[thirdparty/openssl.git] / doc / man3 / X509_get0_signature.pod

=pod

=head1 NAME

X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo,
X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, 
X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, 
X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information

=head1 SYNOPSIS

 #include <openssl/x509.h>

 void X509_get0_signature(const ASN1_BIT_STRING **psig,
                          const X509_ALGOR **palg,
                          const X509 *x);
 void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
 int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
 int X509_get_signature_nid(const X509 *x);
 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);

 void X509_REQ_get0_signature(const X509_REQ *crl,
                              const ASN1_BIT_STRING **psig,
                              const X509_ALGOR **palg);
 int X509_REQ_get_signature_nid(const X509_REQ *crl);

 void X509_CRL_get0_signature(const X509_CRL *crl,
                              const ASN1_BIT_STRING **psig,
                              const X509_ALGOR **palg);
 int X509_CRL_get_signature_nid(const X509_CRL *crl);

 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
                             uint32_t *flags);

 int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
                      int *secbits, uint32_t *flags);
 void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
                        int secbits, uint32_t flags);

=head1 DESCRIPTION

X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
to the signature algorithm of B<x>. The values returned are internal
pointers which B<MUST NOT> be freed up after the call.

X509_set0_signature() and X509_REQ_set1_signature_algo() are the
equivalent setters for the two values of X509_get0_signature().

X509_get0_tbs_sigalg() returns the signature algorithm in the signed
portion of B<x>.

X509_get_signature_nid() returns the NID corresponding to the signature
algorithm of B<x>.

X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
same function for certificate requests and CRLs.

X509_get_signature_info() retrieves information about the signature of
certificate B<x>. The NID of the signing digest is written to B<*mdnid>,
the public key algorithm to B<*pknid>, the effective security bits to
B<*secbits> and flag details to B<*flags>. Any of the parameters can
be set to B<NULL> if the information is not required.

X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
about a signature in an B<X509_SIG_INFO> structure. They are only
used by implementations of algorithms which need to set custom
signature information: most applications will never need to call
them.

=head1 NOTES

These functions provide lower level access to signatures in certificates
where an application wishes to analyse or generate a signature in a form
where X509_sign() et al is not appropriate (for example a non standard
or unsupported format).

The security bits returned by X509_get_signature_info() refers to information
available from the certificate signature (such as the signing digest). In some
cases the actual security of the signature is less because the signing
key is less secure: for example a certificate signed using SHA-512 and a
1024 bit RSA key.

=head1 RETURN VALUES

X509_get_signature_nid(), X509_REQ_get_signature_nid() and
X509_CRL_get_signature_nid() return a NID.

X509_get0_signature(), X509_REQ_get0_signature() and
X509_CRL_get0_signature() do not return values.

X509_get_signature_info() returns 1 if the signature information
returned is valid or 0 if the information is not available (e.g.
unknown algorithms or malformed parameters).

X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an
error (e.g. null ALGO pointer). X509_REQ_set0_signature does
not return an error value.

=head1 SEE ALSO

L<d2i_X509(3)>,
L<ERR_get_error(3)>,
L<X509_CRL_get0_by_serial(3)>,
L<X509_get_ext_d2i(3)>,
L<X509_get_extension_flags(3)>,
L<X509_get_pubkey(3)>,
L<X509_get_subject_name(3)>,
L<X509_get_version(3)>,
L<X509_NAME_add_entry_by_txt(3)>,
L<X509_NAME_ENTRY_get_object(3)>,
L<X509_NAME_get_index_by_NID(3)>,
L<X509_NAME_print_ex(3)>,
L<X509_new(3)>,
L<X509_sign(3)>,
L<X509V3_get_d2i(3)>,
L<X509_verify_cert(3)>

=head1 HISTORY

The
X509_get0_signature() and X509_get_signature_nid() functions were
added in OpenSSL 1.0.2.

The
X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
added in OpenSSL 1.1.0.

The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo()
were added in OpenSSL 1.1.1e.

=head1 COPYRIGHT

Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
dd332cea DSH	1	=pod
	2
	3	=head1 NAME
	4
c72e5934 DWG	5	X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo,
	6	X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature,
	7	X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid,
	8	X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information
dd332cea DSH	9
	10	=head1 SYNOPSIS
	11
	12	#include <openssl/x509.h>
	13
8adc1cb8 DSH	14	void X509_get0_signature(const ASN1_BIT_STRING **psig,
8adc1cb8 DSH	15	const X509_ALGOR **palg,
dd332cea	16	const X509 *x);
c72e5934 DWG	17	void X509_REQ_set0_signature(X509_REQ req, ASN1_BIT_STRING psig);
c72e5934 DWG	18	int X509_REQ_set1_signature_algo(X509_REQ req, X509_ALGOR palg);
dd332cea	19	int X509_get_signature_nid(const X509 *x);
8900f3e3	20	const X509_ALGOR X509_get0_tbs_sigalg(const X509 x);
dd332cea	21
11222483 DSH	22	void X509_REQ_get0_signature(const X509_REQ *crl,
	23	const ASN1_BIT_STRING **psig,
	24	const X509_ALGOR **palg);
dd332cea DSH	25	int X509_REQ_get_signature_nid(const X509_REQ *crl);
dd332cea DSH	26
5e6089f0 MC	27	void X509_CRL_get0_signature(const X509_CRL *crl,
	28	const ASN1_BIT_STRING **psig,
	29	const X509_ALGOR **palg);
dd332cea DSH	30	int X509_CRL_get_signature_nid(const X509_CRL *crl);
dd332cea DSH	31
2f7a2520 DSH	32	int X509_get_signature_info(X509 x, int mdnid, int pknid, int secbits,
	33	uint32_t *flags);
	34
	35	int X509_SIG_INFO_get(const X509_SIG_INFO siginf, int mdnid, int *pknid,
	36	int secbits, uint32_t flags);
	37	void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
	38	int secbits, uint32_t flags);
	39
dd332cea DSH	40	=head1 DESCRIPTION
	41
	42	X509_get0_signature() sets B<psig> to the signature of B<x> and B<palg>
	43	to the signature algorithm of B<x>. The values returned are internal
	44	pointers which B<MUST NOT> be freed up after the call.
	45
c72e5934 DWG	46	X509_set0_signature() and X509_REQ_set1_signature_algo() are the
	47	equivalent setters for the two values of X509_get0_signature().
	48
ff7fbfd5 DSH	49	X509_get0_tbs_sigalg() returns the signature algorithm in the signed
	50	portion of B<x>.
	51
dd332cea DSH	52	X509_get_signature_nid() returns the NID corresponding to the signature
	53	algorithm of B<x>.
	54
	55	X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
	56	X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
	57	same function for certificate requests and CRLs.
	58
2f7a2520 DSH	59	X509_get_signature_info() retrieves information about the signature of
	60	certificate B<x>. The NID of the signing digest is written to B<*mdnid>,
	61	the public key algorithm to B<*pknid>, the effective security bits to
	62	B<secbits> and flag details to B<flags>. Any of the parameters can
	63	be set to B<NULL> if the information is not required.
	64
	65	X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
	66	about a signature in an B<X509_SIG_INFO> structure. They are only
	67	used by implementations of algorithms which need to set custom
	68	signature information: most applications will never need to call
	69	them.
	70
dd332cea DSH	71	=head1 NOTES
	72
	73	These functions provide lower level access to signatures in certificates
	74	where an application wishes to analyse or generate a signature in a form
	75	where X509_sign() et al is not appropriate (for example a non standard
	76	or unsupported format).
	77
2f7a2520 DSH	78	The security bits returned by X509_get_signature_info() refers to information
	79	available from the certificate signature (such as the signing digest). In some
	80	cases the actual security of the signature is less because the signing
	81	key is less secure: for example a certificate signed using SHA-512 and a
	82	1024 bit RSA key.
	83
dd332cea DSH	84	=head1 RETURN VALUES
	85
	86	X509_get_signature_nid(), X509_REQ_get_signature_nid() and
	87	X509_CRL_get_signature_nid() return a NID.
	88
	89	X509_get0_signature(), X509_REQ_get0_signature() and
	90	X509_CRL_get0_signature() do not return values.
	91
2f7a2520 DSH	92	X509_get_signature_info() returns 1 if the signature information
	93	returned is valid or 0 if the information is not available (e.g.
	94	unknown algorithms or malformed parameters).
	95
c72e5934 DWG	96	X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an
	97	error (e.g. null ALGO pointer). X509_REQ_set0_signature does
	98	not return an error value.
	99
dd332cea DSH	100	=head1 SEE ALSO
	101
	102	L<d2i_X509(3)>,
	103	L<ERR_get_error(3)>,
	104	L<X509_CRL_get0_by_serial(3)>,
	105	L<X509_get_ext_d2i(3)>,
	106	L<X509_get_extension_flags(3)>,
	107	L<X509_get_pubkey(3)>,
	108	L<X509_get_subject_name(3)>,
	109	L<X509_get_version(3)>,
	110	L<X509_NAME_add_entry_by_txt(3)>,
	111	L<X509_NAME_ENTRY_get_object(3)>,
	112	L<X509_NAME_get_index_by_NID(3)>,
	113	L<X509_NAME_print_ex(3)>,
	114	L<X509_new(3)>,
	115	L<X509_sign(3)>,
	116	L<X509V3_get_d2i(3)>,
	117	L<X509_verify_cert(3)>
	118
	119	=head1 HISTORY
	120
fc5ecadd DMSP	121	The
	122	X509_get0_signature() and X509_get_signature_nid() functions were
	123	added in OpenSSL 1.0.2.
dd332cea	124
fc5ecadd	125	The
dd332cea	126	X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
fc5ecadd DMSP	127	X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
fc5ecadd DMSP	128	added in OpenSSL 1.1.0.
dd332cea	129
c72e5934 DWG	130	The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo()
	131	were added in OpenSSL 1.1.1e.
	132
e2f92610 RS	133	=head1 COPYRIGHT
	134
	135	Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
	136
4746f25a	137	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	138	this file except in compliance with the License. You can obtain a copy
	139	in the file LICENSE in the source distribution or at
	140	L<https://www.openssl.org/source/license.html>.
	141
	142	=cut