<div dir="ltr"><div>Thanks Matt.</div><div>From your response, it seems that this would be a good moment to start looking into the provider interface. I will check it out (and may get back with questions after that...)</div><div>Reinier<br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jul 2, 2021 at 4:21 AM Matt Caswell <<a href="mailto:matt@openssl.org">matt@openssl.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><br>
<br>
On 02/07/2021 04:25, Reinier Torenbeek wrote:<br>
> Hi Matt,<br>
> <br>
> I am aware of the deprecation of the engine interface with 3.0 but have not looked into the details of support providers yet. I expect converting an engine to a support provider could be done with quite a bit of code reuse, correct? Would you say the interface and design of support providers is stable at this point?<br>
<br>
The engine and provider interfaces are quite different - but since the <br>
underlying operations are the same I imagine there will be quite a bit <br>
of reuse.<br>
<br>
Yes, we consider the provider interface to be stable now.<br>
<br>
Matt<br>
<br>
<br>
> <br>
> Thanks,<br>
> Reinier<br>
> <br>
>> On Jul 1, 2021, at 4:41 PM, Matt Caswell <<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>> wrote:<br>
>><br>
>> Nice! Are there any thoughts to support providers? The engine interface is deprecated in 3.0.<br>
>><br>
>> Matt<br>
>><br>
>><br>
>>> On 01/07/2021 18:49, Reinier Torenbeek wrote:<br>
>>> Hi,<br>
>>> For anyone interested in leveraging Windows CNG with OpenSSL 1.1.1, you may want to check out this new OpenSSL CNG Engine project on GitHub: <a href="https://github.com/rticommunity/openssl-cng-engine" rel="noreferrer" target="_blank">https://github.com/rticommunity/openssl-cng-engine</a> <<a href="https://github.com/rticommunity/openssl-cng-engine" rel="noreferrer" target="_blank">https://github.com/rticommunity/openssl-cng-engine</a>> . The associated User's Manual is on ReadTheDocs: <a href="https://openssl-cng-engine.readthedocs.io/en/latest/index.html" rel="noreferrer" target="_blank">https://openssl-cng-engine.readthedocs.io/en/latest/index.html</a> <<a href="https://openssl-cng-engine.readthedocs.io/en/latest/index.html" rel="noreferrer" target="_blank">https://openssl-cng-engine.readthedocs.io/en/latest/index.html</a>> .<br>
>>> The project implements the majority of the EVP interface, to leverage the BCrypt crypto implementations, as well as a subset of the STORE interface, for integration with the Windows Certificate and Keystore(s), via the NCrypt and Cert APIs. It has been tested with 1.1.1k on Windows 10, with Visual Studio 2017 and 2019. It is released under the Apache-2.0 license.<br>
>>> Any feedback is welcome, please send it to me or open an issue on GitHub.<br>
>>> Best regards,<br>
>>> Reinier<br>
> <br>
</blockquote></div></div>