Support of OpenSSL providers for digest calculation #679
Description
Hello,
Since OpenSSL 3.0, providers API has been added (https://docs.openssl.org/3.5/man7/provider/), which allow users to fetch custom algorithm implementations when performing operations, such as digest calculation.
I am using libdigidocpp library for XADES signatures, and I have implemented an OpenSSL provider for digest. I would like to be able use it when doing a XADES signature with libdigidocpp, in order to be able to do specific processing during digest calculation. I see in the code that digest calculation is done in Digest class, with the initialization done with EVP_DigestInit function. Being compliant with OpenSSL providers would require :
- To fetch the digest implementation explicitely with EVP_MD_fetch instead of implicitely with EVP_get_digestbynid, as it is possible to give a provider name as the third parameter of EVP_MD_fetch (you can give a property like "provider=myprovider").
- To use EVP_DigestInit_ex2 instead of EVP_DigestInit, allowing to give specific parameters during initialization that the provider will be able to recognize.
Furthermore, the use of explicit fetching could be better in terms of performance, according to OpenSSL : https://docs.openssl.org/master/man7/ossl-guide-libcrypto-introduction/#performance
I suppose this enhancement would thus require to add two parameters in the Conf, i.e. one for the properties to give during algorithm fetching (a string), and one for the parameters to give during digest context initialization (an OSSL_PARAM*, an object from OpenSSL).
What do you think about it ?