[EXTERNAL] Re: ENGINE API replacement for Openssl3.0

Kris Kwiatkowski kris at amongbytes.com
Wed Sep 15 17:18:11 UTC 2021


Great, thanks! 

On 15 September 2021 17:07:59 BST, Matt Caswell <matt at openssl.org> wrote:
>
>
>On 15/09/2021 16:57, Matt Caswell wrote:
>> 
>> 
>> On 15/09/2021 16:50, Kris Kwiatkowski wrote:
>>> Can you point to instructions on how to load provider
>>> it into OpenSSL?
>>>
>>> Is there something similar to "[engine_section]",
>>> that can be used to configure loading from openssl.conf?
>> 
>> Yes. See the "config" man page here:
>> 
>> https://www.openssl.org/docs/man3.0/man5/config.html
>
>And here are some simple config files that do this:
>
>https://github.com/openssl/openssl/blob/master/test/default.cnf
>https://github.com/openssl/openssl/blob/master/test/default-and-fips.cnf
>https://github.com/openssl/openssl/blob/master/test/default-and-legacy.cnf
>https://github.com/openssl/openssl/blob/master/test/fips-and-base.cnf
>https://github.com/openssl/openssl/blob/master/test/fips.cnf
>
>Matt
>
>
>> 
>> In particular look at the section "Provider Configuration"
>> 
>> You can also load providers through the API. See:
>> 
>> https://www.openssl.org/docs/man3.0/man3/OSSL_PROVIDER_load.html
>> 
>> Matt
>> 
>> 
>>>
>>> BR,
>>> Kris
>>>
>>> On 9/15/21 4:39 PM, Matt Caswell wrote:
>>>> Another, slightly more complicated, but fully self contained provider is
>>>> here:
>>>>
>>>> https://github.com/openssl/openssl/blob/master/test/tls-provider.c
>>>>
>>>> And another one here:
>>>>
>>>> https://github.com/openssl/openssl/blob/master/test/p_test.c
>>>>
>>>> A minimal bare bones provider is here:
>>>>
>>>> https://github.com/openssl/openssl/blob/master/providers/nullprov.c
>>>>
>>>> The legacy provider is also worth looking at:
>>>>
>>>> https://github.com/openssl/openssl/blob/master/providers/legacyprov.c
>>>>
>>>> Matt
>>>>
>>>> On 15/09/2021 13:26, Petr Gotthard wrote:
>>>>> Shiva,
>>>>> you may also have a look at 
>>>>> thehttps://github.com/provider-corner/vigenere
>>>>> That's (as far as I know) the most simple provider implementation 
>>>>> available.
>>>>>
>>>>> Petr
>>>>>
>>>>> -----Original Message-----
>>>>> From: openssl-users<openssl-users-bounces at openssl.org>  On Behalf Of 
>>>>> Tomas Mraz
>>>>> Sent: Wednesday, September 15, 2021 2:18 PM
>>>>> To: Shivakumar 
>>>>> Poojari<Shivakumar.Poojari at rbbn.com>;openssl-users at openssl.org
>>>>> Cc: Paramashivaiah, Sunil<Sunil.Paramashivaiah at rbbn.com>; 
>>>>> Bhattacharjee, Debapriyo (c)<dbhattacharjee at rbbn.com>
>>>>> Subject: Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0
>>>>>
>>>>> I am sorry but as I said providers are not a direct replacement for 
>>>>> ENGINEs. It is a completely different implementation of the same 
>>>>> concept of pluggable cryptographical modules for OpenSSL. You can 
>>>>> look at the OpenSSL manual pages for the providers.
>>>>>
>>>>> This is the starting point:
>>>>> https://www.openssl.org/docs/man3.0/man7/provider.html
>>>>>
>>>>> There is no tutorial as for how to implement your own provider. And 
>>>>> as I said on the application side if the application loads an 
>>>>> OpenSSL configuration file the providers loaded can be configured 
>>>>> via the config file and does not require any explicit API calls from 
>>>>> the application.
>>>>>
>>>>> I'd recommend looking at some of the test sources in the tests 
>>>>> directory for some code examples.
>>>>>
>>>>> Tomas
>>>>>
>>>>> On Wed, 2021-09-15 at 10:34 +0000, Shivakumar Poojari wrote:
>>>>>> Hi Tomas,
>>>>>> As Engine function are deprecated I tried using providers
>>>>>>
>>>>>> But how to use providers to get engine functionality tried in man
>>>>>> pages
>>>>>>
>>>>>> Some sample program will help, maybe some sample program will give the
>>>>>> clear idea how to use provider
>>>>>>
>>>>>> Struggling in understand the providers
>>>>>>
>>>>>> Please share the sample program and the links to understand the
>>>>>> providers
>>>>>>
>>>>>> Thanks,
>>>>>> shiva kumar
>> 
>

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210915/0c7383ac/attachment.html>


More information about the openssl-users mailing list