[openssl-dev] New crypto algorithms in openSSL engine
Matt Caswell
matt at openssl.org
Wed Sep 27 15:50:18 UTC 2017
On 27/09/17 15:32, Byrne, Andrew wrote:
> I’m working on testing some lattice based algorithms in openSSL for the
> establishment of a TLS channel. I’ve investigated the potential for
> developing an engine to support this as it would mean I don’t need to
> touch the core openSSL code. However, I’ve two blind spots which I can’t
> find any answers to…
>
> 1. How can I create a new OID/NID for the new algorithms I propose
> to include in the engine?
There are two options:
1) Create a PR for mainline OpenSSL to add a new OID. As its just an OID
this is likely to be accepted. This has the advantage that you get a
built-in NID, but will obviously only work for versions of OpenSSL after
the OID was added.
2) Dynamically create the OID/NID by calling OBJ_create(). This will
allocate a new NID at runtime:
https://www.openssl.org/docs/man1.1.0/crypto/OBJ_nid2obj.html
>
> 2. Is it possible to create a ciphersuite within an engine that
> could be used to create a TLS connection?
No. It is not possible to dynamically add new ciphersuites at runtime.
All ciphersuites are built-in.
Matt
More information about the openssl-dev
mailing list