[openssl-users] RSA_method_set_sign

Melvyn Sopacua m.r.sopacua at gmail.com
Sat Feb 25 09:06:55 UTC 2017

Hi Stephen,

thank you for taking the time to answer.

On Saturday 25 February 2017 04:18:01 Dr. Stephen Henson wrote:
> On Sat, Jan 14, 2017, Melvyn Sopacua wrote:
> > This is caused by the code in [3].
> > That file also shows the problem: OpenSSL itself has access to
> > X509_SIG (and friends) internals as demonstrated in encode_pkcs1().
> > But, I don't see any way to setup the same context(s) from outside
> > OpenSSL. There's no X509_*_set_<anything> to setup the algorithm
> > and parameters.
> > 
> > Am I missing something or is it simply no longer possible to
> > implement these callbacks properly?
> Can you give a pointer to the part that is causing problems?

The method I'm trying to port is this:

> The rsa_sign interface is used where the only interface available is
> passed the digest algorithm and the raw digest and it performs its
> own formatting using DigestInfo etc.
> If you don't want to do that then the rsa_priv_enc method is more
> appropriate: it gets passed the block to encrypt (sign) and all the
> DigestInfo formatting is handled by OpenSSL itself.

This may be a better approach in the long run. Thank you.

> If you really need to it should be possible to set up or examine an
> X509_SIG structure using the available APIs. For example to retieve
> its fields you use X509_SIG_get0 and to set them X509_SIG_getm.

Well, that explains why I couldn't find it. I was looking for something 
X509_SIG_*set* and never thought X509_SIG_getm() would be what I needed.

sig.algor= &algor;
sig.digest = &digest;
X509_SIG_getm(sig, palg, pdigest);
*palg = algor;
*pdigest = digest;

And I'm guessing I have to free the structures retrieved by getm() if 
they're not NULL. I may just wrap this in a X509_SIG_setup() function so 
the freeing isn't forgotten.

Melvyn Sopacua

More information about the openssl-users mailing list