[openssl-dev] Question about adding a new cipher [I am not asking the old question]

John Hunter zhjwpku at gmail.com
Mon Mar 21 11:52:19 UTC 2016

Hi Dmitry,
Thank you for you quick reply.

On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beldmit at gmail.com> wrote:
> Hello John,
> On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjwpku at gmail.com> wrote:
>> I know that this question had been asked millions of times, I searched the
>> maillist archives and I know it, and this is not a homework for an
>> academic
>> project, trust me :)
>> In [1], Victor said that we don't need to rebuild OpenSSL just for adding
>> a
>> crypto algrorithm, and he recoment to see the ccgost engine, I did, but
>> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER
>> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid was
>> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my new
>> added cipher, I think we should add one into openssl, in that occasion I
>> think we should rebuild the OpenSSL.
>> I am appreciated if somebody could help to explain.
>> [1]
>> http://openssl.6102.n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html
> In theory, you are able to register OID/NID via engine.
> In practice when we implemented the GOST algorithms we found that sometimes
> it causes memory problems.
> And anyway, if you provide cipher via an engine, it just allows to use it in
> some commands but not for TLS.

So if I want to use the engine cipher, I should add some ciphersuit in
ssl and rebuild
the openssl, but I am wondering how will the ssl use the engine? Maybe add the
engine to openssl.cnf?

For now I just use the engine cipher(not a new added cipher, but replace the
aes-128-ecb using the engine) in command with the -engine xxx parameter, I
don't know how to use the engine cipher as default(I mean without the -engine).

Thanks in advance !

> --
> SY, Dmitry Belyavsky
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

More information about the openssl-dev mailing list