could follow? When debugging a client/server test program I receive the following error client side: SSL routines:ssl_cipher_list_to_bytes:no ciphers available:ssl/statem/statem_clnt.c:3564: This leads me to believe I'm missing a crucial step somewhere for the SSL library to find my EVP instance? Best, Rob Schmicker P.S. I have done the following so far: Added defines in include/openssl/tls1.h: # define TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA3840x03001306 # define TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384 "ECDHE-ECDSA-MYCHIPHER-SHA384" Added a define in include/openssl/ssl.h: # define SSL_TXT_MYCIPHER "MYCIPHER" Integrated into ssl/s3_lib.c: static SSL_CIPHER ssl3_ciphers[] = { { 1, TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384, SSL_kECDHE, SSL_aECDSA, SSL_MYCIPHER, SSL_AEAD, TLS1_2_VERSION, TLS1_2_VERSION, DTLS1_2_VERSION, DTLS1_2_VERSION, SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 64, 64, }, Added the binary representation in ssl/ssl_locl.h: # define SSL_MYCIPHER 0x0010U Integrated into ssl/ssl_ciph.c: #define SSL_ENC_CHACHA_IDX 19 #define SSL_ENC_MYCIPHER 20 #define SSL_ENC_NUM_IDX 21 /* Table of NIDs for each cipher */ static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = { {SSL_MYCIPHER, NID_MYCIPHER}, static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_MYCIPHER, 0, 0, 0, SSL_MYCIPHER}, Added the loading of the cipher into ssl/ssl_init.c: DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) { #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: " "Adding SSL ciphers and digests\n"); #endif EVP_add_cipher(EVP_mycipher()); #ifndef OPENSSL_NO_DES EVP_add_cipher(EVP_des_cbc()); EVP_add_cipher(EVP_des_ede3_cbc()); #endif -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users