Question about EVP API interaction

Matt Caswell matt at openssl.org
Fri Nov 10 17:07:09 UTC 2023 


On 10/11/2023 16:05, Juan di Mauro wrote:
> Dear all,
> 
> I'm coding an external provider for OpenSSL to incorporate a KEM 
> algorithm (the provider will be compiled as a .so as usual). I have the 
> KEM part of the code
> and the Key management module (the OSSL_ALGORITHM dispatch tables and so 
> on, corresponding to the OSSL_OP_KEM and OSSL_OP_KEYMGMT query types).
> 
> However, I have problems making things interact ok. It's clear that
> I do not fully understand the way the API should work in this case so my 
> first question is: Is there a complete documented guide about that?
> 
> Secondly, to state things clearly: I want to make key encapsulation and 
> I'm following this sequence of API calls to interact with my provider:
> 
> 
>   EVP_PKEY_CTX *ctx;
>   ctx = EVP_PKEY_CTX_new_from_name(libctx,<Name of my Keymgmt 
> algorithm>,NULL);
>      if (!ctx){
>          printf("The context can't be created. Exiting\n");
>          return -1;
>      }
>      //generate the key
>      EVP_PKEY *key = NULL;
>      EVP_PKEY_keygen_init(ctx);
>      EVP_PKEY_keygen(ctx, &key);
>      // Here, since the pkey in context is NULL, fails
>      int res_encaps_init = EVP_PKEY_encapsulate_init(ctx,NULL);

Since you are starting a new operation here you should probably use a 
new pkey ctx created via EVP_PKEY_CTX_new_from_pkey() rather than trying 
to reuse the old one.

Matt

> 
> 
> So, maybe the sequence of steps is wrong or my code doesn't satisfy the 
> API requirements.
> 
> Thanks in advance,
> 
> /LEGAL NOTICE: The content of this email message, including the attached 
> files, is confidential and is protected by article 18.3 of the Spanish 
> Constitution, which guarantees the secrecy of communications. If you 
> receive this message in error, please contact the sender to inform them 
> of this fact, and do not broadcast its content or make copies./
> /*** This message has been verified with removal tools for viruses and 
> malicious content ***/
> /This legal notice has been automatically incorporated into the message./
> /---------------------------------------------/
> /AVISO LEGAL: El contenido de este mensaje de correo electrónico, 
> incluidos los ficheros adjuntos, es confidencial y está protegido por el 
> artículo 18.3 de la Constitución Española, que garantiza el secreto de 
> las comunicaciones. Si usted recibe este mensaje por error, por favor 
> póngase en contacto con el remitente para informarle de este hecho, y no 
> difunda su contenido ni haga copias.
> /
> /*** Este mensaje ha sido verificado con herramientas de eliminación de 
> virus y contenido malicioso ***/
> /Este aviso legal ha sido incorporado automáticamente al mensaje./

More information about the openssl-users mailing list