EVP_get_digestbyname and 'standard' signature algorithm names
I'm trying to develop an application with OpenSSL that needs to verify
a variety of digital signatures from different places. Currently I use
EVP_get_digestbyname to get an EVP_MD handle identifying the algorithm
used, and this works well for things that originally came from OpenSSL,
but less well with things that come from elsewhere.
For example, Oracle sends me signatures identified as "SHA512withRSA",
which I need to translate into "sha512WithRSAEncryption" in order for
EVP_get_digestbyname to accept and give me something that works (note
the case differences as well as the extra -Encryption suffix).
Is there any sort of standard for what these strings should be? Is
there a way to get OpenSSL to be more 'permissive' when looking up
algorithms by name like this? Currently I'm just manually building
up a set of aliases to translate to their OpenSSL equivalents as I
run into them, but it seems it should be possible to do something
RE: EVP_get_digestbyname and 'standard' signature algorithm names
There are a few places these things are specified -- in the names given to the OID arcs, which means looking in SSL, TLS, CMS, S/MIME, etc. OpenSSL has a pretty complete list of those. Another source is in the URI's for things like XMLDSig and XMLEncryption.
Your approach of having an 'alias table' is probably the best way to go.
Principal Security Engineer