Integration of new algorithms
Dr Paul Dale
paul.dale at oracle.com
Wed Aug 26 21:36:38 UTC 2020
Kris,
Dynamically allocate yourself a block of NIDs, one for each algorithm, using OBJ_new_nid().
Note also, that there is a preferable option if you are working against the upcoming 3.0. Instead of developing an engine, create a provider. This avoids NIDs completely and was designed from the ground up to support what you want.
Pauli
--
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations
Phone +61 7 3031 7217
Oracle Australia
> On 27 Aug 2020, at 2:21 am, Kris Kwiatkowski <kris at amongbytes.com> wrote:
>
> Hello,
>
> I'm working on development of OpenSSL ENGINE that integrates
> post-quantum algorithms (new NIDs). During integration I
> need to modify OpenSSL code to add custom function, but would
> prefer not to need add anything to OpenSSL code (so engine
> can be dynmicaly loaded by any modern OpenSSL).
>
> So, In three cases, namely when the code is in callbacks for keygen,
> encryption and ctrl (called by EVP_PKEY_CTX_ctrl, EVP_PKEY_encrypt
> and EVP_PKEY_keygen) I need to get NID of the scheme. The problem
> is that, those functions are called with EVP_PKEY_CTX object
> provided as an argument. The NID is stored in the
> EVP_PKEY_CTX->pmeth->pkey_id. I think (AFAIK) there is no API
> which would return that value.
>
> I've added a simple function that returns pkey_id from the ctx, but
> that means that I need to change OpenSSL code. Is there any way
> to get NID without changing OpenSSL?
>
> Kind regards,
> Kris
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20200827/1be2bb22/attachment-0001.html>
More information about the openssl-users
mailing list