NAME
CMS_get0_SignerInfos
,
CMS_SignerInfo_get0_signer_id
,
CMS_SignerInfo_get0_signature
,
CMS_SignerInfo_cert_cmp
,
CMS_SignerInfo_set1_signer_cert
—
CMS SignedData signer
functions
SYNOPSIS
#include
<openssl/cms.h>
STACK_OF(CMS_SignerInfo) *
CMS_get0_SignerInfos
(CMS_ContentInfo
*cms);
int
CMS_SignerInfo_get0_signer_id
(CMS_SignerInfo
*si, ASN1_OCTET_STRING **keyid,
X509_NAME **issuer, ASN1_INTEGER
**sno);
ASN1_OCTET_STRING *
CMS_SignerInfo_get0_signature
(CMS_SignerInfo
*si);
int
CMS_SignerInfo_cert_cmp
(CMS_SignerInfo
*si, X509 *certificate);
void
CMS_SignerInfo_set1_signer_cert
(CMS_SignerInfo
*si, X509 *signer);
DESCRIPTION
CMS_get0_SignerInfos
()
returns all the SignerInfo structures associated with
the SignedData structure cms.
CMS_SignerInfo_get0_signer_id
()
retrieves the certificate SignerIdentifier associated
with the SignerInfo structure
si. Either the
SubjectKeyIdentifier will be set in
keyid or both issuer name and serial number in
issuer and sno.
CMS_SignerInfo_get0_signature
()
retrieves the signature field of
si. The application program is allowed to modify the
data pointed to.
CMS_SignerInfo_cert_cmp
()
compares the certificate against the signer identifier
of si.
CMS_SignerInfo_set1_signer_cert
()
sets the signer certificate of si to
signer.
The main purpose of these functions is to enable an application to look up signer certificates using any appropriate technique when the simpler method of CMS_verify(3) is not appropriate.
In typical usage, an application
retrieves all CMS_SignerInfo structures using
CMS_get0_SignerInfos
()
and retrieves the identifier information using CMS. It will then obtain the
signer certificate by some unspecified means (or return and error if it
cannot be found) and set it using
CMS_SignerInfo_set1_signer_cert
(). Once all signer
certificates have been set,
CMS_verify(3) can be used.
RETURN VALUES
CMS_get0_SignerInfos
() returns an internal
pointer to all the CMS_SignerInfo structures, or
NULL
if there are no signers or if
cms is not of the type
SignedData.
CMS_SignerInfo_get0_signer_id
() returns 1
for success or 0 for failure.
CMS_SignerInfo_get0_signature
() returns an
internal pointer to the signature.
CMS_SignerInfo_cert_cmp
() returns 0 for a
match or non-zero otherwise.
Any error can be obtained from ERR_get_error(3).
SEE ALSO
STANDARDS
RFC 5652: Cryptographic Message Syntax (CMS)
- section 5.1: SignedData Type
- section 5.3: SignerInfo Type
HISTORY
CMS_get0_SignerInfos
(),
CMS_SignerInfo_get0_signer_id
(),
CMS_SignerInfo_cert_cmp
(), and
CMS_SignerInfo_set1_signer_cert
() first appeared in
OpenSSL 0.9.8h and CMS_SignerInfo_get0_signature
()
in OpenSSL 1.0.2. These functions have been available since
OpenBSD 6.7.