Custom Provider - OpenSSL 3.x with SSHD
Hareesh Das Ulleri
hareesh.ulleri at ovt.com
Tue Jan 3 09:13:24 UTC 2023
Hi,
More precise, my new custom provider has existing Cipher algo (eg: AES-256-CBC) operations implemented using a 'HW crypto IP'. For example what I am trying to achieve with my custom provider is when a SSH Client(SCP/SFTP) initiate a transfer...
SSHD (SCP/SFTP) -> OpenSSL -> Custom provider -> HW algo implementation
OpenSSL has to take my Custom provider for this Cipher operations irrespective of a default provider exist for other operations (and same cipher operations).
Does the above case can work if I configure OpenSSL and/or OpenSSH; Or OpenSSH need to be patched ?
Regards,
Hareesh
-----Original Message-----
From: Tomas Mraz <tomas at openssl.org>
Sent: Tuesday, January 3, 2023 4:39 PM
To: Hareesh Das Ulleri <hareesh.ulleri at ovt.com>; openssl-users at openssl.org
Subject: Re: Custom Provider - OpenSSL 3.x with SSHD
[CAUTION]: EXTERNAL EMAIL
The primary question is, does your provider just implement some of the existing algorithms that the OpenSSH supports or do you want to add a new cipher algorithm? If the second, then OpenSSH needs to be patched to add support for the new algorithm. I do not think it supports custom pluggable algorithms.
Tomas Mraz, OpenSSL
On Tue, 2023-01-03 at 03:46 +0000, Hareesh Das Ulleri wrote:
> Dear OpenSSL users,
>
> I use Linux 5.10 + OpenSSL 3.0.7. I have a custom provider cipher
> implementation and its algo implementation works for test application.
> Now I have sshd running and want to use custom provider
> (encryption/decryption) implementation calls instead of default
> provider's.
>
> Please let me know anybody tried this before or someone knows this,
> how SSHD can be configured for a custom provider (encryption /
> decryption) calls.
>
> Note: Here both default provider and custom provider are activated at
> the same time.
>
> Thank you,
> Hareesh
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list