On Tue, 29 Apr 2008, Dr. Stephen Henson wrote:
>> the problem is that now one can't offload AES counter modes to the
>> engine unless the application itself specifies its own EVP functions and
>> structures. However, even then, counter mode IDs and names are missing from
>> obj*.h files so functions like OBJ_nid2sn() crash. That happens with
>> "openssl engine -c", for example. It is enough to add following 3 lines to
>> objects.txt so that AES counter mode can be offloaded to the engine using
>> the workaround mentioned:
>>
>> : AES-128-CTR : aes-128-ctr
>> : AES-192-CTR : aes-192-ctr
>> : AES-256-CTR : aes-256-ctr
>>
>
>It would be better is standard OIDs existed for these modes and those were
>added instead.
>
>You can create OIDs dynamically with OBJ_create() too, that should work
>without the need to modify OpenSSL at all.
aha, thanks, that's a good idea. It seems to me that I can't use
OBJ_create() without providing an OID but ASN1_OBJECT_create() +
OBJ_add_object() is OK for me and no phony OIDs are used then.
J.
--
Jan Pechanec
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
