Hello OpenSSL Community,
this might be a "newbie" question related to the 3.x providers architecture, but I am having some issues understanding where the signature OID should be actually set when generating a new signature. Similarly, when validating signatures, which are the functions that are supposed to check / use the signature OIDs and parameters?
For example, are these the functions where you are supposed to set the signature OIDs (sign/digest sign)?
- OSSL_FUNC_signature_sign_init_fn
- OSSL_FUNC_signature_sign_fn
- OSSL_FUNC_signature_digest_sign_init_fn
- OSSL_FUNC_signature_digest_sign_fn
or maybe it is done through the signature ctx params?
- OSSL_FUNC_signature_set_ctx_params
- OSSL_FUNC_signature_settable_ctx_params
or, again, this is the more appropriate set of functions?
- OSSL_FUNC_signature_set_ctx_md_params
- OSSL_FUNC_signature_settable_ctx_md_params
If I understand the documentation here:
The "algorithm-id" and the "digest" can be set/get via the
OSSL_FUNC_signature_gettable_ctx_params() and
OSSL_FUNC_signature_settable_ctx_params() where, I guess, you use
the context to save/get the algorithm(s)... but where can I get
the pointer to the X509_ALGOR to get/set OIDs and parameter(s)?
Thanks,
Max
OpenCA Labs Director
