Re: [openssl-dev] Question about adding a new cipher [I am not asking the old question]

2016-03-21 Thread John Hunter 
Got it, thanks :)

On Mon, Mar 21, 2016 at 8:09 PM, Dmitry Belyavsky <beld...@gmail.com> wrote:
> Dear John,
>
> On Mon, Mar 21, 2016 at 2:52 PM, John Hunter <zhjw...@gmail.com> wrote:
>>
>> Hi Dmitry,
>> Thank you for you quick reply.
>>
>> On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beld...@gmail.com>
>> wrote:
>> > Hello John,
>> >
>> > On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjw...@gmail.com> wrote:
>> >>
>> >> I know that this question had been asked millions of times, I searched
>> >> the
>> >> maillist archives and I know it, and this is not a homework for an
>> >> academic
>> >> project, trust me :)
>> >>
>> >> In [1], Victor said that we don't need to rebuild OpenSSL just for
>> >> adding
>> >> a
>> >> crypto algrorithm, and he recoment to see the ccgost engine, I did, but
>> >> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER
>> >> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid
>> >> was
>> >> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my
>> >> new
>> >> added cipher, I think we should add one into openssl, in that occasion
>> >> I
>> >> think we should rebuild the OpenSSL.
>> >>
>> >> I am appreciated if somebody could help to explain.
>> >>
>> >> [1]
>> >>
>> >> http://openssl.6102.n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html
>> >
>> >
>> > In theory, you are able to register OID/NID via engine.
>> > In practice when we implemented the GOST algorithms we found that
>> > sometimes
>> > it causes memory problems.
>> > And anyway, if you provide cipher via an engine, it just allows to use
>> > it in
>> > some commands but not for TLS.
>>
>> So if I want to use the engine cipher, I should add some ciphersuit in
>> ssl and rebuild
>> the openssl, but I am wondering how will the ssl use the engine? Maybe add
>> the
>> engine to openssl.cnf?
>
>
> Yes. And the application should also use the OPENSSL_config() function to
> ensure the loading of the engine.
>
>  And sometimes the applications have their own config file with the
> directives to load engines as accelerators.
>
>>
>> For now I just use the engine cipher(not a new added cipher, but replace
>> the
>> aes-128-ecb using the engine) in command with the -engine xxx parameter, I
>> don't know how to use the engine cipher as default(I mean without the
>> -engine).
>>
>> Thanks in advance !
>>
>> >
>> > --
>> > SY, Dmitry Belyavsky
>> >
>> > --
>> > openssl-dev mailing list
>> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>> >
>> --
>> openssl-dev mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>
>
>
> --
> SY, Dmitry Belyavsky
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] Question about adding a new cipher [I am not asking the old question]

2016-03-21 Thread John Hunter 
Hi Dmitry,
Thank you for you quick reply.

On Mon, Mar 21, 2016 at 7:38 PM, Dmitry Belyavsky <beld...@gmail.com> wrote:
> Hello John,
>
> On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjw...@gmail.com> wrote:
>>
>> I know that this question had been asked millions of times, I searched the
>> maillist archives and I know it, and this is not a homework for an
>> academic
>> project, trust me :)
>>
>> In [1], Victor said that we don't need to rebuild OpenSSL just for adding
>> a
>> crypto algrorithm, and he recoment to see the ccgost engine, I did, but
>> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER
>> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid was
>> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my new
>> added cipher, I think we should add one into openssl, in that occasion I
>> think we should rebuild the OpenSSL.
>>
>> I am appreciated if somebody could help to explain.
>>
>> [1]
>> http://openssl.6102.n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html
>
>
> In theory, you are able to register OID/NID via engine.
> In practice when we implemented the GOST algorithms we found that sometimes
> it causes memory problems.
> And anyway, if you provide cipher via an engine, it just allows to use it in
> some commands but not for TLS.

So if I want to use the engine cipher, I should add some ciphersuit in
ssl and rebuild
the openssl, but I am wondering how will the ssl use the engine? Maybe add the
engine to openssl.cnf?

For now I just use the engine cipher(not a new added cipher, but replace the
aes-128-ecb using the engine) in command with the -engine xxx parameter, I
don't know how to use the engine cipher as default(I mean without the -engine).

Thanks in advance !

>
> --
> SY, Dmitry Belyavsky
>
> --
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] Question about adding a new cipher [I am not asking the old question]

2016-03-21 Thread John Hunter 
I know that this question had been asked millions of times, I searched the
maillist archives and I know it, and this is not a homework for an academic
project, trust me :)

In [1], Victor said that we don't need to rebuild OpenSSL just for adding a
crypto algrorithm, and he recoment to see the ccgost engine, I did, but
I think that if we add a symmetric cipher, we will declare a EVP_CIPHER
struct, which contains a nid, let's say NID_id_Gost28147_89, this nid was
defined in crypto/objects/obj_mac.h, but if I don't have a nid for my new
added cipher, I think we should add one into openssl, in that occasion I
think we should rebuild the OpenSSL.

I am appreciated if somebody could help to explain.

[1] http://openssl.6102.n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html

Cheers!
Zhao
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] build issue about engine-corner/Lesson-2-A-digest

2016-02-16 Thread John Hunter 
Hi levitte,

I am studyding how to write an engine nowadays, so I download
your repo [1] and try to build it.

1. When the first time I run 'autoreconf -i', I got an error:


*configure.ac:18 : error: possibly
undefined macro: AC_MSG_FAILURE  If this token and others are
legitimate, please use m4_pattern_allow.  See the Autoconf
Documentation.*

2. Then I run 'autoreconf -i' the second time, the error gone.

3. I continue as running './configure', and got the error:

*./configure: line 12192: syntax error near unexpected token
`newline'./configure: line 12192: `AX_CHECK_OPENSSL('*

4. I googled and downloaded the latest version of *ax_check_openssl.m4[2] *
and
move it to the m4 directory, then I run 'autoreconf -i' and
'./configure', got some
other error:
*checking whether compiling and linking against OpenSSL works... no*
*configure: error: in `/home/hunter/Lesson-2-A-digest':*
*configure: error: could not locate OpenSSL*
*See `config.log' for more details*

5. I googled and tried the following methods but still can't build it
a) ./configure --with-openssl=/usr/include/openssl
b) sudo apt-get install libssl-dev

hope you can help me, thanks in advance.

[1] https://github.com/engine-corner/Lesson-2-A-digest
[2] http://www.gnu.org/software/autoconf-archive/ax_check_openssl.html

BR,
Zhao
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev