[EXTERNAL] Re: ENGINE API replacement for Openssl3.0

Kris Kwiatkowski kris at amongbytes.com
Wed Sep 15 15:50:42 UTC 2021 

Can you point to instructions on how to load provider
it into OpenSSL?

Is there something similar to "[engine_section]",
that can be used to configure loading from openssl.conf?

BR,
Kris

On 9/15/21 4:39 PM, Matt Caswell wrote:
> Another, slightly more complicated, but fully self contained provider is 
> here:
>
> https://github.com/openssl/openssl/blob/master/test/tls-provider.c
>
> And another one here:
>
> https://github.com/openssl/openssl/blob/master/test/p_test.c
>
> A minimal bare bones provider is here:
>
> https://github.com/openssl/openssl/blob/master/providers/nullprov.c
>
> The legacy provider is also worth looking at:
>
> https://github.com/openssl/openssl/blob/master/providers/legacyprov.c
>
> Matt
>
> On 15/09/2021 13:26, Petr Gotthard wrote:
>> Shiva,
>> you may also have a look at the https://github.com/provider-corner/vigenere
>> That's (as far as I know) the most simple provider implementation available.
>>
>> Petr
>>
>> -----Original Message-----
>> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Tomas Mraz
>> Sent: Wednesday, September 15, 2021 2:18 PM
>> To: Shivakumar Poojari <Shivakumar.Poojari at rbbn.com>; openssl-users at openssl.org
>> Cc: Paramashivaiah, Sunil <Sunil.Paramashivaiah at rbbn.com>; Bhattacharjee, Debapriyo (c) <dbhattacharjee at rbbn.com>
>> Subject: Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0
>>
>> I am sorry but as I said providers are not a direct replacement for ENGINEs. It is a completely different implementation of the same concept of pluggable cryptographical modules for OpenSSL. You can look at the OpenSSL manual pages for the providers.
>>
>> This is the starting point:
>> https://www.openssl.org/docs/man3.0/man7/provider.html
>>
>> There is no tutorial as for how to implement your own provider. And as I said on the application side if the application loads an OpenSSL configuration file the providers loaded can be configured via the config file and does not require any explicit API calls from the application.
>>
>> I'd recommend looking at some of the test sources in the tests directory for some code examples.
>>
>> Tomas
>>
>> On Wed, 2021-09-15 at 10:34 +0000, Shivakumar Poojari wrote:
>>> Hi Tomas,
>>> As Engine function are deprecated I tried using providers
>>>
>>> But how to use providers to get engine functionality tried in man
>>> pages
>>>
>>> Some sample program will help, maybe some sample program will give the
>>> clear idea how to use provider
>>>
>>> Struggling in understand the providers
>>>
>>> Please share the sample program and the links to understand the
>>> providers
>>>
>>> Thanks,
>>> shiva kumar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210915/ec3cef0d/attachment.html>

More information about the openssl-users mailing list