[openssl-dev] New crypto algorithms in openSSL engine

[APOB83]

OpenSSL - Dev mailing list wrote
>>        @Victor; Are you saying so that the patches that enabled the GOST
>     ciphersuite be added are not included in openSSL? If so, would that
> mean
>     it's not possible for me to fork off openSSL and follow the GOST
> template?
>     
> Not quite.  He’s saying that adding new crypto to TLS requires some static
> tables in libssl to be updated.  Some new “NID” variables in objects.txt,
> and so on.  The implementation of the algorithm can be done as an ENGINE.

Cool... this makes sense to me but looking for the voice of experience. I
can implement the algorithms in an ENGINE so that they are all available to
libssl. Then, in libssl I add the appropriate code (as you mention) to build
the ciphersuite and let me set up a TLS channel with the ENGINE. 

Unless someone experienced can say "nope, this just won't work", this is my
preferred route to go down as it minimizes how much I have to modify core
code.


OpenSSL - Dev mailing list wrote
>>    Putting engines aside for a moment, given that I have the appropriate
>     headers for the crypto library I want to use, and I can build a shared
> or
>     static library for it... would it be a viable option to try and
> integrate
>     those headers and libraries directly into openSSL? 
>   
> Maybe. Hence the term “research” :)
> 
> -- 
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Indeed. I guess I'd just prefer to direct my efforts down the path with the
highest chance of success :)



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-Dev-f29372.html