Richard Dykiel wrote:
>
> Thanks.
> Assuming I'd undertake this endeavor:
>
> 1- would this be of any interest for openssl?
Yes. Well me at least. The encryption side is fairly easy and I've got
some code that does most of it: basically prototype code that can
convert a stream of data of indeterminate length into an indefinite
length constructed OCTET STRING on the fly.
I may be able to merge this into the next release, time permitting.
> 2- if yes, would some openssl developer assist in the design? I can do the
> coding, but I'm new on openssl and the modifications require knowledge of
> BIO & ASN1 internals: I'd need some hints to design properly and take the
> right implementation choices.
>
Re the decryption side.
Doing this would require considerable knowledge of OpenSSL. In fact I'm
not even sure this can be done cleanly without making ***HUGE***
modifications to the way it handles ASN1.
In fact it would probably be much simpler to dump the whole horrible
ASN1 stuff and use something like SNACC.
The primary problem is that it OpenSSL handles ASN1 by assuming the
whole structure is in memory. This is assumed in just about every single
piece of OpenSSL ASN1 code and there are lots of them.
You could hack this by reading in a big chunk in memory, seeing if it
had read up to the "content" then switching to the input stream and
finally passing what is left to the rest of the memory based stuff.
Thats messy but its the only way I can see that wouldn't involve
changing every single piece of ASN1 code :-(
The ASN1 side is not trivial. If you want to handle things according to
the last spec I saw you need to potentially handle nested constructed
structures which can be definite or indefinite length constructed to
arbitrary depth. I've never come across anything that uses more than
indefinite+primitive but it could theoretically be used.
> This project could start something like end april, beg may. In the meantime
> I must implement a solution based on signed data structures.
>
One other thing if the above hasn't put you off. Are you in the US? Its
just that the group hasn't yet determined that US contributions are
"safe".
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
