[openssl-dev] Dynamically adding a NID
Dr. Stephen Henson
steve at openssl.org
Sat Jul 1 19:29:13 UTC 2017
On Mon, Jun 26, 2017, Nicola Tuveri wrote:
> Hi,
>
> I'm working on ENGINE development, and I have the need to add an NID for a
> custom message digest, and eventually for ciphers and PKEY methods.
> Some of the associated object don't (and won't ever) have an associated
> OID, but I need to add them dynamically to avoid requiring patches to the
> upstream OpenSSL code before being able to use my engine.
>
> I'm currently (ab)using OBJ_create() [0], but it looks like it requires to
> specify a valid OID.
> I know it is possible to have NIDs associated with objects without OID
> (e.g. NID_siphash) when they are statically defined in OpenSSL source code,
> but I cannot find a way to declare similar objects without OID dynamically.
>
> Before 1.1.0, when structures weren't opaque, I could manipulate the
> contents of the created object directly and somehow work around this
> limitation, but in 1.1.0 this is not possible.
>
> Does anyone know of the right way to dynamically create an NID associated
> with an object without OID?
>
What do you want to do with the NID? Does it need to have a valid short name
and/or long name associated with it (so OBJ_sn2nid etc work) but no valid OID
or do you just need a NID value?
You're right that currently OBJ_create() needs a valid OID passed to it: you
can't pass a NULL to create an "OIDless NID" as you can by editing
objects.txt.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-dev
mailing list