On Fri, Jul 19, 2024 at 4:55 PM tomasz bartczak <tbartcz@xxxxxxxxx> wrote:
If I use the crypto library I can provide desired properties like in EVP_ASYM_CIPHER_fetch function. However when I use the ssl library, how to make sure it calls the mentioned EVP_ASYM_CIPHER_fetch function with properties required by me?
You can set a property query while creating the SSL context using SSL_CTX_new_ex(). Or set it on the libctx using EVP_set_default_properties().
That said, what you are trying to do may work with no need for property queries or even with "?provider=default" to prefer "default" when possible. When the private key is loaded using your provider and the key is not exportable, your provider will get called for signature operation.
See the link below for a test program on how even "?provider=default" in the signing context fetches the correct signature operation for a key in a different provider. It also has the rudiments of an external key signing provider:
OR
Selva
