Got it, thanks :)
On Mon, Mar 21, 2016 at 8:09 PM, Dmitry Belyavsky <beld...@gmail.com> wrote: > Dear John, > > On Mon, Mar 21, 2016 at 2:52 PM, John Hunter <zhjw...@gmail.com> wrote: >> >> Hi Dmitry, >> Thank you for you quick reply. >> >> On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beld...@gmail.com> >> wrote: >> > Hello John, >> > >> > On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjw...@gmail.com> wrote: >> >> >> >> I know that this question had been asked millions of times, I searched >> >> the >> >> maillist archives and I know it, and this is not a homework for an >> >> academic >> >> project, trust me :) >> >> >> >> In [1], Victor said that we don't need to rebuild OpenSSL just for >> >> adding >> >> a >> >> crypto algrorithm, and he recoment to see the ccgost engine, I did, but >> >> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER >> >> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid >> >> was >> >> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my >> >> new >> >> added cipher, I think we should add one into openssl, in that occasion >> >> I >> >> think we should rebuild the OpenSSL. >> >> >> >> I am appreciated if somebody could help to explain. >> >> >> >> [1] >> >> >> >> http://openssl.6102.n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html >> > >> > >> > In theory, you are able to register OID/NID via engine. >> > In practice when we implemented the GOST algorithms we found that >> > sometimes >> > it causes memory problems. >> > And anyway, if you provide cipher via an engine, it just allows to use >> > it in >> > some commands but not for TLS. >> >> So if I want to use the engine cipher, I should add some ciphersuit in >> ssl and rebuild >> the openssl, but I am wondering how will the ssl use the engine? Maybe add >> the >> engine to openssl.cnf? > > > Yes. And the application should also use the OPENSSL_config() function to > ensure the loading of the engine. > > And sometimes the applications have their own config file with the > directives to load engines as accelerators. > >> >> For now I just use the engine cipher(not a new added cipher, but replace >> the >> aes-128-ecb using the engine) in command with the -engine xxx parameter, I >> don't know how to use the engine cipher as default(I mean without the >> -engine). >> >> Thanks in advance ! >> >> > >> > -- >> > SY, Dmitry Belyavsky >> > >> > -- >> > openssl-dev mailing list >> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev >> > >> -- >> openssl-dev mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > > > > > -- > SY, Dmitry Belyavsky > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev > -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
