table of contents
| CMS_GET0_SIGNERINFOS(3) | Library Functions Manual | CMS_GET0_SIGNERINFOS(3) |
NAME¶
CMS_get0_SignerInfos,
CMS_SignerInfo_get_version,
CMS_SignerInfo_get0_signer_id,
CMS_SignerInfo_get0_signature,
CMS_SignerInfo_cert_cmp,
CMS_SignerInfo_set1_signer_cert —
CMS SignedData signer functions
SYNOPSIS¶
#include
<openssl/cms.h>
STACK_OF(CMS_SignerInfo) *
CMS_get0_SignerInfos(CMS_ContentInfo
*cms);
int
CMS_SignerInfo_get_version(CMS_SignerInfo
*si, long *version);
int
CMS_SignerInfo_get0_signer_id(CMS_SignerInfo
*si, ASN1_OCTET_STRING **keyid,
X509_NAME **issuer, ASN1_INTEGER
**sno);
ASN1_OCTET_STRING *
CMS_SignerInfo_get0_signature(CMS_SignerInfo
*si);
int
CMS_SignerInfo_cert_cmp(CMS_SignerInfo
*si, X509 *certificate);
void
CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo
*si, X509 *signer);
DESCRIPTION¶
CMS_get0_SignerInfos()
returns all the SignerInfo structures associated with
the SignedData structure
cms.
CMS_SignerInfo_get_version()
sets *version to the syntax version number of the
SignerInfo structure si.
CMS_SignerInfo_get0_signer_id()
retrieves the certificate SignerIdentifier associated
with the SignerInfo structure
si. Either the
SubjectKeyIdentifier will be set in
keyid or both issuer name and serial number in
issuer and sno.
CMS_SignerInfo_get0_signature()
retrieves the signature field of
si. The application program is allowed to modify the
data pointed to.
CMS_SignerInfo_cert_cmp()
compares the certificate against the signer identifier
of si.
CMS_SignerInfo_set1_signer_cert()
sets the signer certificate of si to
signer.
The main purpose of these functions is to enable an application to look up signer certificates using any appropriate technique when the simpler method of CMS_verify(3) is not appropriate.
In typical usage, an application
retrieves all CMS_SignerInfo structures using
CMS_get0_SignerInfos()
and retrieves the identifier information using CMS. It will then obtain the
signer certificate by some unspecified means (or return and error if it
cannot be found) and set it using
CMS_SignerInfo_set1_signer_cert(). Once all signer
certificates have been set, CMS_verify(3) can be used.
RETURN VALUES¶
CMS_get0_SignerInfos() returns an internal
pointer to all the CMS_SignerInfo structures, or
NULL if there are no signers or if
cms is not of the type
SignedData.
CMS_SignerInfo_get_version() always
succeeds and returns 1.
CMS_SignerInfo_get0_signer_id() returns 1
for success or 0 for failure.
CMS_SignerInfo_get0_signature() returns an
internal pointer to the signature.
CMS_SignerInfo_cert_cmp() returns 0 for a
match or non-zero otherwise.
Any error can be obtained from ERR_get_error(3).
SEE ALSO¶
CMS_ContentInfo_new(3), CMS_signed_add1_attr(3), CMS_verify(3)
STANDARDS¶
RFC 5652: Cryptographic Message Syntax (CMS)
- section 5.1: SignedData Type
- section 5.3: SignerInfo Type
HISTORY¶
CMS_get0_SignerInfos(),
CMS_SignerInfo_get0_signer_id(),
CMS_SignerInfo_cert_cmp(), and
CMS_SignerInfo_set1_signer_cert() first appeared in
OpenSSL 0.9.8h and CMS_SignerInfo_get0_signature()
in OpenSSL 1.0.2. These functions have been available since
OpenBSD 6.7.
CMS_SignerInfo_get_version() first
appeared in OpenBSD 7.4.
| January 22, 2024 | Linux 6.4.0-150600.23.25-default |