1=pod 2 3=head1 NAME 4 5X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, 6X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, 7X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, 8X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information 9 10=head1 SYNOPSIS 11 12 #include <openssl/x509.h> 13 14 void X509_get0_signature(const ASN1_BIT_STRING **psig, 15 const X509_ALGOR **palg, 16 const X509 *x); 17 void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); 18 int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); 19 int X509_get_signature_nid(const X509 *x); 20 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); 21 22 void X509_REQ_get0_signature(const X509_REQ *crl, 23 const ASN1_BIT_STRING **psig, 24 const X509_ALGOR **palg); 25 int X509_REQ_get_signature_nid(const X509_REQ *crl); 26 27 void X509_CRL_get0_signature(const X509_CRL *crl, 28 const ASN1_BIT_STRING **psig, 29 const X509_ALGOR **palg); 30 int X509_CRL_get_signature_nid(const X509_CRL *crl); 31 32 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, 33 uint32_t *flags); 34 35 int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, 36 int *secbits, uint32_t *flags); 37 void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, 38 int secbits, uint32_t flags); 39 40=head1 DESCRIPTION 41 42X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg> 43to the signature algorithm of B<x>. The values returned are internal 44pointers which B<MUST NOT> be freed up after the call. 45 46X509_set0_signature() and X509_REQ_set1_signature_algo() are the 47equivalent setters for the two values of X509_get0_signature(). 48 49X509_get0_tbs_sigalg() returns the signature algorithm in the signed 50portion of B<x>. 51 52X509_get_signature_nid() returns the NID corresponding to the signature 53algorithm of B<x>. 54 55X509_REQ_get0_signature(), X509_REQ_get_signature_nid() 56X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the 57same function for certificate requests and CRLs. 58 59X509_get_signature_info() retrieves information about the signature of 60certificate B<x>. The NID of the signing digest is written to B<*mdnid>, 61the public key algorithm to B<*pknid>, the effective security bits to 62B<*secbits> and flag details to B<*flags>. Any of the parameters can 63be set to B<NULL> if the information is not required. 64 65X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information 66about a signature in an B<X509_SIG_INFO> structure. They are only 67used by implementations of algorithms which need to set custom 68signature information: most applications will never need to call 69them. 70 71=head1 NOTES 72 73These functions provide lower level access to signatures in certificates 74where an application wishes to analyse or generate a signature in a form 75where X509_sign() et al is not appropriate (for example a non standard 76or unsupported format). 77 78The security bits returned by X509_get_signature_info() refers to information 79available from the certificate signature (such as the signing digest). In some 80cases the actual security of the signature is less because the signing 81key is less secure: for example a certificate signed using SHA-512 and a 821024 bit RSA key. 83 84=head1 RETURN VALUES 85 86X509_get_signature_nid(), X509_REQ_get_signature_nid() and 87X509_CRL_get_signature_nid() return a NID. 88 89X509_get0_signature(), X509_REQ_get0_signature() and 90X509_CRL_get0_signature() do not return values. 91 92X509_get_signature_info() returns 1 if the signature information 93returned is valid or 0 if the information is not available (e.g. 94unknown algorithms or malformed parameters). 95 96X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an 97error (e.g. null ALGO pointer). X509_REQ_set0_signature does 98not return an error value. 99 100=head1 SEE ALSO 101 102L<d2i_X509(3)>, 103L<ERR_get_error(3)>, 104L<X509_CRL_get0_by_serial(3)>, 105L<X509_get_ext_d2i(3)>, 106L<X509_get_extension_flags(3)>, 107L<X509_get_pubkey(3)>, 108L<X509_get_subject_name(3)>, 109L<X509_get_version(3)>, 110L<X509_NAME_add_entry_by_txt(3)>, 111L<X509_NAME_ENTRY_get_object(3)>, 112L<X509_NAME_get_index_by_NID(3)>, 113L<X509_NAME_print_ex(3)>, 114L<X509_new(3)>, 115L<X509_sign(3)>, 116L<X509V3_get_d2i(3)>, 117L<X509_verify_cert(3)> 118 119=head1 HISTORY 120 121The 122X509_get0_signature() and X509_get_signature_nid() functions were 123added in OpenSSL 1.0.2. 124 125The 126X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), 127X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were 128added in OpenSSL 1.1.0. 129 130The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo() 131were added in OpenSSL 1.1.1e. 132 133=head1 COPYRIGHT 134 135Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 136 137Licensed under the Apache License 2.0 (the "License"). You may not use 138this file except in compliance with the License. You can obtain a copy 139in the file LICENSE in the source distribution or at 140L<https://www.openssl.org/source/license.html>. 141 142=cut 143