Hi Stephen, thank you for taking the time to answer. On Saturday 25 February 2017 04:18:01 Dr. Stephen Henson wrote: > On Sat, Jan 14, 2017, Melvyn Sopacua wrote: > > This is caused by the code in [3]. > > That file also shows the problem: OpenSSL itself has access to > > X509_SIG (and friends) internals as demonstrated in encode_pkcs1(). > > But, I don't see any way to setup the same context(s) from outside > > OpenSSL. There's no X509_*_set_<anything> to setup the algorithm > > and parameters. > > > > Am I missing something or is it simply no longer possible to > > implement these callbacks properly? > > Can you give a pointer to the part that is causing problems? The method I'm trying to port is this: https://github.com/melvyn-sopacua/qca/blob/openssl11-compat/plugins/qca-ossl/qca-ossl.cpp#L2745 > The rsa_sign interface is used where the only interface available is > passed the digest algorithm and the raw digest and it performs its > own formatting using DigestInfo etc. > > If you don't want to do that then the rsa_priv_enc method is more > appropriate: it gets passed the block to encrypt (sign) and all the > DigestInfo formatting is handled by OpenSSL itself. This may be a better approach in the long run. Thank you. > If you really need to it should be possible to set up or examine an > X509_SIG structure using the available APIs. For example to retieve > its fields you use X509_SIG_get0 and to set them X509_SIG_getm. Well, that explains why I couldn't find it. I was looking for something X509_SIG_*set* and never thought X509_SIG_getm() would be what I needed. So: sig.algor= &algor; sig.digest = &digest; becomes X509_SIG_getm(sig, palg, pdigest); *palg = algor; *pdigest = digest; And I'm guessing I have to free the structures retrieved by getm() if they're not NULL. I may just wrap this in a X509_SIG_setup() function so the freeing isn't forgotten. -- Melvyn Sopacua -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users