NAME

CMS_get0_SignerInfos, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp, CMS_SignerInfo_set1_signer_cert — CMS SignedData signer functions

SYNOPSIS

#include <openssl/cms.h> STACK_OF(CMS_SignerInfo) *
CMS_get0_SignerInfos(CMS_ContentInfo *cms); int
CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno); ASN1_OCTET_STRING *
CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); int
CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *certificate); void
CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);

DESCRIPTION

CMS_get0_SignerInfos() returns all the SignerInfo structures associated with the SignedData structure cms. CMS_SignerInfo_get0_signer_id() retrieves the certificate SignerIdentifier associated with the SignerInfo structure si. Either the SubjectKeyIdentifier will be set in keyid or both issuer name and serial number in issuer and sno. CMS_SignerInfo_get0_signature() retrieves the signature field of si. The application program is allowed to modify the data pointed to. CMS_SignerInfo_cert_cmp() compares the certificate against the signer identifier of si. CMS_SignerInfo_set1_signer_cert() sets the signer certificate of si to signer. The main purpose of these functions is to enable an application to look up signer certificates using any appropriate technique when the simpler method of CMS_verify(3) is not appropriate. In typical usage, an application retrieves all CMS_SignerInfo structures using CMS_get0_SignerInfos() and retrieves the identifier information using CMS. It will then obtain the signer certificate by some unspecified means (or return and error if it cannot be found) and set it using CMS_SignerInfo_set1_signer_cert(). Once all signer certificates have been set, CMS_verify(3) can be used.

RETURN VALUES

CMS_get0_SignerInfos() returns an internal pointer to all the CMS_SignerInfo structures, or NULL if there are no signers or if cms is not of the type SignedData. CMS_SignerInfo_get0_signer_id() returns 1 for success or 0 for failure. CMS_SignerInfo_get0_signature() returns an internal pointer to the signature. CMS_SignerInfo_cert_cmp() returns 0 for a match or non-zero otherwise. Any error can be obtained from ERR_get_error(3).

SEE ALSO

CMS_ContentInfo_new(3), CMS_verify(3)

STANDARDS

RFC 5652: Cryptographic Message Syntax (CMS)

• section 5.1: SignedData Type
• section 5.3: SignerInfo Type

HISTORY

CMS_get0_SignerInfos(), CMS_SignerInfo_get0_signer_id(), CMS_SignerInfo_cert_cmp(), and CMS_SignerInfo_set1_signer_cert() first appeared in OpenSSL 0.9.8h and CMS_SignerInfo_get0_signature() in OpenSSL 1.0.2. These functions have been available since OpenBSD 6.7.