CMS_get0_SignerInfos, CMS_SignerInfo_get_version, CMS_SignerInfo_get0_signer_id, CMS_SignerInfo_get0_signature, CMS_SignerInfo_cert_cmp, CMS_SignerInfo_set1_signer_certCMS SignedData signer functions

#include <openssl/cms.h>

STACK_OF(CMS_SignerInfo) *
CMS_get0_SignerInfos(CMS_ContentInfo *cms);

CMS_SignerInfo_get_version(CMS_SignerInfo *si, long *version);

CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);

CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);

CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *certificate);

CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);

() returns all the SignerInfo structures associated with the SignedData structure cms.

() sets *version to the syntax version number of the SignerInfo structure si.

() retrieves the certificate SignerIdentifier associated with the SignerInfo structure si. Either the SubjectKeyIdentifier will be set in keyid or both issuer name and serial number in issuer and sno.

() retrieves the signature field of si. The application program is allowed to modify the data pointed to.

() compares the certificate against the signer identifier of si.

() sets the signer certificate of si to signer.

The main purpose of these functions is to enable an application to look up signer certificates using any appropriate technique when the simpler method of CMS_verify(3) is not appropriate.

In typical usage, an application retrieves all CMS_SignerInfo structures using () and retrieves the identifier information using CMS. It will then obtain the signer certificate by some unspecified means (or return and error if it cannot be found) and set it using CMS_SignerInfo_set1_signer_cert(). Once all signer certificates have been set, CMS_verify(3) can be used.

CMS_get0_SignerInfos() returns an internal pointer to all the CMS_SignerInfo structures, or NULL if there are no signers or if cms is not of the type SignedData.

CMS_SignerInfo_get_version() always succeeds and returns 1.

CMS_SignerInfo_get0_signer_id() returns 1 for success or 0 for failure.

CMS_SignerInfo_get0_signature() returns an internal pointer to the signature.

CMS_SignerInfo_cert_cmp() returns 0 for a match or non-zero otherwise.

Any error can be obtained from ERR_get_error(3).

CMS_ContentInfo_new(3), CMS_signed_add1_attr(3), CMS_verify(3)

RFC 5652: Cryptographic Message Syntax (CMS)

  • section 5.1: SignedData Type
  • section 5.3: SignerInfo Type

CMS_get0_SignerInfos(), CMS_SignerInfo_get0_signer_id(), CMS_SignerInfo_cert_cmp(), and CMS_SignerInfo_set1_signer_cert() first appeared in OpenSSL 0.9.8h and CMS_SignerInfo_get0_signature() in OpenSSL 1.0.2. These functions have been available since OpenBSD 6.7.

CMS_SignerInfo_get_version() first appeared in OpenBSD 7.4.

January 22, 2024 OpenBSD 7.5