On 15 September 2021 17:07:59 BST, Matt Caswell <matt@xxxxxxxxxxx> wrote:
On 15/09/2021 16:57, Matt Caswell wrote:
On 15/09/2021 16:50, Kris Kwiatkowski wrote:Can you point to instructions on how to load provider
it into OpenSSL?
Is there something similar to "[engine_section]",
that can be used to configure loading from openssl.conf?
Yes. See the "config" man page here:
https://www.openssl.org/docs/man3.0/man5/config.html
And here are some simple config files that do this:
https://github.com/openssl/openssl/blob/master/test/default.cnf
https://github.com/openssl/openssl/blob/master/test/default-and-fips.cnf
https://github.com/openssl/openssl/blob/master/test/default-and-legacy.cnf
https://github.com/openssl/openssl/blob/master/test/fips-and-base.cnf
https://github.com/openssl/openssl/blob/master/test/fips.cnf
Matt
In particular look at the section "Provider Configuration"
You can also load providers through the API. See:
https://www.openssl.org/docs/man3.0/man3/OSSL_PROVIDER_load.html
Matt
BR,
Kris
On 9/15/21 4:39 PM, Matt Caswell wrote:Another, slightly more complicated, but fully self contained provider is
here:
https://github.com/openssl/openssl/blob/master/test/tls-provider.c
And another one here:
https://github.com/openssl/openssl/blob/master/test/p_test.c
A minimal bare bones provider is here:
https://github.com/openssl/openssl/blob/master/providers/nullprov.c
The legacy provider is also worth looking at:
https://github.com/openssl/openssl/blob/master/providers/legacyprov.c
Matt
On 15/09/2021 13:26, Petr Gotthard wrote:Shiva,
you may also have a look at
thehttps://github.com/provider-corner/vigenere
That's (as far as I know) the most simple provider implementation
available.
Petr
-----Original Message-----
From: openssl-users<openssl-users-bounces@xxxxxxxxxxx> On Behalf Of
Tomas Mraz
Sent: Wednesday, September 15, 2021 2:18 PM
To: Shivakumar
Poojari<Shivakumar.Poojari@xxxxxxxx>;openssl-users@xxxxxxxxxxx
Cc: Paramashivaiah, Sunil<Sunil.Paramashivaiah@xxxxxxxx>;
Bhattacharjee, Debapriyo (c)<dbhattacharjee@xxxxxxxx>
Subject: Re: [EXTERNAL] Re: ENGINE API replacement for Openssl3.0
I am sorry but as I said providers are not a direct replacement for
ENGINEs. It is a completely different implementation of the same
concept of pluggable cryptographical modules for OpenSSL. You can
look at the OpenSSL manual pages for the providers.
This is the starting point:
https://www.openssl.org/docs/man3.0/man7/provider.html
There is no tutorial as for how to implement your own provider. And
as I said on the application side if the application loads an
OpenSSL configuration file the providers loaded can be configured
via the config file and does not require any explicit API calls from
the application.
I'd recommend looking at some of the test sources in the tests
directory for some code examples.
Tomas
On Wed, 2021-09-15 at 10:34 +0000, Shivakumar Poojari wrote:Hi Tomas,
As Engine function are deprecated I tried using providers
But how to use providers to get engine functionality tried in man
pages
Some sample program will help, maybe some sample program will give the
clear idea how to use provider
Struggling in understand the providers
Please share the sample program and the links to understand the
providers
Thanks,
shiva kumar
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Sent from my Android device with K-9 Mail. Please excuse my brevity.
