OpenSSL - Dev mailing list wrote >> @Victor; Are you saying so that the patches that enabled the GOST > ciphersuite be added are not included in openSSL? If so, would that > mean > it's not possible for me to fork off openSSL and follow the GOST > template? > > Not quite. He’s saying that adding new crypto to TLS requires some static > tables in libssl to be updated. Some new “NID” variables in objects.txt, > and so on. The implementation of the algorithm can be done as an ENGINE.
Cool... this makes sense to me but looking for the voice of experience. I can implement the algorithms in an ENGINE so that they are all available to libssl. Then, in libssl I add the appropriate code (as you mention) to build the ciphersuite and let me set up a TLS channel with the ENGINE. Unless someone experienced can say "nope, this just won't work", this is my preferred route to go down as it minimizes how much I have to modify core code. OpenSSL - Dev mailing list wrote >> Putting engines aside for a moment, given that I have the appropriate > headers for the crypto library I want to use, and I can build a shared > or > static library for it... would it be a viable option to try and > integrate > those headers and libraries directly into openSSL? > > Maybe. Hence the term “research” :) > > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev Indeed. I guess I'd just prefer to direct my efforts down the path with the highest chance of success :) -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-Dev-f29372.html -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev