1X509_GET0_SIGNATURE(3) OpenSSL X509_GET0_SIGNATURE(3)
2
3
4
6 X509_get0_signature, X509_get_signature_nid, X509_get0_tbs_sigalg,
7 X509_REQ_get0_signature, X509_REQ_get_signature_nid,
8 X509_CRL_get0_signature, X509_CRL_get_signature_nid,
9 X509_get_signature_info, X509_SIG_INFO_get, X509_SIG_INFO_set -
10 signature information
11
13 #include <openssl/x509.h>
14
15 void X509_get0_signature(const ASN1_BIT_STRING **psig,
16 const X509_ALGOR **palg,
17 const X509 *x);
18 int X509_get_signature_nid(const X509 *x);
19 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
20
21 void X509_REQ_get0_signature(const X509_REQ *crl,
22 const ASN1_BIT_STRING **psig,
23 const X509_ALGOR **palg);
24 int X509_REQ_get_signature_nid(const X509_REQ *crl);
25
26 void X509_CRL_get0_signature(const X509_CRL *crl,
27 const ASN1_BIT_STRING **psig,
28 const X509_ALGOR **palg);
29 int X509_CRL_get_signature_nid(const X509_CRL *crl);
30
31 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
32 uint32_t *flags);
33
34 int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
35 int *secbits, uint32_t *flags);
36 void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
37 int secbits, uint32_t flags);
38
40 X509_get0_signature() sets *psig to the signature of x and *palg to the
41 signature algorithm of x. The values returned are internal pointers
42 which MUST NOT be freed up after the call.
43
44 X509_get0_tbs_sigalg() returns the signature algorithm in the signed
45 portion of x.
46
47 X509_get_signature_nid() returns the NID corresponding to the signature
48 algorithm of x.
49
50 X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
51 X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
52 same function for certificate requests and CRLs.
53
54 X509_get_signature_info() retrieves information about the signature of
55 certificate x. The NID of the signing digest is written to *mdnid, the
56 public key algorithm to *pknid, the effective security bits to *secbits
57 and flag details to *flags. Any of the parameters can be set to NULL if
58 the information is not required.
59
60 X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
61 about a signature in an X509_SIG_INFO structure. They are only used by
62 implementations of algorithms which need to set custom signature
63 information: most applications will never need to call them.
64
66 These functions provide lower level access to signatures in
67 certificates where an application wishes to analyse or generate a
68 signature in a form where X509_sign() et al is not appropriate (for
69 example a non standard or unsupported format).
70
71 The security bits returned by X509_get_signature_info() refers to
72 information available from the certificate signature (such as the
73 signing digest). In some cases the actual security of the signature is
74 less because the signing key is less secure: for example a certificate
75 signed using SHA-512 and a 1024 bit RSA key.
76
78 X509_get_signature_nid(), X509_REQ_get_signature_nid() and
79 X509_CRL_get_signature_nid() return a NID.
80
81 X509_get0_signature(), X509_REQ_get0_signature() and
82 X509_CRL_get0_signature() do not return values.
83
84 X509_get_signature_info() returns 1 if the signature information
85 returned is valid or 0 if the information is not available (e.g.
86 unknown algorithms or malformed parameters).
87
89 d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3),
90 X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3),
91 X509_get_subject_name(3), X509_get_version(3),
92 X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3),
93 X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3),
94 X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)
95
97 X509_get0_signature() and X509_get_signature_nid() were first added to
98 OpenSSL 1.0.2.
99
100 X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
101 X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were first
102 added to OpenSSL 1.1.0.
103
105 Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
106
107 Licensed under the OpenSSL license (the "License"). You may not use
108 this file except in compliance with the License. You can obtain a copy
109 in the file LICENSE in the source distribution or at
110 <https://www.openssl.org/source/license.html>.
111
112
113
1141.1.1 2018-09-11 X509_GET0_SIGNATURE(3)