| OLD | NEW |
|---|
| (Empty) | |
| 1 =pod |
| 2 |
| 3 =head1 NAME |
| 4 |
| 5 CMS_sign_add1_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo s
igned data structure. |
| 6 |
| 7 =head1 SYNOPSIS |
| 8 |
| 9 #include <openssl/cms.h> |
| 10 |
| 11 CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_
PKEY *pkey, const EVP_MD *md, unsigned int flags); |
| 12 |
| 13 int CMS_SignerInfo_sign(CMS_SignerInfo *si); |
| 14 |
| 15 |
| 16 =head1 DESCRIPTION |
| 17 |
| 18 CMS_sign_add1_signer() adds a signer with certificate B<signcert> and private |
| 19 key B<pkey> using message digest B<md> to CMS_ContentInfo SignedData |
| 20 structure B<cms>. |
| 21 |
| 22 The CMS_ContentInfo structure should be obtained from an initial call to |
| 23 CMS_sign() with the flag B<CMS_PARTIAL> set or in the case or re-signing a |
| 24 valid CMS_ContentInfo SignedData structure. |
| 25 |
| 26 If the B<md> parameter is B<NULL> then the default digest for the public |
| 27 key algorithm will be used. |
| 28 |
| 29 Unless the B<CMS_REUSE_DIGEST> flag is set the returned CMS_ContentInfo |
| 30 structure is not complete and must be finalized either by streaming (if |
| 31 applicable) or a call to CMS_final(). |
| 32 |
| 33 The CMS_SignerInfo_sign() function will explicitly sign a CMS_SignerInfo |
| 34 structure, its main use is when B<CMS_REUSE_DIGEST> and B<CMS_PARTIAL> flags |
| 35 are both set. |
| 36 |
| 37 =head1 NOTES |
| 38 |
| 39 The main purpose of CMS_sign_add1_signer() is to provide finer control |
| 40 over a CMS signed data structure where the simpler CMS_sign() function defaults |
| 41 are not appropriate. For example if multiple signers or non default digest |
| 42 algorithms are needed. New attributes can also be added using the returned |
| 43 CMS_SignerInfo structure and the CMS attribute utility functions or the |
| 44 CMS signed receipt request functions. |
| 45 |
| 46 Any of the following flags (ored together) can be passed in the B<flags> |
| 47 parameter. |
| 48 |
| 49 If B<CMS_REUSE_DIGEST> is set then an attempt is made to copy the content |
| 50 digest value from the CMS_ContentInfo structure: to add a signer to an existing |
| 51 structure. An error occurs if a matching digest value cannot be found to copy. |
| 52 The returned CMS_ContentInfo structure will be valid and finalized when this |
| 53 flag is set. |
| 54 |
| 55 If B<CMS_PARTIAL> is set in addition to B<CMS_REUSE_DIGEST> then the |
| 56 CMS_SignerInfo structure will not be finalized so additional attributes |
| 57 can be added. In this case an explicit call to CMS_SignerInfo_sign() is |
| 58 needed to finalize it. |
| 59 |
| 60 If B<CMS_NOCERTS> is set the signer's certificate will not be included in the |
| 61 CMS_ContentInfo structure, the signer's certificate must still be supplied in |
| 62 the B<signcert> parameter though. This can reduce the size of the signature if |
| 63 the signers certificate can be obtained by other means: for example a |
| 64 previously signed message. |
| 65 |
| 66 The SignedData structure includes several CMS signedAttributes including the |
| 67 signing time, the CMS content type and the supported list of ciphers in an |
| 68 SMIMECapabilities attribute. If B<CMS_NOATTR> is set then no signedAttributes |
| 69 will be used. If B<CMS_NOSMIMECAP> is set then just the SMIMECapabilities are |
| 70 omitted. |
| 71 |
| 72 OpenSSL will by default identify signing certificates using issuer name |
| 73 and serial number. If B<CMS_USE_KEYID> is set it will use the subject key |
| 74 identifier value instead. An error occurs if the signing certificate does not |
| 75 have a subject key identifier extension. |
| 76 |
| 77 If present the SMIMECapabilities attribute indicates support for the following |
| 78 algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 |
| 79 bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. |
| 80 If any of these algorithms is not available then it will not be included: for ex
ample the GOST algorithms will not be included if the GOST ENGINE is |
| 81 not loaded. |
| 82 |
| 83 CMS_sign_add1_signer() returns an internal pointer to the CMS_SignerInfo |
| 84 structure just added, this can be used to set additional attributes |
| 85 before it is finalized. |
| 86 |
| 87 =head1 RETURN VALUES |
| 88 |
| 89 CMS_sign1_add_signers() returns an internal pointer to the CMS_SignerInfo |
| 90 structure just added or NULL if an error occurs. |
| 91 |
| 92 =head1 SEE ALSO |
| 93 |
| 94 L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_sign(3)|CMS_sign(3)>, |
| 95 L<CMS_final(3)|CMS_final(3)>, |
| 96 |
| 97 =head1 HISTORY |
| 98 |
| 99 CMS_sign_add1_signer() was added to OpenSSL 0.9.8 |
| 100 |
| 101 =cut |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/