Hello John,

On Mon, Mar 21, 2016 at 1:53 PM, John Hunter <zhjw...@gmail.com> wrote:

> I know that this question had been asked millions of times, I searched the
> maillist archives and I know it, and this is not a homework for an academic
> project, trust me :)
>
> In [1], Victor said that we don't need to rebuild OpenSSL just for adding a
> crypto algrorithm, and he recoment to see the ccgost engine, I did, but
> I think that if we add a symmetric cipher, we will declare a EVP_CIPHER
> struct, which contains a nid, let's say NID_id_Gost28147_89, this nid was
> defined in crypto/objects/obj_mac.h, but if I don't have a nid for my new
> added cipher, I think we should add one into openssl, in that occasion I
> think we should rebuild the OpenSSL.
>
> I am appreciated if somebody could help to explain.
>
> [1]
> http://openssl.6102.n7.nabble.com/add-a-new-cipher-to-OpenSSL-td22968.html


In theory, you are able to register OID/NID via engine.
In practice when we implemented the GOST algorithms we found that sometimes
it causes memory problems.
And anyway, if you provide cipher via an engine, it just allows to use it
in some commands but not for TLS.

-- 
SY, Dmitry Belyavsky
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to