Hello, In regards to OBJ_new_nid - yes, that's more or less what I already do. I actually use OBJ_sn2nid() which, indeed calls a OBJ_new_nid().
But the problem that I've is different. In keygen (callback set by EVP_PKEY_meth_set_keygen), there is no way to access NID. It seems to be stored in the EVP_PKEY_CTX->pmeth->pkey_id, but there is no way to read it (or at least I couldn't find any). But, anyway - I've some sub-optimal solution, which uses EVP_PKEY_meth_set_ctrl() to set scheme specific callback. Not perfectly clean, but works perfectly well. In regards to 3.0 - I've started to work on provider for PQ schemes some time ago. Not finished yet, but indeed, it looks easier/better. Nevertheless ENGINE for 1.1.1 is actually something that is needed now for practical reasons (like integration with existing software). Kind regards, Kris On 9/30/20 8:05 AM, Dr Paul Dale wrote: > Instead of using an engine, you should write a provider (assuming you’re > using the soon to be released OpenSSL 3.0). It doesn’t need a NID. > > If you are using OpenSSL 1.1.1, try the OBJ_new_nid() function. > > > Pauli > -- > Dr Paul Dale | Distinguished Architect | Cryptographic Foundations > Phone +61 7 3031 7217 > Oracle Australia > > > > >> On 26 Aug 2020, at 6:48 pm, Kris Kwiatkowski <k...@amongbytes.com >> <mailto:k...@amongbytes.com>> wrote: >> >> >> Hey, >> >> I'm working on development of OpenSSL ENGINE that integrates >> post-quantum algorithms (new NIDs). During integration I >> need to modify OpenSSL code to add custom function, but would >> prefer not to need add anything to OpenSSL code (so engine >> can be dynmicaly loaded by any modern OpenSSL). >> >> So, In three cases, namely when the code is in callbacks for keygen, >> encryption and ctrl (called by EVP_PKEY_CTX_ctrl, EVP_PKEY_encrypt >> and EVP_PKEY_keygen) I need to get NID of the scheme. The problem >> is that, those functions are called with EVP_PKEY_CTX object >> provided as an argument. The NID is stored in the >> EVP_PKEY_CTX->pmeth->pkey_id. I think (AFAIK) there is no API >> which would return that value. >> >> I've added a simple function that returns pkey_id from the ctx, but >> that means that I need to change OpenSSL code. Is there any way >> to get NID without changing OpenSSL? >> >> Kind regards, >> Kris >> >> >