[openssl-dev] Question about adding a new cipher [I am not asking the old question]
zhjwpku at gmail.com
Mon Mar 21 11:52:19 UTC 2016
Thank you for you quick reply.
On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beldmit at gmail.com> wrote:
> Hello John,
> On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjwpku at gmail.com> wrote:
>> I know that this question had been asked millions of times, I searched the
>> maillist archives and I know it, and this is not a homework for an
>> project, trust me :)
>> In , Victor said that we don't need to rebuild OpenSSL just for adding
>> crypto algrorithm, and he recoment to see the ccgost engine, I did, but
>> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER
>> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid was
>> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my new
>> added cipher, I think we should add one into openssl, in that occasion I
>> think we should rebuild the OpenSSL.
>> I am appreciated if somebody could help to explain.
> In theory, you are able to register OID/NID via engine.
> In practice when we implemented the GOST algorithms we found that sometimes
> it causes memory problems.
> And anyway, if you provide cipher via an engine, it just allows to use it in
> some commands but not for TLS.
So if I want to use the engine cipher, I should add some ciphersuit in
ssl and rebuild
the openssl, but I am wondering how will the ssl use the engine? Maybe add the
engine to openssl.cnf?
For now I just use the engine cipher(not a new added cipher, but replace the
aes-128-ecb using the engine) in command with the -engine xxx parameter, I
don't know how to use the engine cipher as default(I mean without the -engine).
Thanks in advance !
> SY, Dmitry Belyavsky
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
More information about the openssl-dev