xref: /freebsd/crypto/openssl/doc/man3/X509_get0_signature.pod (revision f6a3b357e9be4c6423c85eff9a847163a0d307c8)
1=pod
2
3=head1 NAME
4
5X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
6X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
7X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
8X509_SIG_INFO_set - signature information
9
10=head1 SYNOPSIS
11
12 #include <openssl/x509.h>
13
14 void X509_get0_signature(const ASN1_BIT_STRING **psig,
15                          const X509_ALGOR **palg,
16                          const X509 *x);
17 int X509_get_signature_nid(const X509 *x);
18 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
19
20 void X509_REQ_get0_signature(const X509_REQ *crl,
21                              const ASN1_BIT_STRING **psig,
22                              const X509_ALGOR **palg);
23 int X509_REQ_get_signature_nid(const X509_REQ *crl);
24
25 void X509_CRL_get0_signature(const X509_CRL *crl,
26                              const ASN1_BIT_STRING **psig,
27                              const X509_ALGOR **palg);
28 int X509_CRL_get_signature_nid(const X509_CRL *crl);
29
30 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
31                             uint32_t *flags);
32
33 int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
34                      int *secbits, uint32_t *flags);
35 void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
36                        int secbits, uint32_t flags);
37
38=head1 DESCRIPTION
39
40X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
41to the signature algorithm of B<x>. The values returned are internal
42pointers which B<MUST NOT> be freed up after the call.
43
44X509_get0_tbs_sigalg() returns the signature algorithm in the signed
45portion of B<x>.
46
47X509_get_signature_nid() returns the NID corresponding to the signature
48algorithm of B<x>.
49
50X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
51X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
52same function for certificate requests and CRLs.
53
54X509_get_signature_info() retrieves information about the signature of
55certificate B<x>. The NID of the signing digest is written to B<*mdnid>,
56the public key algorithm to B<*pknid>, the effective security bits to
57B<*secbits> and flag details to B<*flags>. Any of the parameters can
58be set to B<NULL> if the information is not required.
59
60X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
61about a signature in an B<X509_SIG_INFO> structure. They are only
62used by implementations of algorithms which need to set custom
63signature information: most applications will never need to call
64them.
65
66=head1 NOTES
67
68These functions provide lower level access to signatures in certificates
69where an application wishes to analyse or generate a signature in a form
70where X509_sign() et al is not appropriate (for example a non standard
71or unsupported format).
72
73The security bits returned by X509_get_signature_info() refers to information
74available from the certificate signature (such as the signing digest). In some
75cases the actual security of the signature is less because the signing
76key is less secure: for example a certificate signed using SHA-512 and a
771024 bit RSA key.
78
79=head1 RETURN VALUES
80
81X509_get_signature_nid(), X509_REQ_get_signature_nid() and
82X509_CRL_get_signature_nid() return a NID.
83
84X509_get0_signature(), X509_REQ_get0_signature() and
85X509_CRL_get0_signature() do not return values.
86
87X509_get_signature_info() returns 1 if the signature information
88returned is valid or 0 if the information is not available (e.g.
89unknown algorithms or malformed parameters).
90
91=head1 SEE ALSO
92
93L<d2i_X509(3)>,
94L<ERR_get_error(3)>,
95L<X509_CRL_get0_by_serial(3)>,
96L<X509_get_ext_d2i(3)>,
97L<X509_get_extension_flags(3)>,
98L<X509_get_pubkey(3)>,
99L<X509_get_subject_name(3)>,
100L<X509_get_version(3)>,
101L<X509_NAME_add_entry_by_txt(3)>,
102L<X509_NAME_ENTRY_get_object(3)>,
103L<X509_NAME_get_index_by_NID(3)>,
104L<X509_NAME_print_ex(3)>,
105L<X509_new(3)>,
106L<X509_sign(3)>,
107L<X509V3_get_d2i(3)>,
108L<X509_verify_cert(3)>
109
110=head1 HISTORY
111
112The
113X509_get0_signature() and X509_get_signature_nid() functions were
114added in OpenSSL 1.0.2.
115
116The
117X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
118X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
119added in OpenSSL 1.1.0.
120
121=head1 COPYRIGHT
122
123Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
124
125Licensed under the OpenSSL license (the "License").  You may not use
126this file except in compliance with the License.  You can obtain a copy
127in the file LICENSE in the source distribution or at
128L<https://www.openssl.org/source/license.html>.
129
130=cut
131