On Fri, Jul 19, 2024 at 4:55 PM tomasz bartczak <tbar...@poczta.fm> wrote:
> If I use the crypto library I can provide desired properties like in > EVP_ASYM_CIPHER_fetch function. However when I use the ssl library, how to > make sure it calls the mentioned EVP_ASYM_CIPHER_fetch function with > properties required by me? > You can set a property query while creating the SSL context using SSL_CTX_new_ex(). Or set it on the libctx using EVP_set_default_properties(). That said, what you are trying to do may work with no need for property queries or even with "?provider=default" to prefer "default" when possible. When the private key is loaded using your provider and the *key is not exportable*, your provider will get called for signature operation. See the link below for a test program on how even "?provider=default" in the signing context fetches the correct signature operation for a key in a different provider. It also has the rudiments of an external key signing provider: https://gist.github.com/selvanair/e4fd5fec6316fe894ad0fbaac68f4355 OR https://github.com/openssl/openssl/commit/dd292ed62cc5d3eb0c529aa51a07ec1ed34a9a5f Selva