OpenBSD manual page server

NAME

X509_ALGOR_new, X509_ALGOR_free, X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp — create, change, and inspect algorithm identifiers

SYNOPSIS

#include <openssl/x509.h>

X509_ALGOR *
X509_ALGOR_new(void);

void
X509_ALGOR_free(X509_ALGOR *alg);

X509_ALGOR *
X509_ALGOR_dup(X509_ALGOR *alg);

int
X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);

void
X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *alg);

void
X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);

int
X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);

DESCRIPTION

An X509_ALGOR object represents an ASN.1 AlgorithmIdentifier structure defined in RFC 5280 section 4.1.1.2. It specifies a cryptographic algorithm by an ASN.1 object identifier (OID) that can be obtained from OBJ_nid2obj(3), together with optional algorithm-specific parameters of the type ASN1_TYPE, see ASN1_TYPE_set(3). X509_ALGOR objects are used by many other objects, for example certificates, certificate revocation lists, and certificate requests.

X509_ALGOR_new() allocates a new X509_ALGOR object containing the object that OBJ_nid2obj(3) returns for NID_undef as the algorithm and a NULL pointer as the parameters.

X509_ALGOR_free() frees alg and any data contained in it. If alg is NULL, no action occurs.

X509_ALGOR_dup() creates a deep copy of alg. It is implemented by calling ASN1_item_dup(3) with arguments of X509_ALGOR_it and alg, which is equivalent to calling i2d_X509_ALGOR(3) and d2i_X509_ALGOR(3).

X509_ALGOR_set0() sets the algorithm OID of alg to aobj and the associated parameter type to ptype with value pval. If ptype is V_ASN1_UNDEF, the parameter is omitted and pval is ignored. If ptype is zero, pval is ignored and the existing parameter is left unchanged, or if alg does not contain a parameter, a new, empty parameter of type V_ASN1_UNDEF is added. Otherwise ptype and pval have the same meaning as the type and value parameters to ASN1_TYPE_set(3). Ownership of aobj and, unless it is ignored, of pval is transferred to alg on success.

X509_ALGOR_get0() returns alg's algorithm OID in *paobj, its parameter type in *pptype, and its parameter value in *ppval. Any of paobj, pptype, and ppval can be NULL. If pptype is NULL or if *pptype is V_ASN1_UNDEF then *ppval's value is undefined.

X509_ALGOR_set_md() sets alg to appropriate values for the message digest md. If the EVP_MD_FLAG_DIGALGID_ABSENT flag is not set on md, X509_ALGOR_set_md() can leave alg in a corrupted state due to memory allocation failure. This problem can be avoided by preallocating with an error-checked call to X509_ALGOR_set0(alg, NULL, 0, NULL).

X509_ALGOR_cmp() compares a and b.

RETURN VALUES

X509_ALGOR_new() and X509_ALGOR_dup() return a new X509_ALGOR object or NULL if an error occurs.

X509_ALGOR_set0() returns 1 for success or 0 if alg is NULL or memory allocation fails.

X509_ALGOR_cmp() returns 0 if a and b have identical encodings or non-zero otherwise.

SEE ALSO

ASN1_TYPE_set(3), d2i_X509_ALGOR(3), EVP_DigestInit(3), OBJ_nid2obj(3), X509_get0_signature(3), X509_new(3), X509_PUBKEY_get0_param(3), X509_signature_dump(3)

STANDARDS

RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

HISTORY

X509_ALGOR_new() and X509_ALGOR_free() appeared in SSLeay 0.4 or earlier and have been available since OpenBSD 2.4.

X509_ALGOR_dup() first appeared in SSLeay 0.9.1 and has been available since OpenBSD 2.6.

X509_ALGOR_set0() and X509_ALGOR_get0() first appeared in OpenSSL 0.9.8h and have been available since OpenBSD 4.5.

X509_ALGOR_cmp() first appeared in OpenSSL 0.9.8zd, 1.0.0p, and 1.0.1k and has been available since OpenBSD 4.9.

X509_ALGOR_set_md() first appeared in OpenSSL 1.0.1 and has been available since OpenBSD 5.3.

BUGS

X509_ALGOR_set_md() can fail but cannot communicate failure to the caller.