[EXTERNAL] Re: ENGINE API replacement for Openssl3.0
Tomas Mraz
tomas at openssl.org
Wed Sep 15 12:17:37 UTC 2021
I am sorry but as I said providers are not a direct replacement for
ENGINEs. It is a completely different implementation of the same
concept of pluggable cryptographical modules for OpenSSL. You can look
at the OpenSSL manual pages for the providers.
This is the starting point:
https://www.openssl.org/docs/man3.0/man7/provider.html
There is no tutorial as for how to implement your own provider. And as
I said on the application side if the application loads an OpenSSL
configuration file the providers loaded can be configured via the
config file and does not require any explicit API calls from the
application.
I'd recommend looking at some of the test sources in the tests
directory for some code examples.
Tomas
On Wed, 2021-09-15 at 10:34 +0000, Shivakumar Poojari wrote:
> Hi Tomas,
> As Engine function are deprecated I tried using providers
>
> But how to use providers to get engine functionality tried in man
> pages
>
> Some sample program will help, maybe some sample program will give the
> clear idea how to use provider
>
> Struggling in understand the providers
>
> Please share the sample program and the links to understand the
> providers
>
> Thanks,
> shiva kumar
> From: Tomas Mraz <tomas at openssl.org>
> Sent: Wednesday, September 8, 2021 7:00 PM
> To: Shivakumar Poojari <Shivakumar.Poojari at rbbn.com>;
> openssl-users at openssl.org <openssl-users at openssl.org>
> Cc: Paramashivaiah, Sunil <Sunil.Paramashivaiah at rbbn.com>;
> Bhattacharjee, Debapriyo (c) <dbhattacharjee at rbbn.com>
> Subject: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0
> Hello,
>
> there is no direct replacement. The ENGINEs as a pluggable crypto
> modules concept is replaced with the providers concept which is much
> more sophisticated and capable.
>
> Please look at
> https://clicktime.symantec.com/3NTnN1ZFia2bCryEiZnkRmY6H2?u=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman7%2Fmigration_guide.html
>
> ENGINEs support is not removed from OpenSSL 3.0 however it is
> deprecated. If you cannot use deprecated functions you have to drop
> support for engines which means those functions just should not be
> called and there is no replacement.
>
> Providers allow for configuration via the default configuration file so
> for an application to support crypto modules in form of providers the
> application does not necessarily have to have any extra functions
> called. Just the default configuration file has to be present and the
> configuration of the desired provider(s) needs to be there.
>
> Tomas
>
>
> On Wed, 2021-09-08 at 13:07 +0000, Shivakumar Poojari wrote:
> > Hi
> > Upgrading our code to openssl 3.0. the below function we trying to
> > replace
> >
> > ENGINE_load_dynamic()
> >
> > Replacment for 3.0 what i
> > found OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL)
> >
> > ENGINE_by_id("dynamic")
> >
> > ENGINE_ctrl_cmd_string()
> >
> > ENGINE_set_default()
> >
> > ENGINE_get_DH()
> >
> > ENGINE_free()
> >
> > Need a replacement for the above-highlighted function. I searched in
> > man pages did not find any replacement and searched in google for
> > sample programs also not found
> >
> >
> > Thanks,
> > shiva kumar.
> >
> >
> >
> >
> >
> >
> >
> >
> > Notice: This e-mail together with any attachments may contain
> > information of Ribbon Communications Inc. and its Affiliates that is
> > confidential and/or proprietary for the sole use of the intended
> > recipient. Any review, disclosure, reliance or distribution by others
> > or forwarding without express permission is strictly prohibited. If
> > you
> > are not the intended recipient, please notify the sender immediately
> > and then delete all copies, including any attachments.
>
--
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
More information about the openssl-users
mailing list