|
Hi, I have some old code that determines the signature algorithm OID given a combination of EVP_PKEY *pkey and EVP_MD *digest. It contains an #ifdef EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. If true, it uses OBJ_find_sigid_by_algs()
with the digest and pkey->ameth->pkey_id to get the OID. The else case uses EVP_MD_pkey_type() with only the digest. Given an ECDSA pkey and a SHA256 digest the application using OpenSSL 1.0.2 outputs the expected ecdsa-with-SHA256. With OpenSSL 1.1.1 it incorrectly outputs sha256WithRSAEncryption. OpenSSL 1.0.2 has the flag defined whereas it does not exist at all in 1.1.1. As EVP_MD_pkey_type() only has the digest to work with it will always return NID_sha256WithRSAEncryption regardless of the type of EVP_PKEY
that is actually used with the digest to create a signature. Which API calls can I use in OpenSSL 1.1.1 to get the correct signature algorithm id given some combination of EVP_PKEY and EVP_MD? Regards, Andrew. |
