On 27/09/17 15:32, Byrne, Andrew wrote: > I’m working on testing some lattice based algorithms in openSSL for the > establishment of a TLS channel. I’ve investigated the potential for > developing an engine to support this as it would mean I don’t need to > touch the core openSSL code. However, I’ve two blind spots which I can’t > find any answers to… > > 1. How can I create a new OID/NID for the new algorithms I propose > to include in the engine?
There are two options: 1) Create a PR for mainline OpenSSL to add a new OID. As its just an OID this is likely to be accepted. This has the advantage that you get a built-in NID, but will obviously only work for versions of OpenSSL after the OID was added. 2) Dynamically create the OID/NID by calling OBJ_create(). This will allocate a new NID at runtime: https://www.openssl.org/docs/man1.1.0/crypto/OBJ_nid2obj.html > > 2. Is it possible to create a ciphersuite within an engine that > could be used to create a TLS connection? No. It is not possible to dynamically add new ciphersuites at runtime. All ciphersuites are built-in. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev