Hi Selva, Thanks for your clear answer. Regards Tom Temat: Re: Own HW Supported RSA provider Data: 2024-07-20 19:08 Nadawca: "Selva Nair" <selva.n...@gmail.com> Adresat: DW: "openssl-users@openssl.org" <openssl-users@openssl.org>;
> > On Fri, Jul 19, 2024 at 4:55 PM tomasz bartczak <tbar...@poczta.fm> wrote: > >> >> If I use the crypto library I can provide desired properties like in >> EVP_ASYM_CIPHER_fetch function. However when I use the ssl library, how to >> make sure it calls the mentioned EVP_ASYM_CIPHER_fetch function with >> properties required by me? >> > > You can set a property query while creating the SSL context using > SSL_CTX_new_ex(). Or set it on the libctx using > EVP_set_default_properties(). > > That said, what you are trying to do may work with no need for > property queries or even with "?provider=default" to prefer "default" > when possible. When the private key is loaded using your provider and the key > is not exportable, your provider will get called for signature operation. > > See the link below for a test program on how even "?provider=default" in the > signing context fetches the correct signature operation for a key in a > different provider. It also has the rudiments of an external key signing > provider: > > https://gist.github.com/selvanair/e4fd5fec6316fe894ad0fbaac68f4355 > > OR > > https://github.com/openssl/openssl/commit/dd292ed62cc5d3eb0c529aa51a07ec1ed34a9a5f > > Selva >
