| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo,
|
|---|
| 6 | X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature,
|
|---|
| 7 | X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid,
|
|---|
| 8 | X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set - signature information
|
|---|
| 9 |
|
|---|
| 10 | =head1 SYNOPSIS
|
|---|
| 11 |
|
|---|
| 12 | #include <openssl/x509.h>
|
|---|
| 13 |
|
|---|
| 14 | void X509_get0_signature(const ASN1_BIT_STRING **psig,
|
|---|
| 15 | const X509_ALGOR **palg,
|
|---|
| 16 | const X509 *x);
|
|---|
| 17 | void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
|
|---|
| 18 | int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
|
|---|
| 19 | int X509_get_signature_nid(const X509 *x);
|
|---|
| 20 | const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
|
|---|
| 21 |
|
|---|
| 22 | void X509_REQ_get0_signature(const X509_REQ *crl,
|
|---|
| 23 | const ASN1_BIT_STRING **psig,
|
|---|
| 24 | const X509_ALGOR **palg);
|
|---|
| 25 | int X509_REQ_get_signature_nid(const X509_REQ *crl);
|
|---|
| 26 |
|
|---|
| 27 | void X509_CRL_get0_signature(const X509_CRL *crl,
|
|---|
| 28 | const ASN1_BIT_STRING **psig,
|
|---|
| 29 | const X509_ALGOR **palg);
|
|---|
| 30 | int X509_CRL_get_signature_nid(const X509_CRL *crl);
|
|---|
| 31 |
|
|---|
| 32 | int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
|
|---|
| 33 | uint32_t *flags);
|
|---|
| 34 |
|
|---|
| 35 | int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
|
|---|
| 36 | int *secbits, uint32_t *flags);
|
|---|
| 37 | void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
|
|---|
| 38 | int secbits, uint32_t flags);
|
|---|
| 39 |
|
|---|
| 40 | =head1 DESCRIPTION
|
|---|
| 41 |
|
|---|
| 42 | X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg>
|
|---|
| 43 | to the signature algorithm of B<x>. The values returned are internal
|
|---|
| 44 | pointers which B<MUST NOT> be freed up after the call.
|
|---|
| 45 |
|
|---|
| 46 | X509_set0_signature() and X509_REQ_set1_signature_algo() are the
|
|---|
| 47 | equivalent setters for the two values of X509_get0_signature().
|
|---|
| 48 |
|
|---|
| 49 | X509_get0_tbs_sigalg() returns the signature algorithm in the signed
|
|---|
| 50 | portion of B<x>.
|
|---|
| 51 |
|
|---|
| 52 | X509_get_signature_nid() returns the NID corresponding to the signature
|
|---|
| 53 | algorithm of B<x>.
|
|---|
| 54 |
|
|---|
| 55 | X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
|
|---|
| 56 | X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
|
|---|
| 57 | same function for certificate requests and CRLs.
|
|---|
| 58 |
|
|---|
| 59 | X509_get_signature_info() retrieves information about the signature of
|
|---|
| 60 | certificate B<x>. The NID of the signing digest is written to B<*mdnid>,
|
|---|
| 61 | the public key algorithm to B<*pknid>, the effective security bits to
|
|---|
| 62 | B<*secbits> and flag details to B<*flags>. Any of the parameters can
|
|---|
| 63 | be set to B<NULL> if the information is not required.
|
|---|
| 64 |
|
|---|
| 65 | X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
|
|---|
| 66 | about a signature in an B<X509_SIG_INFO> structure. They are only
|
|---|
| 67 | used by implementations of algorithms which need to set custom
|
|---|
| 68 | signature information: most applications will never need to call
|
|---|
| 69 | them.
|
|---|
| 70 |
|
|---|
| 71 | =head1 NOTES
|
|---|
| 72 |
|
|---|
| 73 | These functions provide lower level access to signatures in certificates
|
|---|
| 74 | where an application wishes to analyse or generate a signature in a form
|
|---|
| 75 | where X509_sign() et al is not appropriate (for example a non standard
|
|---|
| 76 | or unsupported format).
|
|---|
| 77 |
|
|---|
| 78 | The security bits returned by X509_get_signature_info() refers to information
|
|---|
| 79 | available from the certificate signature (such as the signing digest). In some
|
|---|
| 80 | cases the actual security of the signature is less because the signing
|
|---|
| 81 | key is less secure: for example a certificate signed using SHA-512 and a
|
|---|
| 82 | 1024 bit RSA key.
|
|---|
| 83 |
|
|---|
| 84 | =head1 RETURN VALUES
|
|---|
| 85 |
|
|---|
| 86 | X509_get_signature_nid(), X509_REQ_get_signature_nid() and
|
|---|
| 87 | X509_CRL_get_signature_nid() return a NID.
|
|---|
| 88 |
|
|---|
| 89 | X509_get0_signature(), X509_REQ_get0_signature() and
|
|---|
| 90 | X509_CRL_get0_signature() do not return values.
|
|---|
| 91 |
|
|---|
| 92 | X509_get_signature_info() returns 1 if the signature information
|
|---|
| 93 | returned is valid or 0 if the information is not available (e.g.
|
|---|
| 94 | unknown algorithms or malformed parameters).
|
|---|
| 95 |
|
|---|
| 96 | X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an
|
|---|
| 97 | error (e.g. null ALGO pointer). X509_REQ_set0_signature does
|
|---|
| 98 | not return an error value.
|
|---|
| 99 |
|
|---|
| 100 | =head1 SEE ALSO
|
|---|
| 101 |
|
|---|
| 102 | L<d2i_X509(3)>,
|
|---|
| 103 | L<ERR_get_error(3)>,
|
|---|
| 104 | L<X509_CRL_get0_by_serial(3)>,
|
|---|
| 105 | L<X509_get_ext_d2i(3)>,
|
|---|
| 106 | L<X509_get_extension_flags(3)>,
|
|---|
| 107 | L<X509_get_pubkey(3)>,
|
|---|
| 108 | L<X509_get_subject_name(3)>,
|
|---|
| 109 | L<X509_get_version(3)>,
|
|---|
| 110 | L<X509_NAME_add_entry_by_txt(3)>,
|
|---|
| 111 | L<X509_NAME_ENTRY_get_object(3)>,
|
|---|
| 112 | L<X509_NAME_get_index_by_NID(3)>,
|
|---|
| 113 | L<X509_NAME_print_ex(3)>,
|
|---|
| 114 | L<X509_new(3)>,
|
|---|
| 115 | L<X509_sign(3)>,
|
|---|
| 116 | L<X509V3_get_d2i(3)>,
|
|---|
| 117 | L<X509_verify_cert(3)>
|
|---|
| 118 |
|
|---|
| 119 | =head1 HISTORY
|
|---|
| 120 |
|
|---|
| 121 | The
|
|---|
| 122 | X509_get0_signature() and X509_get_signature_nid() functions were
|
|---|
| 123 | added in OpenSSL 1.0.2.
|
|---|
| 124 |
|
|---|
| 125 | The
|
|---|
| 126 | X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
|
|---|
| 127 | X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were
|
|---|
| 128 | added in OpenSSL 1.1.0.
|
|---|
| 129 |
|
|---|
| 130 | The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo()
|
|---|
| 131 | were added in OpenSSL 1.1.1e.
|
|---|
| 132 |
|
|---|
| 133 | =head1 COPYRIGHT
|
|---|
| 134 |
|
|---|
| 135 | Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 136 |
|
|---|
| 137 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 138 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 139 | in the file LICENSE in the source distribution or at
|
|---|
| 140 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 141 |
|
|---|
| 142 | =cut
|
|---|
