Question about EVP API interaction

Juan di Mauro juan.dimauro at syndeno.com
Fri Nov 17 10:22:03 UTC 2023


Dear Matt,

Thanks for your reply. Unfortunately, the issue persists. I think something
is missing in my provider. Could be the case that I'm not loading default
provider?

I included the change that you suggested, but it returns a NULL. Below is
the code sample

    OSSL_LIB_CTX *libctx = NULL;
    libctx  = OSSL_LIB_CTX_new();
    OSSL_PROVIDER_set_default_search_path(libctx,"./provider");
    OSSL_PROVIDER *prov = OSSL_PROVIDER_load(libctx,"libprovider");
    if(!prov){
        printf("Provider not found. Exiting\n");
        return -1;
    }else{
        printf("The provider was successfully loaded\n");
    }

    EVP_PKEY *key = NULL;

    EVP_PKEY_CTX *ctx;
//    ctx = EVP_PKEY_CTX_new_from_name(libctx,"syndenokmgm",NULL);
    ctx = EVP_PKEY_CTX_new_from_pkey(libctx, key,NULL );
    if (!ctx){
        printf("The context can't be created. Exiting\n");
        return -1;
    }else{
        printf("The context was successfully created\n");
    }



    //generate the key
    EVP_PKEY_keygen_init(ctx);
    //EVP_PKEY_generate(ctx,&key);

    EVP_PKEY_keygen(ctx, &key);

    // Now, the operation code is good but since the pkey is NULL, fails
    int res_encaps_init = EVP_PKEY_encapsulate_init(ctx,NULL);


Best regards,

J.

On Fri, Nov 10, 2023 at 6:07 PM Matt Caswell <matt at openssl.org> wrote:

>
>
> On 10/11/2023 16:05, Juan di Mauro wrote:
> > Dear all,
> >
> > I'm coding an external provider for OpenSSL to incorporate a KEM
> > algorithm (the provider will be compiled as a .so as usual). I have the
> > KEM part of the code
> > and the Key management module (the OSSL_ALGORITHM dispatch tables and so
> > on, corresponding to the OSSL_OP_KEM and OSSL_OP_KEYMGMT query types).
> >
> > However, I have problems making things interact ok. It's clear that
> > I do not fully understand the way the API should work in this case so my
> > first question is: Is there a complete documented guide about that?
> >
> > Secondly, to state things clearly: I want to make key encapsulation and
> > I'm following this sequence of API calls to interact with my provider:
> >
> >
> >   EVP_PKEY_CTX *ctx;
> >   ctx = EVP_PKEY_CTX_new_from_name(libctx,<Name of my Keymgmt
> > algorithm>,NULL);
> >      if (!ctx){
> >          printf("The context can't be created. Exiting\n");
> >          return -1;
> >      }
> >      //generate the key
> >      EVP_PKEY *key = NULL;
> >      EVP_PKEY_keygen_init(ctx);
> >      EVP_PKEY_keygen(ctx, &key);
> >      // Here, since the pkey in context is NULL, fails
> >      int res_encaps_init = EVP_PKEY_encapsulate_init(ctx,NULL);
>
> Since you are starting a new operation here you should probably use a
> new pkey ctx created via EVP_PKEY_CTX_new_from_pkey() rather than trying
> to reuse the old one.
>
> Matt
>
> >
> >
> > So, maybe the sequence of steps is wrong or my code doesn't satisfy the
> > API requirements.
> >
> > Thanks in advance,
> >
> > /LEGAL NOTICE: The content of this email message, including the attached
> > files, is confidential and is protected by article 18.3 of the Spanish
> > Constitution, which guarantees the secrecy of communications. If you
> > receive this message in error, please contact the sender to inform them
> > of this fact, and do not broadcast its content or make copies./
> > /*** This message has been verified with removal tools for viruses and
> > malicious content ***/
> > /This legal notice has been automatically incorporated into the message./
> > /---------------------------------------------/
> > /AVISO LEGAL: El contenido de este mensaje de correo electrónico,
> > incluidos los ficheros adjuntos, es confidencial y está protegido por el
> > artículo 18.3 de la Constitución Española, que garantiza el secreto de
> > las comunicaciones. Si usted recibe este mensaje por error, por favor
> > póngase en contacto con el remitente para informarle de este hecho, y no
> > difunda su contenido ni haga copias.
> > /
> > /*** Este mensaje ha sido verificado con herramientas de eliminación de
> > virus y contenido malicioso ***/
> > /Este aviso legal ha sido incorporado automáticamente al mensaje./
>


-- 

Juan Di Mauro

I+D

www.syndeno.com

-- 
_LEGAL NOTICE: The content of this email message, including the attached 
files, is confidential and is protected by article 18.3 of the Spanish 
Constitution, which guarantees the secrecy of communications. If you 
receive this message in error, please contact the sender to inform them of 
this fact, and do not broadcast its content or make copies.
_
_*** This 
message has been verified with removal tools for viruses and malicious 
content ***
_
_This legal notice has been automatically incorporated into 
the message.
_

*---------------------------------------------*
*AVISO 
LEGAL: El contenido de este mensaje de correo electrónico, incluidos los 
ficheros adjuntos, es confidencial y está protegido por el artículo 18.3 de 
la Constitución Española, que garantiza el secreto de las comunicaciones. 
Si usted recibe este mensaje por error, por favor póngase en contacto con 
el remitente para informarle de este hecho, y no difunda su contenido ni 
haga copias.
*
_*** Este mensaje ha sido verificado con herramientas de 
eliminación de virus y contenido malicioso ***
_
_Este aviso legal ha sido 
incorporado automáticamente al mensaje._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231117/22053455/attachment.htm>


More information about the openssl-users mailing list