[openssl-dev] Question about adding a new cipher [I am not asking the old question]

Dmitry Belyavsky beldmit at gmail.com
Mon Mar 21 11:38:07 UTC 2016

Hello John,

On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjwpku at gmail.com> wrote:

> I know that this question had been asked millions of times, I searched the
> maillist archives and I know it, and this is not a homework for an academic
> project, trust me :)
> In [1], Victor said that we don't need to rebuild OpenSSL just for adding a
> crypto algrorithm, and he recoment to see the ccgost engine, I did, but
> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER
> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid was
> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my new
> added cipher, I think we should add one into openssl, in that occasion I
> think we should rebuild the OpenSSL.
> I am appreciated if somebody could help to explain.
> [1]
> http://openssl.6102.n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html

In theory, you are able to register OID/NID via engine.
In practice when we implemented the GOST algorithms we found that sometimes
it causes memory problems.
And anyway, if you provide cipher via an engine, it just allows to use it
in some commands but not for TLS.

SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160321/7553ba02/attachment-0001.html>

More information about the openssl-dev mailing list