[Mono-devel-list] Development of OpenSSL Wrapper for use with MONO [as well as MS.Net]

Sebastien Pouliot sebastien.pouliot at gmail.com
Sun Jul 31 20:13:10 EDT 2005

Hello Thomas,

On Sun, 2005-31-07 at 19:35 -0400, Thomas Harning Jr. wrote:
> Thomas Harning Jr. wrote:
> > I've begin developing a wrapper around OpenSSL and have successfully
> > wrapped the Hashing functionality with little trouble.
> ...
> Another item that I discovered as I was using the existing Crypto
> framework to model after was the custom Feedback length.  I see
> nothing in OpenSSL to model this, so I'm not quite sure how to
> implement it.
> Any ideas to fix this would be great!

I'll be glad to help, however I'm on vacations right now (and next week)
and, much of the time, without net access.

> Also it came to mind that the ICryptoTransform interface is somewhat
> inconsistent.
> The "TransformBlock" method uses an output buffer and the finishing
> Transform doesn't, it returns a new buffer.

There's a good reason for this. The last block must deal with padding
issues. Padding may result in an extra block which wouldn't be part of
the original buffer allocation.

>   Since I generally
> prefer working with buffers and avoiding unnecessary allocations, I
> will probably setup a function that transforms the last block and
> dumps it into an output buffer (but of course sticking with the
> interface and offering that last method).

The _easiest_ way to get 100% functionality (from a Fx point of view)
out of a native library (which is the only safe way it can replace the
managed implementations) would be to re-use the SymmetricTransform class
(internal in corlib, public in Mono.Security.dll).

That way you'll get all the required cipher and padding modes (and that
includes the feedback issue you have) without any pain. The only thing
to implement would be the basic ECB mode for each native algorithm.

This approach won't result in optimal performances, (mostly) not because
of the SymmetricTransform (managed) code but due to the many calls from
managed-to-unmanaged code (one for each block). But this is something
that could be fixed/enhanced later. Anyway even if you want to get
everything from OpenSSL, using the SymmetricTransform class would still
be a good development step to test your wrapper code.


More information about the Mono-devel-list mailing list