Providers: Setting the Signature OID and Parameters

Richard Levitte levitte at
Wed Sep 6 06:04:22 UTC 2023

Richard Levitte <levitte at> writes:

> Tomas Mraz <tomas at> writes:
>> On Tue, 2023-08-29 at 13:56 -0600, Dr. Pala wrote:
>> The algorithm-id parameter is gettable only.
> Er, I beg to differ, at least conceptually speaking.  There's nothing
> stopping a signature implementation, for example, from allowing the
> application to set the AlgorithmIdentifier parameters.  As a matter of
> fact, we have functionality that supports that, but currently only
> for EVP_CIPHER.  For others, direct use of OSSL_PARAM setters is still
> possible.
> However, it is true that /our providers/ do not support setting the
> AlgorithmIdentifier parameters...  yet.

I may have to retract what I said there, 'cause the EVP_SIGNATURE isn't
exactly easy for the caller to get to, as it's fetched internally.

...  and there's work going on to remediate that.


Richard Levitte         levitte at
OpenSSL Project

More information about the openssl-users mailing list