Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Great, thanks!

On 15 September 2021 17:07:59 BST, Matt Caswell <matt@xxxxxxxxxxx> wrote:


On 15/09/2021 16:57, Matt Caswell wrote:


On 15/09/2021 16:50, Kris Kwiatkowski wrote:
Can you point to instructions on how to load provider
it into OpenSSL?

Is there something similar to "[engine_section]",
that can be used to configure loading from openssl.conf?

Yes. See the "config" man page here:

https://www.openssl.org/docs/man3.0/man5/config.html

And here are some simple config files that do this:

https://github.com/openssl/openssl/blob/master/test/default.cnf
https://github.com/openssl/openssl/blob/master/test/default-and-fips.cnf
https://github.com/openssl/openssl/blob/master/test/default-and-legacy.cnf
https://github.com/openssl/openssl/blob/master/test/fips-and-base.cnf
https://github.com/openssl/openssl/blob/master/test/fips.cnf

Matt



In particular look at the section "Provider Configuration"

You can also load providers through the API. See:

https://www.openssl.org/docs/man3.0/man3/OSSL_PROVIDER_load.html

Matt



BR,
Kris

On 9/15/21 4:39 PM, Matt Caswell wrote:
Another, slightly more complicated, but fully self contained provider is
here:

https://github.com/openssl/openssl/blob/master/test/tls-provider.c

And another one here:

https://github.com/openssl/openssl/blob/master/test/p_test.c

A minimal bare bones provider is here:

https://github.com/openssl/openssl/blob/master/providers/nullprov.c

The legacy provider is also worth looking at:

https://github.com/openssl/openssl/blob/master/providers/legacyprov.c

Matt

On 15/09/2021 13:26, Petr Gotthard wrote:
Shiva,
you may also have a look at
thehttps://github.com/provider-corner/vigenere
That's (as far as I know) the most simple provider implementation
available.

Petr

-----Original Message-----
From: openssl-users<openssl-users-bounces@xxxxxxxxxxx>  On Behalf Of
Tomas Mraz
Sent: Wednesday, September 15, 2021 2:18 PM
To: Shivakumar
Poojari<Shivakumar.Poojari@xxxxxxxx>;openssl-users@xxxxxxxxxxx
Cc: Paramashivaiah, Sunil<Sunil.Paramashivaiah@xxxxxxxx>;
Bhattacharjee, Debapriyo (c)<dbhattacharjee@xxxxxxxx>
Subject: Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0

I am sorry but as I said providers are not a direct replacement for
ENGINEs. It is a completely different implementation of the same
concept of pluggable cryptographical modules for OpenSSL. You can
look at the OpenSSL manual pages for the providers.

This is the starting point:
https://www.openssl.org/docs/man3.0/man7/provider.html

There is no tutorial as for how to implement your own provider. And
as I said on the application side if the application loads an
OpenSSL configuration file the providers loaded can be configured
via the config file and does not require any explicit API calls from
the application.

I'd recommend looking at some of the test sources in the tests
directory for some code examples.

Tomas

On Wed, 2021-09-15 at 10:34 +0000, Shivakumar Poojari wrote:
Hi Tomas,
As Engine function are deprecated I tried using providers

But how to use providers to get engine functionality tried in man
pages

Some sample program will help, maybe some sample program will give the
clear idea how to use provider

Struggling in understand the providers

Please share the sample program and the links to understand the
providers

Thanks,
shiva kumar


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux