Integration of new algorithms
Dr Paul Dale
paul.dale at oracle.com
Wed Sep 30 07:05:04 UTC 2020
Instead of using an engine, you should write a provider (assuming you’re using the soon to be released OpenSSL 3.0). It doesn’t need a NID.
If you are using OpenSSL 1.1.1, try the OBJ_new_nid() function.
Pauli
--
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
Phone +61 7 3031 7217
Oracle Australia
> On 26 Aug 2020, at 6:48 pm, Kris Kwiatkowski <kris at amongbytes.com> wrote:
>
>
> Hey,
>
> I'm working on development of OpenSSL ENGINE that integrates
> post-quantum algorithms (new NIDs). During integration I
> need to modify OpenSSL code to add custom function, but would
> prefer not to need add anything to OpenSSL code (so engine
> can be dynmicaly loaded by any modern OpenSSL).
>
> So, In three cases, namely when the code is in callbacks for keygen,
> encryption and ctrl (called by EVP_PKEY_CTX_ctrl, EVP_PKEY_encrypt
> and EVP_PKEY_keygen) I need to get NID of the scheme. The problem
> is that, those functions are called with EVP_PKEY_CTX object
> provided as an argument. The NID is stored in the
> EVP_PKEY_CTX->pmeth->pkey_id. I think (AFAIK) there is no API
> which would return that value.
>
> I've added a simple function that returns pkey_id from the ctx, but
> that means that I need to change OpenSSL code. Is there any way
> to get NID without changing OpenSSL?
>
> Kind regards,
> Kris
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-project/attachments/20200930/af35166d/attachment.html>
More information about the openssl-project
mailing list