Re: [openssl-dev] Dynamically adding a NID
On Sun, Jul 02, 2017, Salz, Rich via openssl-dev wrote: > > I tried using OBJ_create() with NULL or an empty string for the OID, but > > currently it checks that the given OID is actually a valid one. Is there > > any workaround to avoid this other than issuing my own OID? > > No. Just get an OID ARC, such as from the IETF Enterprise MIB [it's free] > and throw it away. If you create object without an OID it stops it being encoded or decoded as an ASN1_OBJECT: this is sometimes useful. Unfortunately there is currently no way to do this with OBJ_create(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Dynamically adding a NID
> I tried using OBJ_create() with NULL or an empty string for the OID, but > currently it checks that the given OID is actually a valid one. Is there any > workaround to avoid this other than issuing my own OID? No. Just get an OID ARC, such as from the IETF Enterprise MIB [it's free] and throw it away. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Dynamically adding a NID
> > What do you want to do with the NID? Does it need to have a valid short > name > and/or long name associated with it (so OBJ_sn2nid etc work) but no valid > OID > or do you just need a NID value? > > You're right that currently OBJ_create() needs a valid OID passed to it: > you > can't pass a NULL to create an "OIDless NID" as you can by editing > objects.txt. > > Yes, that is exactly what I'm trying to achieve, an "OIDless OBJ", with NID, shortname and long name associated, but I would need to do that without editing objects.txt (requiring patching and recompilation for anyone willing to use my engine). I tried using OBJ_create() with NULL or an empty string for the OID, but currently it checks that the given OID is actually a valid one. Is there any workaround to avoid this other than issuing my own OID? Thanks, Nicola Tuveri -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Dynamically adding a NID
On Mon, Jun 26, 2017, Nicola Tuveri wrote: > Hi, > > I'm working on ENGINE development, and I have the need to add an NID for a > custom message digest, and eventually for ciphers and PKEY methods. > Some of the associated object don't (and won't ever) have an associated > OID, but I need to add them dynamically to avoid requiring patches to the > upstream OpenSSL code before being able to use my engine. > > I'm currently (ab)using OBJ_create() [0], but it looks like it requires to > specify a valid OID. > I know it is possible to have NIDs associated with objects without OID > (e.g. NID_siphash) when they are statically defined in OpenSSL source code, > but I cannot find a way to declare similar objects without OID dynamically. > > Before 1.1.0, when structures weren't opaque, I could manipulate the > contents of the created object directly and somehow work around this > limitation, but in 1.1.0 this is not possible. > > Does anyone know of the right way to dynamically create an NID associated > with an object without OID? > What do you want to do with the NID? Does it need to have a valid short name and/or long name associated with it (so OBJ_sn2nid etc work) but no valid OID or do you just need a NID value? You're right that currently OBJ_create() needs a valid OID passed to it: you can't pass a NULL to create an "OIDless NID" as you can by editing objects.txt. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] Dynamically adding a NID
You can get an OID arc of your own for free. And then you can use real OID’s which you just “throw away” See https://en.wikipedia.org/wiki/Private_Enterprise_Number -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
[openssl-dev] Dynamically adding a NID
Hi, I'm working on ENGINE development, and I have the need to add an NID for a custom message digest, and eventually for ciphers and PKEY methods. Some of the associated object don't (and won't ever) have an associated OID, but I need to add them dynamically to avoid requiring patches to the upstream OpenSSL code before being able to use my engine. I'm currently (ab)using OBJ_create() [0], but it looks like it requires to specify a valid OID. I know it is possible to have NIDs associated with objects without OID (e.g. NID_siphash) when they are statically defined in OpenSSL source code, but I cannot find a way to declare similar objects without OID dynamically. Before 1.1.0, when structures weren't opaque, I could manipulate the contents of the created object directly and somehow work around this limitation, but in 1.1.0 this is not possible. Does anyone know of the right way to dynamically create an NID associated with an object without OID? Thanks. Nicola [0] : https://github.com/openssl/openssl/blob/master/include/ope nssl/objects.h#L157 -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
