Using OpenSSL with the IBMCA provider

Starting with OpenSSL 3.0, you must use the IBMCA provider, because older versions of OpenSSL only support the IBMCA engine.

Features of the IBMCA provider
The IBMCA provider implements a dynamically loadable extension to OpenSSL to accelerate clear key cryptographic operations. In contrast to the IBMCA engine, which routes cryptographic operations to the libica.so library file, the IBMCA provider routes operations to the library module libica-cex.so of libica version 4.0 or later, which performs the operations on cryptographic adapters configured in either accelerator mode or CCA mode.
Configuring OpenSSL to use the IBMCA provider
In the OpenSSL configuration file openssl.cnf, you can include a section for the IBMCA provider to specify crypto operations that should use the acceleration capabilities of IBM Z® and LinuxONE cryptographic hardware.
Usage notes for the IBMCA provider
For IBMCA provider operations using RSA keys, ECC keys, or DH keys you need to consider the listed usage notes and restrictions.

Parent topic: OpenSSL with IBMCA extension