1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 558f35182SJung-uk KimX509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, 658f35182SJung-uk KimX509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, 758f35182SJung-uk KimX509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, 858f35182SJung-uk KimX509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information 9e71b7053SJung-uk Kim 10e71b7053SJung-uk Kim=head1 SYNOPSIS 11e71b7053SJung-uk Kim 12e71b7053SJung-uk Kim #include <openssl/x509.h> 13e71b7053SJung-uk Kim 14e71b7053SJung-uk Kim void X509_get0_signature(const ASN1_BIT_STRING **psig, 15e71b7053SJung-uk Kim const X509_ALGOR **palg, 16e71b7053SJung-uk Kim const X509 *x); 1758f35182SJung-uk Kim void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); 1858f35182SJung-uk Kim int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); 19e71b7053SJung-uk Kim int X509_get_signature_nid(const X509 *x); 20e71b7053SJung-uk Kim const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); 21e71b7053SJung-uk Kim 22e71b7053SJung-uk Kim void X509_REQ_get0_signature(const X509_REQ *crl, 23e71b7053SJung-uk Kim const ASN1_BIT_STRING **psig, 24e71b7053SJung-uk Kim const X509_ALGOR **palg); 25e71b7053SJung-uk Kim int X509_REQ_get_signature_nid(const X509_REQ *crl); 26e71b7053SJung-uk Kim 27e71b7053SJung-uk Kim void X509_CRL_get0_signature(const X509_CRL *crl, 28e71b7053SJung-uk Kim const ASN1_BIT_STRING **psig, 29e71b7053SJung-uk Kim const X509_ALGOR **palg); 30e71b7053SJung-uk Kim int X509_CRL_get_signature_nid(const X509_CRL *crl); 31e71b7053SJung-uk Kim 32e71b7053SJung-uk Kim int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, 33e71b7053SJung-uk Kim uint32_t *flags); 34e71b7053SJung-uk Kim 35e71b7053SJung-uk Kim int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, 36e71b7053SJung-uk Kim int *secbits, uint32_t *flags); 37e71b7053SJung-uk Kim void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, 38e71b7053SJung-uk Kim int secbits, uint32_t flags); 39e71b7053SJung-uk Kim 40e71b7053SJung-uk Kim=head1 DESCRIPTION 41e71b7053SJung-uk Kim 42e71b7053SJung-uk KimX509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg> 43e71b7053SJung-uk Kimto the signature algorithm of B<x>. The values returned are internal 44e71b7053SJung-uk Kimpointers which B<MUST NOT> be freed up after the call. 45e71b7053SJung-uk Kim 4658f35182SJung-uk KimX509_set0_signature() and X509_REQ_set1_signature_algo() are the 4758f35182SJung-uk Kimequivalent setters for the two values of X509_get0_signature(). 4858f35182SJung-uk Kim 49e71b7053SJung-uk KimX509_get0_tbs_sigalg() returns the signature algorithm in the signed 50e71b7053SJung-uk Kimportion of B<x>. 51e71b7053SJung-uk Kim 52e71b7053SJung-uk KimX509_get_signature_nid() returns the NID corresponding to the signature 53e71b7053SJung-uk Kimalgorithm of B<x>. 54e71b7053SJung-uk Kim 55e71b7053SJung-uk KimX509_REQ_get0_signature(), X509_REQ_get_signature_nid() 56e71b7053SJung-uk KimX509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the 57e71b7053SJung-uk Kimsame function for certificate requests and CRLs. 58e71b7053SJung-uk Kim 59e71b7053SJung-uk KimX509_get_signature_info() retrieves information about the signature of 60e71b7053SJung-uk Kimcertificate B<x>. The NID of the signing digest is written to B<*mdnid>, 61e71b7053SJung-uk Kimthe public key algorithm to B<*pknid>, the effective security bits to 62e71b7053SJung-uk KimB<*secbits> and flag details to B<*flags>. Any of the parameters can 63e71b7053SJung-uk Kimbe set to B<NULL> if the information is not required. 64e71b7053SJung-uk Kim 65e71b7053SJung-uk KimX509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information 66e71b7053SJung-uk Kimabout a signature in an B<X509_SIG_INFO> structure. They are only 67e71b7053SJung-uk Kimused by implementations of algorithms which need to set custom 68e71b7053SJung-uk Kimsignature information: most applications will never need to call 69e71b7053SJung-uk Kimthem. 70e71b7053SJung-uk Kim 71e71b7053SJung-uk Kim=head1 NOTES 72e71b7053SJung-uk Kim 73e71b7053SJung-uk KimThese functions provide lower level access to signatures in certificates 74e71b7053SJung-uk Kimwhere an application wishes to analyse or generate a signature in a form 75e71b7053SJung-uk Kimwhere X509_sign() et al is not appropriate (for example a non standard 76e71b7053SJung-uk Kimor unsupported format). 77e71b7053SJung-uk Kim 78e71b7053SJung-uk KimThe security bits returned by X509_get_signature_info() refers to information 79e71b7053SJung-uk Kimavailable from the certificate signature (such as the signing digest). In some 80e71b7053SJung-uk Kimcases the actual security of the signature is less because the signing 81e71b7053SJung-uk Kimkey is less secure: for example a certificate signed using SHA-512 and a 82e71b7053SJung-uk Kim1024 bit RSA key. 83e71b7053SJung-uk Kim 84e71b7053SJung-uk Kim=head1 RETURN VALUES 85e71b7053SJung-uk Kim 86e71b7053SJung-uk KimX509_get_signature_nid(), X509_REQ_get_signature_nid() and 87e71b7053SJung-uk KimX509_CRL_get_signature_nid() return a NID. 88e71b7053SJung-uk Kim 89e71b7053SJung-uk KimX509_get0_signature(), X509_REQ_get0_signature() and 90e71b7053SJung-uk KimX509_CRL_get0_signature() do not return values. 91e71b7053SJung-uk Kim 92e71b7053SJung-uk KimX509_get_signature_info() returns 1 if the signature information 93e71b7053SJung-uk Kimreturned is valid or 0 if the information is not available (e.g. 94e71b7053SJung-uk Kimunknown algorithms or malformed parameters). 95e71b7053SJung-uk Kim 9658f35182SJung-uk KimX509_REQ_set1_signature_algo() returns 0 on success; or 1 on an 9758f35182SJung-uk Kimerror (e.g. null ALGO pointer). X509_REQ_set0_signature does 9858f35182SJung-uk Kimnot return an error value. 9958f35182SJung-uk Kim 100e71b7053SJung-uk Kim=head1 SEE ALSO 101e71b7053SJung-uk Kim 102e71b7053SJung-uk KimL<d2i_X509(3)>, 103e71b7053SJung-uk KimL<ERR_get_error(3)>, 104e71b7053SJung-uk KimL<X509_CRL_get0_by_serial(3)>, 105e71b7053SJung-uk KimL<X509_get_ext_d2i(3)>, 106e71b7053SJung-uk KimL<X509_get_extension_flags(3)>, 107e71b7053SJung-uk KimL<X509_get_pubkey(3)>, 108e71b7053SJung-uk KimL<X509_get_subject_name(3)>, 109e71b7053SJung-uk KimL<X509_get_version(3)>, 110e71b7053SJung-uk KimL<X509_NAME_add_entry_by_txt(3)>, 111e71b7053SJung-uk KimL<X509_NAME_ENTRY_get_object(3)>, 112e71b7053SJung-uk KimL<X509_NAME_get_index_by_NID(3)>, 113e71b7053SJung-uk KimL<X509_NAME_print_ex(3)>, 114e71b7053SJung-uk KimL<X509_new(3)>, 115e71b7053SJung-uk KimL<X509_sign(3)>, 116e71b7053SJung-uk KimL<X509V3_get_d2i(3)>, 117e71b7053SJung-uk KimL<X509_verify_cert(3)> 118e71b7053SJung-uk Kim 119e71b7053SJung-uk Kim=head1 HISTORY 120e71b7053SJung-uk Kim 1216935a639SJung-uk KimThe 1226935a639SJung-uk KimX509_get0_signature() and X509_get_signature_nid() functions were 1236935a639SJung-uk Kimadded in OpenSSL 1.0.2. 124e71b7053SJung-uk Kim 1256935a639SJung-uk KimThe 126e71b7053SJung-uk KimX509_REQ_get0_signature(), X509_REQ_get_signature_nid(), 1276935a639SJung-uk KimX509_CRL_get0_signature() and X509_CRL_get_signature_nid() were 1286935a639SJung-uk Kimadded in OpenSSL 1.1.0. 129e71b7053SJung-uk Kim 13058f35182SJung-uk KimThe X509_REQ_set0_signature() and X509_REQ_set1_signature_algo() 13158f35182SJung-uk Kimwere added in OpenSSL 1.1.1e. 13258f35182SJung-uk Kim 133e71b7053SJung-uk Kim=head1 COPYRIGHT 134e71b7053SJung-uk Kim 135*b077aed3SPierre ProncheryCopyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 136e71b7053SJung-uk Kim 137*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 138e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 139e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 140e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 141e71b7053SJung-uk Kim 142e71b7053SJung-uk Kim=cut 143