Re: Plugin own crypto routines with ssl

Wed, 26 Oct 2005 00:26:27 -0700 

On 2005.10.26 at 04:17:21 +0100, upinder singh wrote:

> I have newly atrted working on the ssl.I do not know
> much about the way it works and its design also.I want
> to integrate my own crypto routines with the ssl.

There is a lot of documentation bundled with OpenSSL. Just libcrypto
documentation (doc/crypto directory) is about 900Kb. 

This is thing you've search answers to your questions in.

What you mean under "integrate own crypto routines"?

I can imagine two cases:

1. You have some alternative (possibly hardware) implementation of
cryptoalgorithms, which are already supported by OpenSSL, and want to
replace default implementations with these. It is what engines are for.

Look into engine directory of openssl distribution. You'll find a bunch
of examples there. See also README.ENGINE in the top level directory.

2. You want to add support for some crypto algorithms, which are not
supported by OpenSSL yet, for instance for some national cryptography
standard. (Are you from India? What is your national standards?).

This thing is more complicated, especially regarding asymmetric
cryptography. Asymmetric algorithms are hardcoded into current OpenSSL
code in many places with code like 

  switch (someobject->alg) {
    case RSA: ....
                        break;
        case DSA: ...
                        break;
        case ECDSA: ..
                        break
  }

We have developed patch which removes all these hardcoded switches and
replaces it with table lookup, which allows engines to easily add new
algorithms. Unfortunately this patch is not ready for integration into
main OpenSSL code.

See http://www.cryptocom.ru/OpenSource/OpenSSL_eng.html

Things are a bit simplier with symmetric ciphers and digest algorithms.

There are already tables for these algorithms in place. But, as far as I
remember there were some problems with adding new algorithms of these
types using dynamically loading engines, which we fixed in our patch
too.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to