X509_get0_signature.pod 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130
  1. =pod
  2. =head1 NAME
  3. X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
  4. X509_REQ_get0_signature, X509_REQ_get_signature_nid, X509_CRL_get0_signature,
  5. X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
  6. X509_SIG_INFO_set - signature information
  7. =head1 SYNOPSIS
  8. #include <openssl/x509.h>
  9. void X509_get0_signature(const ASN1_BIT_STRING **psig,
  10. const X509_ALGOR **palg,
  11. const X509 *x);
  12. int X509_get_signature_nid(const X509 *x);
  13. const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
  14. void X509_REQ_get0_signature(const X509_REQ *crl,
  15. const ASN1_BIT_STRING **psig,
  16. const X509_ALGOR **palg);
  17. int X509_REQ_get_signature_nid(const X509_REQ *crl);
  18. void X509_CRL_get0_signature(const X509_CRL *crl,
  19. const ASN1_BIT_STRING **psig,
  20. const X509_ALGOR **palg);
  21. int X509_CRL_get_signature_nid(const X509_CRL *crl);
  22. int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
  23. uint32_t *flags);
  24. int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
  25. int *secbits, uint32_t *flags);
  26. void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
  27. int secbits, uint32_t flags);
  28. =head1 DESCRIPTION
  29. X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
  30. to the signature algorithm of B<x>. The values returned are internal
  31. pointers which B<MUST NOT> be freed up after the call.
  32. X509_get0_tbs_sigalg() returns the signature algorithm in the signed
  33. portion of B<x>.
  34. X509_get_signature_nid() returns the NID corresponding to the signature
  35. algorithm of B<x>.
  36. X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
  37. X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
  38. same function for certificate requests and CRLs.
  39. X509_get_signature_info() retrieves information about the signature of
  40. certificate B<x>. The NID of the signing digest is written to B<*mdnid>,
  41. the public key algorithm to B<*pknid>, the effective security bits to
  42. B<*secbits> and flag details to B<*flags>. Any of the parameters can
  43. be set to B<NULL> if the information is not required.
  44. X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
  45. about a signature in an B<X509_SIG_INFO> structure. They are only
  46. used by implementations of algorithms which need to set custom
  47. signature information: most applications will never need to call
  48. them.
  49. =head1 NOTES
  50. These functions provide lower level access to signatures in certificates
  51. where an application wishes to analyse or generate a signature in a form
  52. where X509_sign() et al is not appropriate (for example a non standard
  53. or unsupported format).
  54. The security bits returned by X509_get_signature_info() refers to information
  55. available from the certificate signature (such as the signing digest). In some
  56. cases the actual security of the signature is less because the signing
  57. key is less secure: for example a certificate signed using SHA-512 and a
  58. 1024 bit RSA key.
  59. =head1 RETURN VALUES
  60. X509_get_signature_nid(), X509_REQ_get_signature_nid() and
  61. X509_CRL_get_signature_nid() return a NID.
  62. X509_get0_signature(), X509_REQ_get0_signature() and
  63. X509_CRL_get0_signature() do not return values.
  64. X509_get_signature_info() returns 1 if the signature information
  65. returned is valid or 0 if the information is not available (e.g.
  66. unknown algorithms or malformed parameters).
  67. =head1 SEE ALSO
  68. L<d2i_X509(3)>,
  69. L<ERR_get_error(3)>,
  70. L<X509_CRL_get0_by_serial(3)>,
  71. L<X509_get_ext_d2i(3)>,
  72. L<X509_get_extension_flags(3)>,
  73. L<X509_get_pubkey(3)>,
  74. L<X509_get_subject_name(3)>,
  75. L<X509_get_version(3)>,
  76. L<X509_NAME_add_entry_by_txt(3)>,
  77. L<X509_NAME_ENTRY_get_object(3)>,
  78. L<X509_NAME_get_index_by_NID(3)>,
  79. L<X509_NAME_print_ex(3)>,
  80. L<X509_new(3)>,
  81. L<X509_sign(3)>,
  82. L<X509V3_get_d2i(3)>,
  83. L<X509_verify_cert(3)>
  84. =head1 HISTORY
  85. The
  86. X509_get0_signature() and X509_get_signature_nid() functions were
  87. added in OpenSSL 1.0.2.
  88. The
  89. X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
  90. X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
  91. added in OpenSSL 1.1.0.
  92. =head1 COPYRIGHT
  93. Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
  94. Licensed under the Apache License 2.0 (the "License"). You may not use
  95. this file except in compliance with the License. You can obtain a copy
  96. in the file LICENSE in the source distribution or at
  97. L<https://www.openssl.org/source/license.html>.
  98. =cut