In this case it should not be necessary to patch OpenSSH. You could just set a default property query in the OpenSSL configuration file as: default_properties = "?provider=yourprovider" in the alg_section. See the config(5) manual page. This way your provider will be preferred over other providers for all algorithms that it provides. Tomas On Tue, 2023-01-03 at 09:13 +0000, Hareesh Das Ulleri wrote: > Hi, > > More precise, my new custom provider has existing Cipher algo (eg: > AES-256-CBC) operations implemented using a 'HW crypto IP'. For > example what I am trying to achieve with my custom provider is when a > SSH Client(SCP/SFTP) initiate a transfer... > > SSHD (SCP/SFTP) -> OpenSSL -> Custom provider -> HW algo > implementation > > OpenSSL has to take my Custom provider for this Cipher operations > irrespective of a default provider exist for other operations (and > same cipher operations). > > > Does the above case can work if I configure OpenSSL and/or > OpenSSH; Or OpenSSH need to be patched ? > > Regards, > Hareesh > > -----Original Message----- > From: Tomas Mraz <tomas@xxxxxxxxxxx> > Sent: Tuesday, January 3, 2023 4:39 PM > To: Hareesh Das Ulleri <hareesh.ulleri@xxxxxxx>; > openssl-users@xxxxxxxxxxx > Subject: Re: Custom Provider - OpenSSL 3.x with SSHD > > [CAUTION]: EXTERNAL EMAIL > > > The primary question is, does your provider just implement some of > the existing algorithms that the OpenSSH supports or do you want to > add a new cipher algorithm? If the second, then OpenSSH needs to be > patched to add support for the new algorithm. I do not think it > supports custom pluggable algorithms. > > Tomas Mraz, OpenSSL > > On Tue, 2023-01-03 at 03:46 +0000, Hareesh Das Ulleri wrote: > > Dear OpenSSL users, > > > > I use Linux 5.10 + OpenSSL 3.0.7. I have a custom provider cipher > > implementation and its algo implementation works for test > > application. > > Now I have sshd running and want to use custom provider > > (encryption/decryption) implementation calls instead of default > > provider's. > > > > Please let me know anybody tried this before or someone knows > > this, > > how SSHD can be configured for a custom provider (encryption / > > decryption) calls. > > > > Note: Here both default provider and custom provider are activated > > at > > the same time. > > > > Thank you, > > Hareesh > > -- > Tomáš Mráz, OpenSSL > -- Tomáš Mráz, OpenSSL
