Dear John, On Mon, Mar 21, 2016 at 2:52 PM, John Hunter <zhjw...@gmail.com> wrote:
> Hi Dmitry, > Thank you for you quick reply. > > On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beld...@gmail.com> > wrote: > > Hello John, > > > > On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjw...@gmail.com> wrote: > >> > >> I know that this question had been asked millions of times, I searched > the > >> maillist archives and I know it, and this is not a homework for an > >> academic > >> project, trust me :) > >> > >> In [1], Victor said that we don't need to rebuild OpenSSL just for > adding > >> a > >> crypto algrorithm, and he recoment to see the ccgost engine, I did, but > >> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER > >> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid > was > >> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my > new > >> added cipher, I think we should add one into openssl, in that occasion I > >> think we should rebuild the OpenSSL. > >> > >> I am appreciated if somebody could help to explain. > >> > >> [1] > >> > http://openssl.6102.n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html > > > > > > In theory, you are able to register OID/NID via engine. > > In practice when we implemented the GOST algorithms we found that > sometimes > > it causes memory problems. > > And anyway, if you provide cipher via an engine, it just allows to use > it in > > some commands but not for TLS. > > So if I want to use the engine cipher, I should add some ciphersuit in > ssl and rebuild > the openssl, but I am wondering how will the ssl use the engine? Maybe add > the > engine to openssl.cnf? > Yes. And the application should also use the OPENSSL_config() function to ensure the loading of the engine. And sometimes the applications have their own config file with the directives to load engines as accelerators. > For now I just use the engine cipher(not a new added cipher, but replace > the > aes-128-ecb using the engine) in command with the -engine xxx parameter, I > don't know how to use the engine cipher as default(I mean without the > -engine). > > Thanks in advance ! > > > > > -- > > SY, Dmitry Belyavsky > > > > -- > > openssl-dev mailing list > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -- SY, Dmitry Belyavsky
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev