ENGINE API replacement for Openssl3.0

Tomas Mraz tomas at openssl.org
Wed Sep 8 13:30:44 UTC 2021


there is no direct replacement. The ENGINEs as a pluggable crypto
modules concept is replaced with the providers concept which is much
more sophisticated and capable.

Please look at

ENGINEs support is not removed from OpenSSL 3.0 however it is
deprecated. If you cannot use deprecated functions you have to drop
support for engines which means those functions just should not be
called and there is no replacement.

Providers allow for configuration via the default configuration file so
for an application to support crypto modules in form of providers the
application does not necessarily have to have any extra functions
called. Just the default configuration file has to be present and the
configuration of the desired provider(s) needs to be there.


On Wed, 2021-09-08 at 13:07 +0000, Shivakumar Poojari wrote:
> Hi
> Upgrading our code to openssl 3.0. the below function we trying to
> replace
> ENGINE_load_dynamic()  
> Replacment for 3.0 what i
> ENGINE_by_id("dynamic")
> ENGINE_ctrl_cmd_string()
> ENGINE_set_default()
> ENGINE_get_DH()
> ENGINE_free()
> Need a replacement for the above-highlighted function. I searched in
> man pages did not find any replacement and searched in google for
> sample programs also not found
> Thanks,
> shiva kumar.
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others
> or forwarding without express permission is strictly prohibited. If you
> are not the intended recipient, please notify the sender immediately
> and then delete all copies, including any attachments.

Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your

More information about the openssl-users mailing list