Providers: Setting the Signature OID and Parameters
Dr. Pala
madwolf at openca.org
Tue Aug 29 19:56:07 UTC 2023
Hello OpenSSL Community,
this might be a "newbie" question related to the 3.x providers
architecture, but I am having some issues understanding where the
signature OID should be actually set when generating a new signature.
Similarly, when validating signatures, which are the functions that are
supposed to check / use the signature OIDs and parameters?
For example, are these the functions where you are supposed to set the
signature OIDs (sign/digest sign)?
* OSSL_FUNC_signature_sign_init_fn
* OSSL_FUNC_signature_sign_fn
* OSSL_FUNC_signature_digest_sign_init_fn
* OSSL_FUNC_signature_digest_sign_fn
or maybe it is done through the signature ctx params?
* OSSL_FUNC_signature_set_ctx_params
* OSSL_FUNC_signature_settable_ctx_params
or, again, this is the more appropriate set of functions?
* OSSL_FUNC_signature_set_ctx_md_params
* OSSL_FUNC_signature_settable_ctx_md_params
If I understand the documentation here:
* https://www.openssl.org/docs/man3.1/man7/provider-signature.html
The "algorithm-id" and the "digest" can be set/get via the
OSSL_FUNC_signature_gettable_ctx_params() and
OSSL_FUNC_signature_settable_ctx_params() where, I guess, you use the
context to save/get the algorithm(s)... but where can I get the pointer
to the X509_ALGOR to get/set OIDs and parameter(s)?
Thanks,
Max
--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230829/150aac3b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: b3jaYgjwD6kqAOyB.png
Type: image/png
Size: 3146 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230829/150aac3b/attachment.png>
More information about the openssl-users
mailing list