<html><head></head><body>Great, thanks! <br><br><div class="gmail_quote">On 15 September 2021 17:07:59 BST, Matt Caswell <matt@openssl.org> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre dir="auto" class="k9mail"><br><br>On 15/09/2021 16:57, Matt Caswell wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"><br><br>On 15/09/2021 16:50, Kris Kwiatkowski wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"> Can you point to instructions on how to load provider<br> it into OpenSSL?<br><br> Is there something similar to "[engine_section]",<br> that can be used to configure loading from openssl.conf?<br></blockquote><br>Yes. See the "config" man page here:<br><br><a href="https://www.openssl.org/docs/man3.0/man5/config.html">https://www.openssl.org/docs/man3.0/man5/config.html</a><br></blockquote><br>And here are some simple config files that do this:<br><br><a href="https://github.com/openssl/openssl/blob/master/test/default.cnf">https://github.com/openssl/openssl/blob/master/test/default.cnf</a><br><a href="https://github.com/openssl/openssl/blob/master/test/default-and-fips.cnf">https://github.com/openssl/openssl/blob/master/test/default-and-fips.cnf</a><br><a href="https://github.com/openssl/openssl/blob/master/test/default-and-legacy.cnf">https://github.com/openssl/openssl/blob/master/test/default-and-legacy.cnf</a><br><a href="https://github.com/openssl/openssl/blob/master/test/fips-and-base.cnf">https://github.com/openssl/openssl/blob/master/test/fips-and-base.cnf</a><br><a href="https://github.com/openssl/openssl/blob/master/test/fips.cnf">https://github.com/openssl/openssl/blob/master/test/fips.cnf</a><br><br>Matt<br><br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"><br>In particular look at the section "Provider Configuration"<br><br>You can also load providers through the API. See:<br><br><a href="https://www.openssl.org/docs/man3.0/man3/OSSL_PROVIDER_load.html">https://www.openssl.org/docs/man3.0/man3/OSSL_PROVIDER_load.html</a><br><br>Matt<br><br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;"><br> BR,<br> Kris<br><br> On 9/15/21 4:39 PM, Matt Caswell wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #8ae234; padding-left: 1ex;"> Another, slightly more complicated, but fully self contained provider is<br> here:<br><br> <a href="https://github.com/openssl/openssl/blob/master/test/tls-provider.c">https://github.com/openssl/openssl/blob/master/test/tls-provider.c</a><br><br> And another one here:<br><br> <a href="https://github.com/openssl/openssl/blob/master/test/p_test.c">https://github.com/openssl/openssl/blob/master/test/p_test.c</a><br><br> A minimal bare bones provider is here:<br><br> <a href="https://github.com/openssl/openssl/blob/master/providers/nullprov.c">https://github.com/openssl/openssl/blob/master/providers/nullprov.c</a><br><br> The legacy provider is also worth looking at:<br><br> <a href="https://github.com/openssl/openssl/blob/master/providers/legacyprov.c">https://github.com/openssl/openssl/blob/master/providers/legacyprov.c</a><br><br> Matt<br><br> On 15/09/2021 13:26, Petr Gotthard wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #fcaf3e; padding-left: 1ex;"> Shiva,<br> you may also have a look at <br> thehttps://github.com/provider-corner/vigenere<br> That's (as far as I know) the most simple provider implementation <br> available.<br><br> Petr<br><br> -----Original Message-----<br> From: openssl-users<openssl-users-bounces@openssl.org>  On Behalf Of <br> Tomas Mraz<br> Sent: Wednesday, September 15, 2021 2:18 PM<br> To: Shivakumar <br> Poojari<Shivakumar.Poojari@rbbn.com>;openssl-users@openssl.org<br> Cc: Paramashivaiah, Sunil<Sunil.Paramashivaiah@rbbn.com>; <br> Bhattacharjee, Debapriyo (c)<dbhattacharjee@rbbn.com><br> Subject: Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0<br><br> I am sorry but as I said providers are not a direct replacement for <br> ENGINEs. It is a completely different implementation of the same <br> concept of pluggable cryptographical modules for OpenSSL. You can <br> look at the OpenSSL manual pages for the providers.<br><br> This is the starting point:<br> <a href="https://www.openssl.org/docs/man3.0/man7/provider.html">https://www.openssl.org/docs/man3.0/man7/provider.html</a><br><br> There is no tutorial as for how to implement your own provider. And <br> as I said on the application side if the application loads an <br> OpenSSL configuration file the providers loaded can be configured <br> via the config file and does not require any explicit API calls from <br> the application.<br><br> I'd recommend looking at some of the test sources in the tests <br> directory for some code examples.<br><br> Tomas<br><br> On Wed, 2021-09-15 at 10:34 +0000, Shivakumar Poojari wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #e9b96e; padding-left: 1ex;"> Hi Tomas,<br> As Engine function are deprecated I tried using providers<br><br> But how to use providers to get engine functionality tried in man<br> pages<br><br> Some sample program will help, maybe some sample program will give the<br> clear idea how to use provider<br><br> Struggling in understand the providers<br><br> Please share the sample program and the links to understand the<br> providers<br><br> Thanks,<br> shiva kumar<br></blockquote></blockquote></blockquote></blockquote><br></blockquote><br></pre></blockquote></div><div style='white-space: pre-wrap'><div class='k9mail-signature'>-- <br>Sent from my Android device with K-9 Mail. Please excuse my brevity.</div></div></body></html>