[EXTERNAL] Re: ENGINE API replacement for Openssl3.0
Matt Caswell
matt at openssl.org
Wed Sep 15 16:07:59 UTC 2021
On 15/09/2021 16:57, Matt Caswell wrote:
>
>
> On 15/09/2021 16:50, Kris Kwiatkowski wrote:
>> Can you point to instructions on how to load provider
>> it into OpenSSL?
>>
>> Is there something similar to "[engine_section]",
>> that can be used to configure loading from openssl.conf?
>
> Yes. See the "config" man page here:
>
> https://www.openssl.org/docs/man3.0/man5/config.html
And here are some simple config files that do this:
https://github.com/openssl/openssl/blob/master/test/default.cnf
https://github.com/openssl/openssl/blob/master/test/default-and-fips.cnf
https://github.com/openssl/openssl/blob/master/test/default-and-legacy.cnf
https://github.com/openssl/openssl/blob/master/test/fips-and-base.cnf
https://github.com/openssl/openssl/blob/master/test/fips.cnf
Matt
>
> In particular look at the section "Provider Configuration"
>
> You can also load providers through the API. See:
>
> https://www.openssl.org/docs/man3.0/man3/OSSL_PROVIDER_load.html
>
> Matt
>
>
>>
>> BR,
>> Kris
>>
>> On 9/15/21 4:39 PM, Matt Caswell wrote:
>>> Another, slightly more complicated, but fully self contained provider is
>>> here:
>>>
>>> https://github.com/openssl/openssl/blob/master/test/tls-provider.c
>>>
>>> And another one here:
>>>
>>> https://github.com/openssl/openssl/blob/master/test/p_test.c
>>>
>>> A minimal bare bones provider is here:
>>>
>>> https://github.com/openssl/openssl/blob/master/providers/nullprov.c
>>>
>>> The legacy provider is also worth looking at:
>>>
>>> https://github.com/openssl/openssl/blob/master/providers/legacyprov.c
>>>
>>> Matt
>>>
>>> On 15/09/2021 13:26, Petr Gotthard wrote:
>>>> Shiva,
>>>> you may also have a look at
>>>> thehttps://github.com/provider-corner/vigenere
>>>> That's (as far as I know) the most simple provider implementation
>>>> available.
>>>>
>>>> Petr
>>>>
>>>> -----Original Message-----
>>>> From: openssl-users<openssl-users-bounces at openssl.org> On Behalf Of
>>>> Tomas Mraz
>>>> Sent: Wednesday, September 15, 2021 2:18 PM
>>>> To: Shivakumar
>>>> Poojari<Shivakumar.Poojari at rbbn.com>;openssl-users at openssl.org
>>>> Cc: Paramashivaiah, Sunil<Sunil.Paramashivaiah at rbbn.com>;
>>>> Bhattacharjee, Debapriyo (c)<dbhattacharjee at rbbn.com>
>>>> Subject: Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0
>>>>
>>>> I am sorry but as I said providers are not a direct replacement for
>>>> ENGINEs. It is a completely different implementation of the same
>>>> concept of pluggable cryptographical modules for OpenSSL. You can
>>>> look at the OpenSSL manual pages for the providers.
>>>>
>>>> This is the starting point:
>>>> https://www.openssl.org/docs/man3.0/man7/provider.html
>>>>
>>>> There is no tutorial as for how to implement your own provider. And
>>>> as I said on the application side if the application loads an
>>>> OpenSSL configuration file the providers loaded can be configured
>>>> via the config file and does not require any explicit API calls from
>>>> the application.
>>>>
>>>> I'd recommend looking at some of the test sources in the tests
>>>> directory for some code examples.
>>>>
>>>> Tomas
>>>>
>>>> On Wed, 2021-09-15 at 10:34 +0000, Shivakumar Poojari wrote:
>>>>> Hi Tomas,
>>>>> As Engine function are deprecated I tried using providers
>>>>>
>>>>> But how to use providers to get engine functionality tried in man
>>>>> pages
>>>>>
>>>>> Some sample program will help, maybe some sample program will give the
>>>>> clear idea how to use provider
>>>>>
>>>>> Struggling in understand the providers
>>>>>
>>>>> Please share the sample program and the links to understand the
>>>>> providers
>>>>>
>>>>> Thanks,
>>>>> shiva kumar
>
More information about the openssl-users
mailing list