1X509_GET0_SIGNATURE(3)              OpenSSL             X509_GET0_SIGNATURE(3)
2
3
4

NAME

6       X509_get0_signature, X509_REQ_set0_signature,
7       X509_REQ_set1_signature_algo, X509_get_signature_nid,
8       X509_get0_tbs_sigalg, X509_REQ_get0_signature,
9       X509_REQ_get_signature_nid, X509_CRL_get0_signature,
10       X509_CRL_get_signature_nid, X509_get_signature_info, X509_SIG_INFO_get,
11       X509_SIG_INFO_set - signature information
12

SYNOPSIS

14        #include <openssl/x509.h>
15
16        void X509_get0_signature(const ASN1_BIT_STRING **psig,
17                                 const X509_ALGOR **palg,
18                                 const X509 *x);
19        void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
20        int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
21        int X509_get_signature_nid(const X509 *x);
22        const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
23
24        void X509_REQ_get0_signature(const X509_REQ *crl,
25                                     const ASN1_BIT_STRING **psig,
26                                     const X509_ALGOR **palg);
27        int X509_REQ_get_signature_nid(const X509_REQ *crl);
28
29        void X509_CRL_get0_signature(const X509_CRL *crl,
30                                     const ASN1_BIT_STRING **psig,
31                                     const X509_ALGOR **palg);
32        int X509_CRL_get_signature_nid(const X509_CRL *crl);
33
34        int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
35                                    uint32_t *flags);
36
37        int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
38                             int *secbits, uint32_t *flags);
39        void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
40                               int secbits, uint32_t flags);
41

DESCRIPTION

43       X509_get0_signature() sets *psig to the signature of x and *palg to the
44       signature algorithm of x. The values returned are internal pointers
45       which MUST NOT be freed up after the call.
46
47       X509_set0_signature() and X509_REQ_set1_signature_algo() are the
48       equivalent setters for the two values of X509_get0_signature().
49
50       X509_get0_tbs_sigalg() returns the signature algorithm in the signed
51       portion of x.
52
53       X509_get_signature_nid() returns the NID corresponding to the signature
54       algorithm of x.
55
56       X509_REQ_get0_signature(), X509_REQ_get_signature_nid()
57       X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the
58       same function for certificate requests and CRLs.
59
60       X509_get_signature_info() retrieves information about the signature of
61       certificate x. The NID of the signing digest is written to *mdnid, the
62       public key algorithm to *pknid, the effective security bits to *secbits
63       and flag details to *flags. Any of the parameters can be set to NULL if
64       the information is not required.
65
66       X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information
67       about a signature in an X509_SIG_INFO structure. They are only used by
68       implementations of algorithms which need to set custom signature
69       information: most applications will never need to call them.
70

NOTES

72       These functions provide lower level access to signatures in
73       certificates where an application wishes to analyse or generate a
74       signature in a form where X509_sign() et al is not appropriate (for
75       example a non standard or unsupported format).
76
77       The security bits returned by X509_get_signature_info() refers to
78       information available from the certificate signature (such as the
79       signing digest). In some cases the actual security of the signature is
80       less because the signing key is less secure: for example a certificate
81       signed using SHA-512 and a 1024 bit RSA key.
82

RETURN VALUES

84       X509_get_signature_nid(), X509_REQ_get_signature_nid() and
85       X509_CRL_get_signature_nid() return a NID.
86
87       X509_get0_signature(), X509_REQ_get0_signature() and
88       X509_CRL_get0_signature() do not return values.
89
90       X509_get_signature_info() returns 1 if the signature information
91       returned is valid or 0 if the information is not available (e.g.
92       unknown algorithms or malformed parameters).
93
94       X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an error
95       (e.g. null ALGO pointer). X509_REQ_set0_signature does not return an
96       error value.
97

SEE ALSO

99       d2i_X509(3), ERR_get_error(3), X509_CRL_get0_by_serial(3),
100       X509_get_ext_d2i(3), X509_get_extension_flags(3), X509_get_pubkey(3),
101       X509_get_subject_name(3), X509_get_version(3),
102       X509_NAME_add_entry_by_txt(3), X509_NAME_ENTRY_get_object(3),
103       X509_NAME_get_index_by_NID(3), X509_NAME_print_ex(3), X509_new(3),
104       X509_sign(3), X509V3_get_d2i(3), X509_verify_cert(3)
105

HISTORY

107       The X509_get0_signature() and X509_get_signature_nid() functions were
108       added in OpenSSL 1.0.2.
109
110       The X509_REQ_get0_signature(), X509_REQ_get_signature_nid(),
111       X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were added
112       in OpenSSL 1.1.0.
113
114       The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo() were
115       added in OpenSSL 1.1.1e.
116
118       Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
119
120       Licensed under the OpenSSL license (the "License").  You may not use
121       this file except in compliance with the License.  You can obtain a copy
122       in the file LICENSE in the source distribution or at
123       <https://www.openssl.org/source/license.html>.
124
125
126
1271.1.1q                            2023-07-20            X509_GET0_SIGNATURE(3)
Impressum