[openssl-users] Adding EVP cipher into SSL library
Schmicker, Robert
rschm2 at unh.newhaven.edu
Sun Apr 2 16:18:34 UTC 2017
Hello,
Can anyone give some insight on how to implement a new EVP symmetric
cipher into the SSL library? I have the cipher integrated into the EVP
and tested as working.
I know it's old but I followed AES's integration from this commit:
https://github.com/openssl/openssl/commit/deb2c1a1c58fb738b3216b663212572170de8183
Does anyone know of a more updated commit for a symmetric cipher I could
follow?
When debugging a client/server test program I receive the following
error client side:
SSL routines:ssl_cipher_list_to_bytes:no ciphers
available:ssl/statem/statem_clnt.c:3564:
This leads me to believe I'm missing a crucial step somewhere for the
SSL library to find my EVP instance?
Best,
Rob Schmicker
P.S. I have done the following so far:
Added defines in include/openssl/tls1.h:
# define TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384 0x03001306
# define TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384
"ECDHE-ECDSA-MYCHIPHER-SHA384"
Added a define in include/openssl/ssl.h:
# define SSL_TXT_MYCIPHER "MYCIPHER"
Integrated into ssl/s3_lib.c:
static SSL_CIPHER ssl3_ciphers[] = {
{
1,
TLS1_TXT_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_MYCIPHER_SHA384,
SSL_kECDHE,
SSL_aECDSA,
SSL_MYCIPHER,
SSL_AEAD,
TLS1_2_VERSION, TLS1_2_VERSION,
DTLS1_2_VERSION, DTLS1_2_VERSION,
SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
64,
64,
},
Added the binary representation in ssl/ssl_locl.h:
# define SSL_MYCIPHER 0x00100000U
Integrated into ssl/ssl_ciph.c:
#define SSL_ENC_CHACHA_IDX 19
#define SSL_ENC_MYCIPHER 20
#define SSL_ENC_NUM_IDX 21
/* Table of NIDs for each cipher */
static const ssl_cipher_table
ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
{SSL_MYCIPHER, NID_MYCIPHER},
static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_MYCIPHER, 0, 0, 0, SSL_MYCIPHER},
Added the loading of the cipher into ssl/ssl_init.c:
DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
{
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
"Adding SSL ciphers and digests\n");
#endif
EVP_add_cipher(EVP_mycipher());
#ifndef OPENSSL_NO_DES
EVP_add_cipher(EVP_des_cbc());
EVP_add_cipher(EVP_des_ede3_cbc());
#endif
More information about the openssl-users
mailing list