<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><tt>Hello,<br>
<br>
In regards to </tt><tt><tt>OBJ_new_nid - yes, that's more or
less what I already<br>
do. I actually use </tt>OBJ_sn2nid() which, indeed calls a
OBJ_new_nid().</tt></p>
<p><tt>But the problem that I've is different. In keygen (callback
set by<br>
EVP_PKEY_meth_set_keygen), there is no way to access NID. It
seems<br>
to be stored in the </tt><tt><tt class="">EVP_PKEY_CTX->pmeth->pkey_id,
but there is<br>
no way to read it (or at least I couldn't find any).<br>
But, anyway - I've some sub-optimal solution, which uses <br>
</tt></tt><tt><tt class=""><tt><tt class="">EVP_PKEY_meth_set_ctrl()</tt></tt>
to set scheme specific callback. Not<br>
perfectly clean, but works perfectly well.<br>
<br>
In regards to 3.0 - I've started to work on provider for PQ<br>
schemes some time ago. Not finished yet, but indeed, it looks<br>
easier/better. Nevertheless ENGINE for 1.1.1 is actually <br>
something that is needed now for practical reasons (like
integration<br>
with existing software).<br>
<br>
Kind regards,<br>
Kris<br>
</tt></tt></p>
<div class="moz-cite-prefix">On 9/30/20 8:05 AM, Dr Paul Dale wrote:<br>
</div>
<blockquote type="cite"
cite="mid:C1E98260-54EC-41A7-87D5-40E36FB8E426@oracle.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Instead of using an engine, you should write a provider (assuming
you’re using the soon to be released OpenSSL 3.0). It doesn’t
need a NID.
<div class=""><br class="">
</div>
<div class="">If you are using OpenSSL 1.1.1, try
the OBJ_new_nid() function.</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">Pauli<br class="">
<div class="">
<div dir="auto" style="word-wrap: break-word;
-webkit-nbsp-mode: space; line-break: after-white-space;"
class="">
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px; font-style:
normal; font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;">-- <br class="">
Dr Paul Dale | Distinguished Architect | Cryptographic
Foundations <br class="">
Phone +61 7 3031 7217<br class="">
Oracle Australia</div>
<div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);
font-family: Helvetica; font-size: 12px; font-style:
normal; font-variant-caps: normal; font-weight: normal;
letter-spacing: normal; text-align: start; text-indent:
0px; text-transform: none; white-space: normal;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration: none;"><br class="">
</div>
<br class="Apple-interchange-newline">
</div>
<br class="Apple-interchange-newline">
</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 26 Aug 2020, at 6:48 pm, Kris Kwiatkowski
<<a href="mailto:kris@amongbytes.com" class=""
moz-do-not-send="true">kris@amongbytes.com</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class=""> <br class="">
<div class="moz-forward-container">
<div class="moz-forward-container">
<p class=""><tt class="">Hey,<br class="">
<br class="">
I'm working on development of OpenSSL ENGINE
that integrates<br class="">
post-quantum algorithms (new NIDs). During
integration I<br class="">
need to modify OpenSSL code to add custom
function, but would<br class="">
prefer not to need add anything to OpenSSL code
(so engine<br class="">
can be dynmicaly loaded by any modern OpenSSL).<br
class="">
</tt></p>
<p class=""><tt class="">So, In three cases, namely
when the code is in callbacks for keygen,<br
class="">
encryption and ctrl (called by
EVP_PKEY_CTX_ctrl, EVP_PKEY_encrypt <br
class="">
and EVP_PKEY_keygen) I need to get NID of the
scheme. The problem<br class="">
is that, those functions are called with
EVP_PKEY_CTX object<br class="">
provided as an argument. The NID is stored in
the <br class="">
</tt><tt class="">EVP_PKEY_CTX->pmeth->pkey_id.
I think (AFAIK) there is no API<br class="">
which would return that value.<br class="">
<br class="">
I've added a simple function that returns
pkey_id from the ctx, but<br class="">
that means that I need to change OpenSSL code.
Is there any way<br class="">
to get NID without changing OpenSSL?<br class="">
<br class="">
Kind regards,<br class="">
Kris<br class="">
<br class="">
</tt></p>
<p class=""><br class="">
</p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
</body>
</html>