]>
Commit | Line | Data |
---|---|---|
dd332cea DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
c72e5934 DWG |
5 | X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, |
6 | X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, | |
7 | X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, | |
8 | X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information | |
dd332cea DSH |
9 | |
10 | =head1 SYNOPSIS | |
11 | ||
12 | #include <openssl/x509.h> | |
13 | ||
8adc1cb8 DSH |
14 | void X509_get0_signature(const ASN1_BIT_STRING **psig, |
15 | const X509_ALGOR **palg, | |
dd332cea | 16 | const X509 *x); |
c72e5934 DWG |
17 | void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); |
18 | int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); | |
dd332cea | 19 | int X509_get_signature_nid(const X509 *x); |
8900f3e3 | 20 | const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); |
dd332cea | 21 | |
11222483 DSH |
22 | void X509_REQ_get0_signature(const X509_REQ *crl, |
23 | const ASN1_BIT_STRING **psig, | |
24 | const X509_ALGOR **palg); | |
dd332cea DSH |
25 | int X509_REQ_get_signature_nid(const X509_REQ *crl); |
26 | ||
5e6089f0 MC |
27 | void X509_CRL_get0_signature(const X509_CRL *crl, |
28 | const ASN1_BIT_STRING **psig, | |
29 | const X509_ALGOR **palg); | |
dd332cea DSH |
30 | int X509_CRL_get_signature_nid(const X509_CRL *crl); |
31 | ||
2f7a2520 DSH |
32 | int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, |
33 | uint32_t *flags); | |
34 | ||
35 | int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, | |
36 | int *secbits, uint32_t *flags); | |
37 | void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, | |
38 | int secbits, uint32_t flags); | |
39 | ||
dd332cea DSH |
40 | =head1 DESCRIPTION |
41 | ||
42 | X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg> | |
43 | to the signature algorithm of B<x>. The values returned are internal | |
44 | pointers which B<MUST NOT> be freed up after the call. | |
45 | ||
c72e5934 DWG |
46 | X509_set0_signature() and X509_REQ_set1_signature_algo() are the |
47 | equivalent setters for the two values of X509_get0_signature(). | |
48 | ||
ff7fbfd5 DSH |
49 | X509_get0_tbs_sigalg() returns the signature algorithm in the signed |
50 | portion of B<x>. | |
51 | ||
dd332cea DSH |
52 | X509_get_signature_nid() returns the NID corresponding to the signature |
53 | algorithm of B<x>. | |
54 | ||
55 | X509_REQ_get0_signature(), X509_REQ_get_signature_nid() | |
56 | X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the | |
57 | same function for certificate requests and CRLs. | |
58 | ||
2f7a2520 DSH |
59 | X509_get_signature_info() retrieves information about the signature of |
60 | certificate B<x>. The NID of the signing digest is written to B<*mdnid>, | |
61 | the public key algorithm to B<*pknid>, the effective security bits to | |
62 | B<*secbits> and flag details to B<*flags>. Any of the parameters can | |
63 | be set to B<NULL> if the information is not required. | |
64 | ||
65 | X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information | |
66 | about a signature in an B<X509_SIG_INFO> structure. They are only | |
67 | used by implementations of algorithms which need to set custom | |
68 | signature information: most applications will never need to call | |
69 | them. | |
70 | ||
dd332cea DSH |
71 | =head1 NOTES |
72 | ||
73 | These functions provide lower level access to signatures in certificates | |
74 | where an application wishes to analyse or generate a signature in a form | |
75 | where X509_sign() et al is not appropriate (for example a non standard | |
76 | or unsupported format). | |
77 | ||
2f7a2520 DSH |
78 | The security bits returned by X509_get_signature_info() refers to information |
79 | available from the certificate signature (such as the signing digest). In some | |
80 | cases the actual security of the signature is less because the signing | |
81 | key is less secure: for example a certificate signed using SHA-512 and a | |
82 | 1024 bit RSA key. | |
83 | ||
dd332cea DSH |
84 | =head1 RETURN VALUES |
85 | ||
86 | X509_get_signature_nid(), X509_REQ_get_signature_nid() and | |
87 | X509_CRL_get_signature_nid() return a NID. | |
88 | ||
89 | X509_get0_signature(), X509_REQ_get0_signature() and | |
90 | X509_CRL_get0_signature() do not return values. | |
91 | ||
2f7a2520 DSH |
92 | X509_get_signature_info() returns 1 if the signature information |
93 | returned is valid or 0 if the information is not available (e.g. | |
94 | unknown algorithms or malformed parameters). | |
95 | ||
c72e5934 DWG |
96 | X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an |
97 | error (e.g. null ALGO pointer). X509_REQ_set0_signature does | |
98 | not return an error value. | |
99 | ||
dd332cea DSH |
100 | =head1 SEE ALSO |
101 | ||
102 | L<d2i_X509(3)>, | |
103 | L<ERR_get_error(3)>, | |
104 | L<X509_CRL_get0_by_serial(3)>, | |
105 | L<X509_get_ext_d2i(3)>, | |
106 | L<X509_get_extension_flags(3)>, | |
107 | L<X509_get_pubkey(3)>, | |
108 | L<X509_get_subject_name(3)>, | |
109 | L<X509_get_version(3)>, | |
110 | L<X509_NAME_add_entry_by_txt(3)>, | |
111 | L<X509_NAME_ENTRY_get_object(3)>, | |
112 | L<X509_NAME_get_index_by_NID(3)>, | |
113 | L<X509_NAME_print_ex(3)>, | |
114 | L<X509_new(3)>, | |
115 | L<X509_sign(3)>, | |
116 | L<X509V3_get_d2i(3)>, | |
117 | L<X509_verify_cert(3)> | |
118 | ||
119 | =head1 HISTORY | |
120 | ||
fc5ecadd DMSP |
121 | The |
122 | X509_get0_signature() and X509_get_signature_nid() functions were | |
123 | added in OpenSSL 1.0.2. | |
dd332cea | 124 | |
fc5ecadd | 125 | The |
dd332cea | 126 | X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), |
fc5ecadd DMSP |
127 | X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were |
128 | added in OpenSSL 1.1.0. | |
dd332cea | 129 | |
c72e5934 DWG |
130 | The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo() |
131 | were added in OpenSSL 1.1.1e. | |
132 | ||
e2f92610 RS |
133 | =head1 COPYRIGHT |
134 | ||
135 | Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. | |
136 | ||
4746f25a | 137 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
138 | this file except in compliance with the License. You can obtain a copy |
139 | in the file LICENSE in the source distribution or at | |
140 | L<https://www.openssl.org/source/license.html>. | |
141 | ||
142 | =cut |