Comment 8 for bug 2023545

As you mention, it's difficult to test with this reproducer specifically since it's specialized hardware and I've largely had to rely on testing from the proxied persons who also have interests and duties in this working well. The issue also appears without the specific hardware when using providers for some functions but openssl 3.0 providers are recent and not very widely used so there aren't many one that fit either and the verification/setup is correspondingly high. On the bright side, the potential for damage is low due to the small userbase. One last thing: I don't know if this could work less well than right now since they get crashes.

The "engines-1.1" is not necessarily a concern: libengine-gost-openssl/libengine-gost-openssl1.1 was/were putting files in a similar place without issue IIRC. I don't have a good example to show because the package currently for jammy puts it in / directly... . In any case, the path should be configured and the actual location isn't really an issue. You can see the configuration on https://sysos.ru/archives/589 (russian, search for "openssl_def"; I have seen non-russian links too but I can't find them again).

The package for the SRU is already in -proposed so it should be possible to test already. It's (very) late here though so I'll come back to this and the tests tomorrow. Thanks for the review, comments, and testcase.