Providers: Setting the Signature OID and Parameters
Richard Levitte
levitte at openssl.org
Wed Sep 6 06:04:22 UTC 2023
Richard Levitte <levitte at openssl.org> writes:
> Tomas Mraz <tomas at openssl.org> writes:
>
>> On Tue, 2023-08-29 at 13:56 -0600, Dr. Pala wrote:
>> The algorithm-id parameter is gettable only.
>
> Er, I beg to differ, at least conceptually speaking. There's nothing
> stopping a signature implementation, for example, from allowing the
> application to set the AlgorithmIdentifier parameters. As a matter of
> fact, we have functionality that supports that, but currently only
> for EVP_CIPHER. For others, direct use of OSSL_PARAM setters is still
> possible.
>
> However, it is true that /our providers/ do not support setting the
> AlgorithmIdentifier parameters... yet.
I may have to retract what I said there, 'cause the EVP_SIGNATURE isn't
exactly easy for the caller to get to, as it's fetched internally.
... and there's work going on to remediate that.
Cheers,
Richard
--
Richard Levitte levitte at openssl.org
OpenSSL Project http://www.openssl.org/~levitte/
More information about the openssl-users
mailing list