.\" $OpenBSD: ASN1_item_sign.3,v 1.2 2021/12/18 17:47:44 schwarze Exp $ .\" .\" Copyright (c) 2021 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above .\" copyright notice and this permission notice appear in all copies. .\" .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .Dd $Mdocdate: December 18 2021 $ .Dt ASN1_ITEM_SIGN 3 .Os .Sh NAME .Nm ASN1_item_sign , .Nm ASN1_item_sign_ctx .Nd DER-encode and sign an ASN.1 value .Sh SYNOPSIS .In openssl/x509.h .Ft int .Fo ASN1_item_sign .Fa "const ASN1_ITEM *it" .Fa "X509_ALGOR *algor1" .Fa "X509_ALGOR *algor2" .Fa "ASN1_BIT_STRING *sig_out" .Fa "void *val_in" .Fa "EVP_PKEY *pkey" .Fa "const EVP_MD *type" .Fc .Ft int .Fo ASN1_item_sign_ctx .Fa "const ASN1_ITEM *it" .Fa "X509_ALGOR *algor1" .Fa "X509_ALGOR *algor2" .Fa "ASN1_BIT_STRING *sig_out" .Fa "void *val_in" .Fa "EVP_MD_CTX *ctx" .Fc .Sh DESCRIPTION .Fn ASN1_item_sign assumes that .Fa val_in is an .Vt ASN1_VALUE of the type specified by .Fa it , encodes it into DER format by calling .Xr ASN1_item_i2d 3 , and signs the resulting byte array in a way similar to .Xr EVP_DigestSign 3 , using a signing context created with .Xr EVP_DigestSignInit 3 for the given digest .Fa type and private key .Fa pkey . The created signature is placed into the .Fa sig_out object provided by the caller, freeing and replacing any data already contained in that object. .Pp .Fn ASN1_item_sign_ctx is similar except that the provided .Ft ctx is used rather than creating a new one. No matter whether .Fn ASN1_item_sign_ctx succeeds or fails, .Xr EVP_MD_CTX_cleanup 3 is called on .Fa ctx before returning. .Pp For both functions, unless .Fa algor1 is .Dv NULL , its algorithm OID and parameter type are set according to the digest .Fa type used, and its parameter value is cleared. In RSA-PSS mode, the parameter value is also copied into .Fa algor1 . Unless .Fa algor2 is .Dv NULL , the same data is copied into it. .\" The following is not yet supported by LibreSSL .\" because we do not provide EVP_PKEY_asn1_set_item(3). .\" except that user-defined key types set up with .\" .Xr EVP_PKEY_asn1_new 3 .\" may optionally provide information about a second algorithm in .\" .Fa algor2 . .Sh RETURN VALUES These functions return the length of the signature in bytes or 0 if memory allocation, encoding, or signing fails. .Pp .Fn ASN1_item_sign_ctx also fails and returns 0 if .Fa ctx is not fully initialized. .Sh SEE ALSO .Xr ASN1_BIT_STRING_new 3 , .Xr ASN1_item_digest 3 , .Xr ASN1_item_i2d 3 , .Xr ASN1_item_verify 3 , .Xr EVP_Digest 3 , .Xr EVP_DigestSign 3 , .Xr EVP_MD_CTX_new 3 , .\" We do not provide EVP_PKEY_asn1_set_item(3). .\" .Xr EVP_PKEY_asn1_new 3 , .Xr EVP_PKEY_new 3 , .Xr OBJ_find_sigid_by_algs 3 , .Xr X509_ALGOR_new 3 .Sh HISTORY .Fn ASN1_item_sign first appeared in OpenSSL 0.9.7 and has been available since .Ox 3.1 . .Pp .Fn ASN1_item_sign_ctx first appeared in OpenSSL 1.0.1 and has been available since .Ox 5.3 .