[openssl-dev] Question about adding a new cipher [I am not asking the old question]
Dmitry Belyavsky
beldmit at gmail.com
Mon Mar 21 12:09:40 UTC 2016
Dear John,
On Mon, Mar 21, 2016 at 2:52 PM, John Hunter <zhjwpku at gmail.com> wrote:
> Hi Dmitry,
> Thank you for you quick reply.
>
> On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beldmit at gmail.com>
> wrote:
> > Hello John,
> >
> > On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjwpku at gmail.com> wrote:
> >>
> >> I know that this question had been asked millions of times, I searched
> the
> >> maillist archives and I know it, and this is not a homework for an
> >> academic
> >> project, trust me :)
> >>
> >> In [1], Victor said that we don't need to rebuild OpenSSL just for
> adding
> >> a
> >> crypto algrorithm, and he recoment to see the ccgost engine, I did, but
> >> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER
> >> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid
> was
> >> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my
> new
> >> added cipher, I think we should add one into openssl, in that occasion I
> >> think we should rebuild the OpenSSL.
> >>
> >> I am appreciated if somebody could help to explain.
> >>
> >> [1]
> >>
> http://openssl.6102.n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html
> >
> >
> > In theory, you are able to register OID/NID via engine.
> > In practice when we implemented the GOST algorithms we found that
> sometimes
> > it causes memory problems.
> > And anyway, if you provide cipher via an engine, it just allows to use
> it in
> > some commands but not for TLS.
>
> So if I want to use the engine cipher, I should add some ciphersuit in
> ssl and rebuild
> the openssl, but I am wondering how will the ssl use the engine? Maybe add
> the
> engine to openssl.cnf?
>
Yes. And the application should also use the OPENSSL_config() function to
ensure the loading of the engine.
And sometimes the applications have their own config file with the
directives to load engines as accelerators.
> For now I just use the engine cipher(not a new added cipher, but replace
> the
> aes-128-ecb using the engine) in command with the -engine xxx parameter, I
> don't know how to use the engine cipher as default(I mean without the
> -engine).
>
> Thanks in advance !
>
> >
> > --
> > SY, Dmitry Belyavsky
> >
> > --
> > openssl-dev mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
> >
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
--
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160321/9a63c08a/attachment.html>
More information about the openssl-dev
mailing list