Hi Dmitry, Thank you for you quick reply. On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beld...@gmail.com> wrote: > Hello John, > > On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjw...@gmail.com> wrote: >> >> I know that this question had been asked millions of times, I searched the >> maillist archives and I know it, and this is not a homework for an >> academic >> project, trust me :) >> >> In [1], Victor said that we don't need to rebuild OpenSSL just for adding >> a >> crypto algrorithm, and he recoment to see the ccgost engine, I did, but >> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER >> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid was >> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my new >> added cipher, I think we should add one into openssl, in that occasion I >> think we should rebuild the OpenSSL. >> >> I am appreciated if somebody could help to explain. >> >> [1] >> http://openssl.6102.n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html > > > In theory, you are able to register OID/NID via engine. > In practice when we implemented the GOST algorithms we found that sometimes > it causes memory problems. > And anyway, if you provide cipher via an engine, it just allows to use it in > some commands but not for TLS.
So if I want to use the engine cipher, I should add some ciphersuit in ssl and rebuild the openssl, but I am wondering how will the ssl use the engine? Maybe add the engine to openssl.cnf? For now I just use the engine cipher(not a new added cipher, but replace the aes-128-ecb using the engine) in command with the -engine xxx parameter, I don't know how to use the engine cipher as default(I mean without the -engine). Thanks in advance ! > > -- > SY, Dmitry Belyavsky > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
