[openssl-dev] Question about adding a new cipher [I am not asking the old question]
beldmit at gmail.com
Mon Mar 21 12:09:40 UTC 2016
On Mon, Mar 21, 2016 at 2:52 PM, John Hunter <zhjwpku at gmail.com> wrote:
> Hi Dmitry,
> Thank you for you quick reply.
> On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beldmit at gmail.com>
> > Hello John,
> > On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjwpku at gmail.com> wrote:
> >> I know that this question had been asked millions of times, I searched
> >> maillist archives and I know it, and this is not a homework for an
> >> academic
> >> project, trust me :)
> >> In , Victor said that we don't need to rebuild OpenSSL just for
> >> a
> >> crypto algrorithm, and he recoment to see the ccgost engine, I did, but
> >> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER
> >> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid
> >> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my
> >> added cipher, I think we should add one into openssl, in that occasion I
> >> think we should rebuild the OpenSSL.
> >> I am appreciated if somebody could help to explain.
> >> 
> > In theory, you are able to register OID/NID via engine.
> > In practice when we implemented the GOST algorithms we found that
> > it causes memory problems.
> > And anyway, if you provide cipher via an engine, it just allows to use
> it in
> > some commands but not for TLS.
> So if I want to use the engine cipher, I should add some ciphersuit in
> ssl and rebuild
> the openssl, but I am wondering how will the ssl use the engine? Maybe add
> engine to openssl.cnf?
Yes. And the application should also use the OPENSSL_config() function to
ensure the loading of the engine.
And sometimes the applications have their own config file with the
directives to load engines as accelerators.
> For now I just use the engine cipher(not a new added cipher, but replace
> aes-128-ecb using the engine) in command with the -engine xxx parameter, I
> don't know how to use the engine cipher as default(I mean without the
> Thanks in advance !
> > --
> > SY, Dmitry Belyavsky
> > --
> > openssl-dev mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-dev