NAME
ASN1_item_sign
,
ASN1_item_sign_ctx
—
DER-encode and sign an ASN.1
value
SYNOPSIS
#include
<openssl/x509.h>
int
ASN1_item_sign
(const ASN1_ITEM
*it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING
*sig_out, void *val_in, EVP_PKEY
*pkey, const EVP_MD *type);
int
ASN1_item_sign_ctx
(const ASN1_ITEM
*it, X509_ALGOR *algor1,
X509_ALGOR *algor2, ASN1_BIT_STRING
*sig_out, void *val_in,
EVP_MD_CTX *ctx);
DESCRIPTION
ASN1_item_sign
()
assumes that val_in is an
ASN1_VALUE of the type specified by
it, encodes it into DER format by calling
ASN1_item_i2d(3), and signs the resulting byte array in a way similar
to EVP_DigestSign(3), using a signing context created with
EVP_DigestSignInit(3) for the given digest
type and private key pkey. The
created signature is placed into the sig_out object
provided by the caller, freeing and replacing any data already contained in
that object.
ASN1_item_sign_ctx
()
is similar except that the provided ctx is used rather
than creating a new one. No matter whether
ASN1_item_sign_ctx
() succeeds or fails,
EVP_MD_CTX_cleanup(3) is called on ctx
before returning.
For both functions, unless algor1 is
NULL
, its algorithm OID and parameter type are set
according to the digest type used, and its parameter
value is cleared. In RSA-PSS mode, the parameter value is also copied into
algor1. Unless algor2 is
NULL
, the same data is copied into it.
RETURN VALUES
These functions return the length of the signature in bytes or 0 if memory allocation, encoding, or signing fails.
ASN1_item_sign_ctx
() also fails and
returns 0 if ctx is not fully initialized.
SEE ALSO
ASN1_BIT_STRING_new(3), ASN1_item_digest(3), ASN1_item_i2d(3), ASN1_item_verify(3), EVP_Digest(3), EVP_DigestSign(3), EVP_MD_CTX_new(3), EVP_PKEY_new(3), OBJ_find_sigid_by_algs(3), X509_ALGOR_new(3)
HISTORY
ASN1_item_sign
() first appeared in OpenSSL
0.9.7 and has been available since OpenBSD 3.1.
ASN1_item_sign_ctx
() first appeared in
OpenSSL 1.0.1 and has been available since OpenBSD
5.3.