Integration of new algorithms

Dr Paul Dale paul.dale at
Wed Aug 26 21:36:38 UTC 2020


Dynamically allocate yourself a block of NIDs, one for each algorithm, using OBJ_new_nid().

Note also, that there is a preferable option if you are working against the upcoming 3.0.  Instead of developing an engine, create a provider.  This avoids NIDs completely and was designed from the ground up to support what you want.

Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia

> On 27 Aug 2020, at 2:21 am, Kris Kwiatkowski <kris at> wrote:
> Hello,
> I'm working on development of OpenSSL ENGINE that integrates
> post-quantum algorithms (new NIDs). During integration I
> need to modify OpenSSL code to add custom function, but would
> prefer not to need add anything to OpenSSL code (so engine
> can be dynmicaly loaded by any modern OpenSSL).
> So, In three cases, namely when the code is in callbacks for keygen,
> encryption and ctrl (called by EVP_PKEY_CTX_ctrl, EVP_PKEY_encrypt 
> and EVP_PKEY_keygen) I need to get NID of the scheme. The problem
> is that, those functions are called with EVP_PKEY_CTX object
> provided as an argument. The NID is stored in the 
> EVP_PKEY_CTX->pmeth->pkey_id. I think (AFAIK) there is no API
> which would return that value.
> I've added a simple function that returns pkey_id from the ctx, but
> that means that I need to change OpenSSL code. Is there any way
> to get NID without changing OpenSSL?
> Kind regards,
> Kris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list