Setter methods for X509_REQ signature attributes
Enrico Scholz
enrico.scholz at sigma-chemnitz.de
Thu Apr 4 11:26:01 UTC 2019
Hello,
I want to use OpenSSL to create an X509 request where the signature has
been calculated by an external device (ATMEL ATECC508A). With OpenSSL
1.0 I used
X509_REQ *req;
req = X509_REQ_new();
algor = X509_ALGOR_new();
algor->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA256);
X509_ALGOR_free(req->sig_alg);
req->sig_alg = algor;
ASN1_BIT_STRING_set(req->signature, asn1sig, asn1len);
req->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
req->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
How can I port this code to OpenSSL 1.1? There do not seem to exist
setter methods for 'sig_alg' or 'signature'.
I could use X509_REQ_get0_signature(), cast away the 'const' from the
returned pointers and modify them. But this would be hacky and not
portable.
What is the recommended way to create an X509 REQ with OpenSSL 1.1 when
all the crypto has been done in the outside and I need only the ASN.1
structure?
Would it be possible to add setter methods for 'sig_alg' and 'signature'?
Thanks
Enrico
More information about the openssl-users
mailing list