123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 |
- =pod
- =head1 NAME
- X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
- X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
- X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
- X509_SIG_INFO_set - signature information
- =head1 SYNOPSIS
- #include <openssl/x509.h>
- void X509_get0_signature(const ASN1_BIT_STRING **psig,
- const X509_ALGOR **palg,
- const X509 *x);
- int X509_get_signature_nid(const X509 *x);
- const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
- void X509_REQ_get0_signature(const X509_REQ *crl,
- const ASN1_BIT_STRING **psig,
- const X509_ALGOR **palg);
- int X509_REQ_get_signature_nid(const X509_REQ *crl);
- void X509_CRL_get0_signature(const X509_CRL *crl,
- const ASN1_BIT_STRING **psig,
- const X509_ALGOR **palg);
- int X509_CRL_get_signature_nid(const X509_CRL *crl);
- int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
- uint32_t *flags);
- int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
- int *secbits, uint32_t *flags);
- void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
- int secbits, uint32_t flags);
- =head1 DESCRIPTION
- X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
- to the signature algorithm of B<x>. The values returned are internal
- pointers which B<MUST NOT> be freed up after the call.
- X509_get0_tbs_sigalg() returns the signature algorithm in the signed
- portion of B<x>.
- X509_get_signature_nid() returns the NID corresponding to the signature
- algorithm of B<x>.
- X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
- X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
- same function for certificate requests and CRLs.
- X509_get_signature_info() retrieves information about the signature of
- certificate B<x>. The NID of the signing digest is written to B<*mdnid>,
- the public key algorithm to B<*pknid>, the effective security bits to
- B<*secbits> and flag details to B<*flags>. Any of the parameters can
- be set to B<NULL> if the information is not required.
- X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
- about a signature in an B<X509_SIG_INFO> structure. They are only
- used by implementations of algorithms which need to set custom
- signature information: most applications will never need to call
- them.
- =head1 NOTES
- These functions provide lower level access to signatures in certificates
- where an application wishes to analyse or generate a signature in a form
- where X509_sign() et al is not appropriate (for example a non standard
- or unsupported format).
- The security bits returned by X509_get_signature_info() refers to information
- available from the certificate signature (such as the signing digest). In some
- cases the actual security of the signature is less because the signing
- key is less secure: for example a certificate signed using SHA-512 and a
- 1024 bit RSA key.
- =head1 RETURN VALUES
- X509_get_signature_nid(), X509_REQ_get_signature_nid() and
- X509_CRL_get_signature_nid() return a NID.
- X509_get0_signature(), X509_REQ_get0_signature() and
- X509_CRL_get0_signature() do not return values.
- X509_get_signature_info() returns 1 if the signature information
- returned is valid or 0 if the information is not available (e.g.
- unknown algorithms or malformed parameters).
- =head1 SEE ALSO
- L<d2i_X509(3)>,
- L<ERR_get_error(3)>,
- L<X509_CRL_get0_by_serial(3)>,
- L<X509_get_ext_d2i(3)>,
- L<X509_get_extension_flags(3)>,
- L<X509_get_pubkey(3)>,
- L<X509_get_subject_name(3)>,
- L<X509_get_version(3)>,
- L<X509_NAME_add_entry_by_txt(3)>,
- L<X509_NAME_ENTRY_get_object(3)>,
- L<X509_NAME_get_index_by_NID(3)>,
- L<X509_NAME_print_ex(3)>,
- L<X509_new(3)>,
- L<X509_sign(3)>,
- L<X509V3_get_d2i(3)>,
- L<X509_verify_cert(3)>
- =head1 HISTORY
- The
- X509_get0_signature() and X509_get_signature_nid() functions were
- added in OpenSSL 1.0.2.
- The
- X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
- X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
- added in OpenSSL 1.1.0.
- =head1 COPYRIGHT
- Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|