Question about EVP API interaction
Matt Caswell
matt at openssl.org
Mon Nov 20 10:14:01 UTC 2023
On 17/11/2023 10:22, Juan di Mauro wrote:
> Dear Matt,
>
> Thanks for your reply. Unfortunately, the issue persists. I think
> something is missing in my provider. Could be the case that I'm not
> loading default provider?
>
> I included the change that you suggested, but it returns a NULL. Below
> is the code sample
I meant: continue to use the EVP_PKEY_CTX created via
EVP_PKEY_CTX_new_from_name() for the initial generate - but then create
a new EVP_PKEY_CTX using EVP_PKEY_CTX_new_from_pkey() for the
encapsulate operation passing in the key that was generated
E.g.
EVP_PKEY_CTX *ctx;
ctx = EVP_PKEY_CTX_new_from_name(libctx,<Name of Keymgmt algorithm>,NULL);
if (!ctx){
printf("The context can't be created. Exiting\n");
return -1;
}
//generate the key
EVP_PKEY *key = NULL;
EVP_PKEY_keygen_init(ctx);
EVP_PKEY_keygen(ctx, &key);
EVP_PKEY_CTX_free(ctx);
ctx = EVP_PKEY_CTX_new_from_pkey(libctx, key, NULL);
int res_encaps_init = EVP_PKEY_encapsulate_init(ctx,NULL);
Note that many of the functions above may fail, so you really need to
check for failure responses from each of these functions (where
applicable). I've not tried to add such checks above for brevity.
Matt
>
> OSSL_LIB_CTX *libctx = NULL;
> libctx = OSSL_LIB_CTX_new();
> OSSL_PROVIDER_set_default_search_path(libctx,"./provider");
> OSSL_PROVIDER *prov = OSSL_PROVIDER_load(libctx,"libprovider");
> if(!prov){
> printf("Provider not found. Exiting\n");
> return -1;
> }else{
> printf("The provider was successfully loaded\n");
> }
>
> EVP_PKEY *key = NULL;
>
> EVP_PKEY_CTX *ctx;
> // ctx = EVP_PKEY_CTX_new_from_name(libctx,"syndenokmgm",NULL);
> ctx = EVP_PKEY_CTX_new_from_pkey(libctx, key,NULL );
> if (!ctx){
> printf("The context can't be created. Exiting\n");
> return -1;
> }else{
> printf("The context was successfully created\n");
> }
>
>
>
> //generate the key
> EVP_PKEY_keygen_init(ctx);
> //EVP_PKEY_generate(ctx,&key);
>
> EVP_PKEY_keygen(ctx, &key);
>
> // Now, the operation code is good but since the pkey is NULL, fails
> int res_encaps_init = EVP_PKEY_encapsulate_init(ctx,NULL);
>
>
> Best regards,
>
> J.
>
> On Fri, Nov 10, 2023 at 6:07 PM Matt Caswell <matt at openssl.org
> <mailto:matt at openssl.org>> wrote:
>
>
>
> On 10/11/2023 16:05, Juan di Mauro wrote:
> > Dear all,
> >
> > I'm coding an external provider for OpenSSL to incorporate a KEM
> > algorithm (the provider will be compiled as a .so as usual). I
> have the
> > KEM part of the code
> > and the Key management module (the OSSL_ALGORITHM dispatch tables
> and so
> > on, corresponding to the OSSL_OP_KEM and OSSL_OP_KEYMGMT query
> types).
> >
> > However, I have problems making things interact ok. It's clear that
> > I do not fully understand the way the API should work in this
> case so my
> > first question is: Is there a complete documented guide about that?
> >
> > Secondly, to state things clearly: I want to make key
> encapsulation and
> > I'm following this sequence of API calls to interact with my
> provider:
> >
> >
> > EVP_PKEY_CTX *ctx;
> > ctx = EVP_PKEY_CTX_new_from_name(libctx,<Name of my Keymgmt
> > algorithm>,NULL);
> > if (!ctx){
> > printf("The context can't be created. Exiting\n");
> > return -1;
> > }
> > //generate the key
> > EVP_PKEY *key = NULL;
> > EVP_PKEY_keygen_init(ctx);
> > EVP_PKEY_keygen(ctx, &key);
> > // Here, since the pkey in context is NULL, fails
> > int res_encaps_init = EVP_PKEY_encapsulate_init(ctx,NULL);
>
> Since you are starting a new operation here you should probably use a
> new pkey ctx created via EVP_PKEY_CTX_new_from_pkey() rather than
> trying
> to reuse the old one.
>
> Matt
>
> >
> >
> > So, maybe the sequence of steps is wrong or my code doesn't
> satisfy the
> > API requirements.
> >
> > Thanks in advance,
> >
> > /LEGAL NOTICE: The content of this email message, including the
> attached
> > files, is confidential and is protected by article 18.3 of the
> Spanish
> > Constitution, which guarantees the secrecy of communications. If you
> > receive this message in error, please contact the sender to
> inform them
> > of this fact, and do not broadcast its content or make copies./
> > /*** This message has been verified with removal tools for
> viruses and
> > malicious content ***/
> > /This legal notice has been automatically incorporated into the
> message./
> > /---------------------------------------------/
> > /AVISO LEGAL: El contenido de este mensaje de correo electrónico,
> > incluidos los ficheros adjuntos, es confidencial y está protegido
> por el
> > artículo 18.3 de la Constitución Española, que garantiza el
> secreto de
> > las comunicaciones. Si usted recibe este mensaje por error, por
> favor
> > póngase en contacto con el remitente para informarle de este
> hecho, y no
> > difunda su contenido ni haga copias.
> > /
> > /*** Este mensaje ha sido verificado con herramientas de
> eliminación de
> > virus y contenido malicioso ***/
> > /Este aviso legal ha sido incorporado automáticamente al mensaje./
>
>
>
> --
>
>
>
> Juan Di Mauro
>
> I+D
>
>
> www.syndeno.com <http://www.syndeno.com>
>
>
>
>
>
>
>
> /LEGAL NOTICE: The content of this email message, including the attached
> files, is confidential and is protected by article 18.3 of the Spanish
> Constitution, which guarantees the secrecy of communications. If you
> receive this message in error, please contact the sender to inform them
> of this fact, and do not broadcast its content or make copies./
> /*** This message has been verified with removal tools for viruses and
> malicious content ***/
> /This legal notice has been automatically incorporated into the message./
> /---------------------------------------------/
> /AVISO LEGAL: El contenido de este mensaje de correo electrónico,
> incluidos los ficheros adjuntos, es confidencial y está protegido por el
> artículo 18.3 de la Constitución Española, que garantiza el secreto de
> las comunicaciones. Si usted recibe este mensaje por error, por favor
> póngase en contacto con el remitente para informarle de este hecho, y no
> difunda su contenido ni haga copias.
> /
> /*** Este mensaje ha sido verificado con herramientas de eliminación de
> virus y contenido malicioso ***/
> /Este aviso legal ha sido incorporado automáticamente al mensaje./
More information about the openssl-users
mailing list