Own HW Supported RSA provider
Selva Nair
selva.nair at gmail.com
Sat Jul 20 17:08:03 UTC 2024
On Fri, Jul 19, 2024 at 4:55 PM tomasz bartczak <tbartcz at poczta.fm> wrote:
> If I use the crypto library I can provide desired properties like in
> EVP_ASYM_CIPHER_fetch function. However when I use the ssl library, how to
> make sure it calls the mentioned EVP_ASYM_CIPHER_fetch function with
> properties required by me?
>
You can set a property query while creating the SSL context using
SSL_CTX_new_ex(). Or set it on the libctx using
EVP_set_default_properties().
That said, what you are trying to do may work with no need for
property queries or even with "?provider=default" to prefer "default" when
possible. When the private key is loaded using your provider and the *key
is not exportable*, your provider will get called for signature operation.
See the link below for a test program on how even "?provider=default" in
the signing context fetches the correct signature operation for a key in a
different provider. It also has the rudiments of an external key signing
provider:
https://gist.github.com/selvanair/e4fd5fec6316fe894ad0fbaac68f4355
OR
https://github.com/openssl/openssl/commit/dd292ed62cc5d3eb0c529aa51a07ec1ed34a9a5f
Selva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240720/503cb0b5/attachment.htm>
More information about the openssl-users
mailing list