Providers: Setting the Signature OID and Parameters

Dr. Pala madwolf at
Tue Aug 29 19:56:07 UTC 2023

Hello OpenSSL Community,

this might be a "newbie" question related to the 3.x providers 
architecture, but I am having some issues understanding where the 
signature OID should be actually set when generating a new signature. 
Similarly, when validating signatures, which are the functions that are 
supposed to check / use the signature OIDs and parameters?

For example, are these the functions where you are supposed to set the 
signature OIDs (sign/digest sign)?

  * OSSL_FUNC_signature_sign_init_fn
  * OSSL_FUNC_signature_sign_fn

  * OSSL_FUNC_signature_digest_sign_init_fn
  * OSSL_FUNC_signature_digest_sign_fn

or maybe it is done through the signature ctx params?

  * OSSL_FUNC_signature_set_ctx_params
  * OSSL_FUNC_signature_settable_ctx_params

or, again, this is the more appropriate set of functions?

  * OSSL_FUNC_signature_set_ctx_md_params
  * OSSL_FUNC_signature_settable_ctx_md_params

If I understand the documentation here:


The "algorithm-id" and the "digest" can be set/get via the 
OSSL_FUNC_signature_gettable_ctx_params() and 
OSSL_FUNC_signature_settable_ctx_params() where, I guess, you use the 
context to save/get the algorithm(s)... but where can I get the pointer 
to the X509_ALGOR to get/set OIDs and parameter(s)?


Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: b3jaYgjwD6kqAOyB.png
Type: image/png
Size: 3146 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list