Custom Provider - OpenSSL 3.x with SSHD

Hareesh Das Ulleri hareesh.ulleri at ovt.com
Tue Jan 3 09:13:24 UTC 2023


Hi,

   More precise, my new custom provider has existing Cipher algo (eg: AES-256-CBC) operations implemented using a 'HW crypto IP'. For example what I am trying to achieve with my custom provider is when a SSH Client(SCP/SFTP) initiate a transfer...

SSHD  (SCP/SFTP) -> OpenSSL -> Custom provider -> HW algo implementation

OpenSSL has to take my Custom provider for this Cipher operations irrespective of a default provider exist for other operations (and same cipher operations).


    Does the above case can work if I configure OpenSSL and/or OpenSSH; Or OpenSSH need to be patched ? 

Regards,
Hareesh

-----Original Message-----
From: Tomas Mraz <tomas at openssl.org> 
Sent: Tuesday, January 3, 2023 4:39 PM
To: Hareesh Das Ulleri <hareesh.ulleri at ovt.com>; openssl-users at openssl.org
Subject: Re: Custom Provider - OpenSSL 3.x with SSHD

[CAUTION]: EXTERNAL EMAIL


The primary question is, does your provider just implement some of the existing algorithms that the OpenSSH supports or do you want to add a new cipher algorithm? If the second, then OpenSSH needs to be patched to add support for the new algorithm. I do not think it supports custom pluggable algorithms.

Tomas Mraz, OpenSSL

On Tue, 2023-01-03 at 03:46 +0000, Hareesh Das Ulleri wrote:
> Dear OpenSSL users,
>
>   I use Linux 5.10 + OpenSSL 3.0.7. I have a custom provider cipher 
> implementation and its algo implementation works for test application. 
> Now I have sshd running and want to use custom provider
> (encryption/decryption) implementation calls instead of default 
> provider's.
>
>   Please let me know anybody tried this before or someone knows this, 
> how SSHD can be configured for a custom provider (encryption /
> decryption) calls.
>
> Note: Here both default provider and custom provider are activated at 
> the same time.
>
> Thank you,
> Hareesh

--
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list