Re: How to add my own cipher to openssl

Wed, 20 Dec 2006 07:23:06 -0800 

On 2006.12.19 at 15:10:34 +0000, nagaraju gundimi wrote:

>    Hi,
> 
>    i want to add my own cipher to openssl library, is it posssible?
>    if yes can any one explain the procedure

Yes, you can. You can even do it without recompiling OpenSSL, if it is
build with dynamic engine support. 
You can make an engine module which provides cipher, and registers 
this cipher upon loading.

Procedure of building such modules is very poorly documented,
but there are an examples.

Look into engines/ccgost directory in the recent 0.9.9 snapshot.
This engine adds whole bunch of new algorithms:
digest algorithm, two public key signature algoritms and symmetric cipher
algorithms.

Public keys part is most tricky, and impossible in the current stable
version without patches but you don't need it. Adding of cipher and
digest algorithms work in unpatched OpenSSL 0.9.8 too.

Basically, you have to create EVP_CIPHER structure, write appropriate
functions to populate its function pointers and register
this cipher using EVP_add_cipher function.

Functions which you'll have to write closely corresponds to 
well-documented API functions EVP_cipher_init, EVP_cipher_update etc.

Also you have to allocate NID (numeric identifier) for your cipher
and optionally to associate it with OID and name. It is better done via
openssl configuration file. When registering your cipher you just have
to lookup NID which openssl have assigned to your OID and use it.


That is if you mean "new encryption algorithm" under cipher.

If you mean "new TLS ciphersuite", than thing is much more complicated.
First of all, there is no provisions for dynamically added ciphersuites
even in current development snapshot.

So, you have to edit and recompile SSL library. Moreover, you have to
1. Read entire SSL library sources
2. Understand them
3. Write new ciphersuite definition
4. Debug it

Second, there is a bitmask which defines properties of ciphersuites.
It is stored in integer variable
Nearly all bits in it are used now.


>    Thanks in advance
> 
>    Nagaraju
> 
> 
>    Send free SMS to your Friends on Mobile from your Yahoo! Messenger.
>    Download Now! http://messenger.yahoo.com/download.php
> /home/vitus/.elinks//elinks.conf:85: unknown command
> /home/vitus/.elinks//elinks.conf:85: parse error
> /home/vitus/.elinks//elinks.conf:85: parse error
> /home/vitus/.elinks//elinks.conf:85: parse error
> 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to