[openssl-dev] Question about adding a new cipher [I am not asking the old question]
beldmit at gmail.com
Mon Mar 21 11:38:07 UTC 2016
On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjwpku at gmail.com> wrote:
> I know that this question had been asked millions of times, I searched the
> maillist archives and I know it, and this is not a homework for an academic
> project, trust me :)
> In , Victor said that we don't need to rebuild OpenSSL just for adding a
> crypto algrorithm, and he recoment to see the ccgost engine, I did, but
> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER
> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid was
> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my new
> added cipher, I think we should add one into openssl, in that occasion I
> think we should rebuild the OpenSSL.
> I am appreciated if somebody could help to explain.
In theory, you are able to register OID/NID via engine.
In practice when we implemented the GOST algorithms we found that sometimes
it causes memory problems.
And anyway, if you provide cipher via an engine, it just allows to use it
in some commands but not for TLS.
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-dev