Integration of new algorithms

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Integration of new algorithms

Kris Kwiatkowski
Hello,


I'm working on development of OpenSSL ENGINE that integrates
post-quantum algorithms (new NIDs). During integration I
need to modify OpenSSL code to add custom function, but would
prefer not to need add anything to OpenSSL code (so engine
can be dynmicaly loaded by any modern OpenSSL).

So, In three cases, namely when the code is in callbacks for keygen,
encryption and ctrl (called by EVP_PKEY_CTX_ctrl, EVP_PKEY_encrypt
and EVP_PKEY_keygen) I need to get NID of the scheme. The problem
is that, those functions are called with EVP_PKEY_CTX object
provided as an argument. The NID is stored in the
EVP_PKEY_CTX->pmeth->pkey_id. I think (AFAIK) there is no API
which would return that value.

I've added a simple function that returns pkey_id from the ctx, but
that means that I need to change OpenSSL code. Is there any way
to get NID without changing OpenSSL?

Kind regards,
Kris


Reply | Threaded
Open this post in threaded view
|

Re: Integration of new algorithms

Dr Paul Dale
Kris,

Dynamically allocate yourself a block of NIDs, one for each algorithm, using OBJ_new_nid().

Note also, that there is a preferable option if you are working against the upcoming 3.0.  Instead of developing an engine, create a provider.  This avoids NIDs completely and was designed from the ground up to support what you want.


Pauli
-- 
Dr Paul Dale | Distinguished Architect | Cryptographic Foundations 
Phone +61 7 3031 7217
Oracle Australia




On 27 Aug 2020, at 2:21 am, Kris Kwiatkowski <[hidden email]> wrote:

Hello,


I'm working on development of OpenSSL ENGINE that integrates
post-quantum algorithms (new NIDs). During integration I
need to modify OpenSSL code to add custom function, but would
prefer not to need add anything to OpenSSL code (so engine
can be dynmicaly loaded by any modern OpenSSL).

So, In three cases, namely when the code is in callbacks for keygen,
encryption and ctrl (called by EVP_PKEY_CTX_ctrl, EVP_PKEY_encrypt
and EVP_PKEY_keygen) I need to get NID of the scheme. The problem
is that, those functions are called with EVP_PKEY_CTX object
provided as an argument. The NID is stored in the
EVP_PKEY_CTX->pmeth->pkey_id. I think (AFAIK) there is no API
which would return that value.

I've added a simple function that returns pkey_id from the ctx, but
that means that I need to change OpenSSL code. Is there any way
to get NID without changing OpenSSL?

Kind regards,
Kris