[thirdparty/openssl.git] / doc / man3 / X509_get0_signature.pod

=pod

=head1 NAME

X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
X509_SIG_INFO_set - signature information

=head1 SYNOPSIS

 #include <openssl/x509.h>

 void X509_get0_signature(const ASN1_BIT_STRING **psig,
                          const X509_ALGOR **palg,
                          const X509 *x);
 int X509_get_signature_nid(const X509 *x);
 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);

 void X509_REQ_get0_signature(const X509_REQ *crl,
                              const ASN1_BIT_STRING **psig,
                              const X509_ALGOR **palg);
 int X509_REQ_get_signature_nid(const X509_REQ *crl);

 void X509_CRL_get0_signature(const X509_CRL *crl,
                              const ASN1_BIT_STRING **psig,
                              const X509_ALGOR **palg);
 int X509_CRL_get_signature_nid(const X509_CRL *crl);

 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
                             uint32_t *flags);

 int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
                      int *secbits, uint32_t *flags);
 void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
                        int secbits, uint32_t flags);

=head1 DESCRIPTION

X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
to the signature algorithm of B<x>. The values returned are internal
pointers which B<MUST NOT> be freed up after the call.

X509_get0_tbs_sigalg() returns the signature algorithm in the signed
portion of B<x>.

X509_get_signature_nid() returns the NID corresponding to the signature
algorithm of B<x>.

X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
same function for certificate requests and CRLs.

X509_get_signature_info() retrieves information about the signature of
certificate B<x>. The NID of the signing digest is written to B<*mdnid>,
the public key algorithm to B<*pknid>, the effective security bits to
B<*secbits> and flag details to B<*flags>. Any of the parameters can
be set to B<NULL> if the information is not required.

X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
about a signature in an B<X509_SIG_INFO> structure. They are only
used by implementations of algorithms which need to set custom
signature information: most applications will never need to call
them.

=head1 NOTES

These functions provide lower level access to signatures in certificates
where an application wishes to analyse or generate a signature in a form
where X509_sign() et al is not appropriate (for example a non standard
or unsupported format).

The security bits returned by X509_get_signature_info() refers to information
available from the certificate signature (such as the signing digest). In some
cases the actual security of the signature is less because the signing
key is less secure: for example a certificate signed using SHA-512 and a
1024 bit RSA key.

=head1 RETURN VALUES

X509_get_signature_nid(), X509_REQ_get_signature_nid() and
X509_CRL_get_signature_nid() return a NID.

X509_get0_signature(), X509_REQ_get0_signature() and
X509_CRL_get0_signature() do not return values.

X509_get_signature_info() returns 1 if the signature information
returned is valid or 0 if the information is not available (e.g.
unknown algorithms or malformed parameters).

=head1 SEE ALSO

L<d2i_X509(3)>,
L<ERR_get_error(3)>,
L<X509_CRL_get0_by_serial(3)>,
L<X509_get_ext_d2i(3)>,
L<X509_get_extension_flags(3)>,
L<X509_get_pubkey(3)>,
L<X509_get_subject_name(3)>,
L<X509_get_version(3)>,
L<X509_NAME_add_entry_by_txt(3)>,
L<X509_NAME_ENTRY_get_object(3)>,
L<X509_NAME_get_index_by_NID(3)>,
L<X509_NAME_print_ex(3)>,
L<X509_new(3)>,
L<X509_sign(3)>,
L<X509V3_get_d2i(3)>,
L<X509_verify_cert(3)>

=head1 HISTORY

The
X509_get0_signature() and X509_get_signature_nid() functions were
added in OpenSSL 1.0.2.

The
X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
added in OpenSSL 1.1.0.

=head1 COPYRIGHT

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
dd332cea DSH	1	=pod
	2
	3	=head1 NAME
	4
ff7fbfd5 DSH	5	X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
ff7fbfd5 DSH	6	X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
2f7a2520 DSH	7	X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
2f7a2520 DSH	8	X509_SIG_INFO_set - signature information
dd332cea DSH	9
	10	=head1 SYNOPSIS
	11
	12	#include <openssl/x509.h>
	13
8adc1cb8 DSH	14	void X509_get0_signature(const ASN1_BIT_STRING **psig,
8adc1cb8 DSH	15	const X509_ALGOR **palg,
dd332cea DSH	16	const X509 *x);
dd332cea DSH	17	int X509_get_signature_nid(const X509 *x);
8900f3e3	18	const X509_ALGOR X509_get0_tbs_sigalg(const X509 x);
dd332cea	19
11222483 DSH	20	void X509_REQ_get0_signature(const X509_REQ *crl,
	21	const ASN1_BIT_STRING **psig,
	22	const X509_ALGOR **palg);
dd332cea DSH	23	int X509_REQ_get_signature_nid(const X509_REQ *crl);
dd332cea DSH	24
5e6089f0 MC	25	void X509_CRL_get0_signature(const X509_CRL *crl,
	26	const ASN1_BIT_STRING **psig,
	27	const X509_ALGOR **palg);
dd332cea DSH	28	int X509_CRL_get_signature_nid(const X509_CRL *crl);
dd332cea DSH	29
2f7a2520 DSH	30	int X509_get_signature_info(X509 x, int mdnid, int pknid, int secbits,
	31	uint32_t *flags);
	32
	33	int X509_SIG_INFO_get(const X509_SIG_INFO siginf, int mdnid, int *pknid,
	34	int secbits, uint32_t flags);
	35	void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
	36	int secbits, uint32_t flags);
	37
dd332cea DSH	38	=head1 DESCRIPTION
	39
	40	X509_get0_signature() sets B<psig> to the signature of B<x> and B<palg>
	41	to the signature algorithm of B<x>. The values returned are internal
	42	pointers which B<MUST NOT> be freed up after the call.
	43
ff7fbfd5 DSH	44	X509_get0_tbs_sigalg() returns the signature algorithm in the signed
	45	portion of B<x>.
	46
dd332cea DSH	47	X509_get_signature_nid() returns the NID corresponding to the signature
	48	algorithm of B<x>.
	49
	50	X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
	51	X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
	52	same function for certificate requests and CRLs.
	53
2f7a2520 DSH	54	X509_get_signature_info() retrieves information about the signature of
	55	certificate B<x>. The NID of the signing digest is written to B<*mdnid>,
	56	the public key algorithm to B<*pknid>, the effective security bits to
	57	B<secbits> and flag details to B<flags>. Any of the parameters can
	58	be set to B<NULL> if the information is not required.
	59
	60	X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
	61	about a signature in an B<X509_SIG_INFO> structure. They are only
	62	used by implementations of algorithms which need to set custom
	63	signature information: most applications will never need to call
	64	them.
	65
dd332cea DSH	66	=head1 NOTES
	67
	68	These functions provide lower level access to signatures in certificates
	69	where an application wishes to analyse or generate a signature in a form
	70	where X509_sign() et al is not appropriate (for example a non standard
	71	or unsupported format).
	72
2f7a2520 DSH	73	The security bits returned by X509_get_signature_info() refers to information
	74	available from the certificate signature (such as the signing digest). In some
	75	cases the actual security of the signature is less because the signing
	76	key is less secure: for example a certificate signed using SHA-512 and a
	77	1024 bit RSA key.
	78
dd332cea DSH	79	=head1 RETURN VALUES
	80
	81	X509_get_signature_nid(), X509_REQ_get_signature_nid() and
	82	X509_CRL_get_signature_nid() return a NID.
	83
	84	X509_get0_signature(), X509_REQ_get0_signature() and
	85	X509_CRL_get0_signature() do not return values.
	86
2f7a2520 DSH	87	X509_get_signature_info() returns 1 if the signature information
	88	returned is valid or 0 if the information is not available (e.g.
	89	unknown algorithms or malformed parameters).
	90
dd332cea DSH	91	=head1 SEE ALSO
	92
	93	L<d2i_X509(3)>,
	94	L<ERR_get_error(3)>,
	95	L<X509_CRL_get0_by_serial(3)>,
	96	L<X509_get_ext_d2i(3)>,
	97	L<X509_get_extension_flags(3)>,
	98	L<X509_get_pubkey(3)>,
	99	L<X509_get_subject_name(3)>,
	100	L<X509_get_version(3)>,
	101	L<X509_NAME_add_entry_by_txt(3)>,
	102	L<X509_NAME_ENTRY_get_object(3)>,
	103	L<X509_NAME_get_index_by_NID(3)>,
	104	L<X509_NAME_print_ex(3)>,
	105	L<X509_new(3)>,
	106	L<X509_sign(3)>,
	107	L<X509V3_get_d2i(3)>,
	108	L<X509_verify_cert(3)>
	109
	110	=head1 HISTORY
	111
fc5ecadd DMSP	112	The
	113	X509_get0_signature() and X509_get_signature_nid() functions were
	114	added in OpenSSL 1.0.2.
dd332cea	115
fc5ecadd	116	The
dd332cea	117	X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
fc5ecadd DMSP	118	X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
fc5ecadd DMSP	119	added in OpenSSL 1.1.0.
dd332cea	120
e2f92610 RS	121	=head1 COPYRIGHT
	122
	123	Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
	124
4746f25a	125	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	126	this file except in compliance with the License. You can obtain a copy
	127	in the file LICENSE in the source distribution or at
	128	L<https://www.openssl.org/source/license.html>.
	129
	130	=cut