1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5*b077aed3SPierre ProncheryX509_sign, X509_sign_ctx, 6*b077aed3SPierre ProncheryX509_REQ_sign, X509_REQ_sign_ctx, 7*b077aed3SPierre ProncheryX509_CRL_sign, X509_CRL_sign_ctx - 8*b077aed3SPierre Proncherysign certificate, certificate request, or CRL signature 9e71b7053SJung-uk Kim 10e71b7053SJung-uk Kim=head1 SYNOPSIS 11e71b7053SJung-uk Kim 12e71b7053SJung-uk Kim #include <openssl/x509.h> 13e71b7053SJung-uk Kim 14e71b7053SJung-uk Kim int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); 15e71b7053SJung-uk Kim int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); 16e71b7053SJung-uk Kim 17e71b7053SJung-uk Kim int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); 18e71b7053SJung-uk Kim int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); 19e71b7053SJung-uk Kim 20e71b7053SJung-uk Kim int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); 21e71b7053SJung-uk Kim int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); 22e71b7053SJung-uk Kim 23e71b7053SJung-uk Kim=head1 DESCRIPTION 24e71b7053SJung-uk Kim 25*b077aed3SPierre ProncheryX509_sign() signs certificate I<x> using private key I<pkey> and message 26*b077aed3SPierre Proncherydigest I<md> and sets the signature in I<x>. X509_sign_ctx() also signs 27*b077aed3SPierre Proncherycertificate I<x> but uses the parameters contained in digest context I<ctx>. 28e71b7053SJung-uk Kim 29*b077aed3SPierre ProncheryX509_REQ_sign(), X509_REQ_sign_ctx(), 30*b077aed3SPierre ProncheryX509_CRL_sign(), and X509_CRL_sign_ctx() 31*b077aed3SPierre Proncherysign certificate requests and CRLs, respectively. 32e71b7053SJung-uk Kim 33e71b7053SJung-uk Kim=head1 NOTES 34e71b7053SJung-uk Kim 35e71b7053SJung-uk KimX509_sign_ctx() is used where the default parameters for the corresponding 36e71b7053SJung-uk Kimpublic key and digest are not suitable. It can be used to sign keys using 37e71b7053SJung-uk KimRSA-PSS for example. 38e71b7053SJung-uk Kim 39e71b7053SJung-uk KimFor efficiency reasons and to work around ASN.1 encoding issues the encoding 40e71b7053SJung-uk Kimof the signed portion of a certificate, certificate request and CRL is cached 41e71b7053SJung-uk Kiminternally. If the signed portion of the structure is modified the encoding 42e71b7053SJung-uk Kimis not always updated meaning a stale version is sometimes used. This is not 43e71b7053SJung-uk Kimnormally a problem because modifying the signed portion will invalidate the 44e71b7053SJung-uk Kimsignature and signing will always update the encoding. 45e71b7053SJung-uk Kim 46e71b7053SJung-uk Kim=head1 RETURN VALUES 47e71b7053SJung-uk Kim 48*b077aed3SPierre ProncheryAll functions return the size of the signature 49e71b7053SJung-uk Kimin bytes for success and zero for failure. 50e71b7053SJung-uk Kim 51e71b7053SJung-uk Kim=head1 SEE ALSO 52e71b7053SJung-uk Kim 53e71b7053SJung-uk KimL<ERR_get_error(3)>, 54e71b7053SJung-uk KimL<X509_NAME_add_entry_by_txt(3)>, 55e71b7053SJung-uk KimL<X509_new(3)>, 56*b077aed3SPierre ProncheryL<X509_verify_cert(3)>, 57*b077aed3SPierre ProncheryL<X509_verify(3)>, 58*b077aed3SPierre ProncheryL<X509_REQ_verify_ex(3)>, L<X509_REQ_verify(3)>, 59*b077aed3SPierre ProncheryL<X509_CRL_verify(3)> 60e71b7053SJung-uk Kim 61e71b7053SJung-uk Kim=head1 HISTORY 62e71b7053SJung-uk Kim 636935a639SJung-uk KimThe X509_sign(), X509_REQ_sign() and X509_CRL_sign() functions are 646935a639SJung-uk Kimavailable in all versions of OpenSSL. 65e71b7053SJung-uk Kim 666935a639SJung-uk KimThe X509_sign_ctx(), X509_REQ_sign_ctx() 67*b077aed3SPierre Proncheryand X509_CRL_sign_ctx() functions were added in OpenSSL 1.0.1. 68e71b7053SJung-uk Kim 69e71b7053SJung-uk Kim=head1 COPYRIGHT 70e71b7053SJung-uk Kim 71*b077aed3SPierre ProncheryCopyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. 72e71b7053SJung-uk Kim 73*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 74e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 75e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 76e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 77e71b7053SJung-uk Kim 78e71b7053SJung-uk Kim=cut 79