[openssl-dev] New crypto algorithms in openSSL engine
APOB83
Andrew.Byrne at dell.com
Mon Oct 23 14:19:36 UTC 2017
OpenSSL - Dev mailing list wrote
>> @Victor; Are you saying so that the patches that enabled the GOST
> ciphersuite be added are not included in openSSL? If so, would that
> mean
> it's not possible for me to fork off openSSL and follow the GOST
> template?
>
> Not quite. He’s saying that adding new crypto to TLS requires some static
> tables in libssl to be updated. Some new “NID” variables in objects.txt,
> and so on. The implementation of the algorithm can be done as an ENGINE.
Cool... this makes sense to me but looking for the voice of experience. I
can implement the algorithms in an ENGINE so that they are all available to
libssl. Then, in libssl I add the appropriate code (as you mention) to build
the ciphersuite and let me set up a TLS channel with the ENGINE.
Unless someone experienced can say "nope, this just won't work", this is my
preferred route to go down as it minimizes how much I have to modify core
code.
OpenSSL - Dev mailing list wrote
>> Putting engines aside for a moment, given that I have the appropriate
> headers for the crypto library I want to use, and I can build a shared
> or
> static library for it... would it be a viable option to try and
> integrate
> those headers and libraries directly into openSSL?
>
> Maybe. Hence the term “research” :)
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Indeed. I guess I'd just prefer to direct my efforts down the path with the
highest chance of success :)
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-Dev-f29372.html
More information about the openssl-dev
mailing list