Hi OpenSSL users and its glorious developers, Thank you very much for OpenSSL 3!
My question is about writing a provider. I decided to start from a Windows certificate storage provider. It already works with "openssl storeutl" command, but can't make it work with "openssl ca". When openssl expects a certificate, I return an encoded certificate directly. OpenSSL parses it and the public key belongs to the "OpenSSL RSA" provider. I can't give private keys from Windows cert. storage and return something virtual from my key management provider. At the next step, openssl.exe does matching, compares key types: public key's type is "OpenSSL RSA" and the private key type of "MYPKEY". It is done in evp_keymgmt_util_match. I was hoping it would be called OSSL_FUNC_KEYMGMT_MATCH for both providers, but it only compares strings and says types are different. If I declare that my key management also handles RSA in OSSL_ALGORITHM as "MYPKEY:RSA" OpenSSL tool gives an error that RSA has an existing different identity. I'm exploring the source, but I'm stuck. Is it the wrong approach or I missed something ? -- Best Regards Alex Dankow
