Integration of new algorithms

Dr Paul Dale paul.dale at
Wed Sep 30 07:05:04 UTC 2020

Instead of using an engine, you should write a provider (assuming you’re using the soon to be released OpenSSL 3.0).  It doesn’t need a NID.

If you are using OpenSSL 1.1.1, try the OBJ_new_nid() function.

Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia

> On 26 Aug 2020, at 6:48 pm, Kris Kwiatkowski <kris at> wrote:
> Hey,
> I'm working on development of OpenSSL ENGINE that integrates
> post-quantum algorithms (new NIDs). During integration I
> need to modify OpenSSL code to add custom function, but would
> prefer not to need add anything to OpenSSL code (so engine
> can be dynmicaly loaded by any modern OpenSSL).
> So, In three cases, namely when the code is in callbacks for keygen,
> encryption and ctrl (called by EVP_PKEY_CTX_ctrl, EVP_PKEY_encrypt 
> and EVP_PKEY_keygen) I need to get NID of the scheme. The problem
> is that, those functions are called with EVP_PKEY_CTX object
> provided as an argument. The NID is stored in the 
> EVP_PKEY_CTX->pmeth->pkey_id. I think (AFAIK) there is no API
> which would return that value.
> I've added a simple function that returns pkey_id from the ctx, but
> that means that I need to change OpenSSL code. Is there any way
> to get NID without changing OpenSSL?
> Kind regards,
> Kris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-project mailing list