Setter methods for X509_REQ signature attributes

Enrico Scholz enrico.scholz at
Thu Apr 4 11:26:01 UTC 2019


I want to use OpenSSL to create an X509 request where the signature has
been calculated by an external device (ATMEL ATECC508A).  With OpenSSL
1.0 I used

	X509_REQ *req;

	req = X509_REQ_new();

	algor = X509_ALGOR_new();
	algor->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA256);
	req->sig_alg = algor;

	ASN1_BIT_STRING_set(req->signature, asn1sig, asn1len);
	req->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
	req->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;

How can I port this code to OpenSSL 1.1?  There do not seem to exist
setter methods for 'sig_alg' or 'signature'.

I could use X509_REQ_get0_signature(), cast away the 'const' from the
returned pointers and modify them.  But this would be hacky and not

What is the recommended way to create an X509 REQ with OpenSSL 1.1 when
all the crypto has been done in the outside and I need only the ASN.1

Would it be possible to add setter methods for 'sig_alg' and 'signature'?


More information about the openssl-users mailing list