1=pod 2 3=head1 NAME 4 5X509_get0_signature, X509_REQ_set0_signature, X509_REQ_set1_signature_algo, 6X509_get_signature_nid, X509_get0_tbs_sigalg, X509_REQ_get0_signature, 7X509_REQ_get_signature_nid, X509_CRL_get0_signature, X509_CRL_get_signature_nid, 8X509_ACERT_get0_signature, X509_ACERT_get0_info_sigalg, 9X509_ACERT_get_signature_nid, X509_get_signature_info, 10X509_SIG_INFO_get, X509_SIG_INFO_set - signature information 11 12=head1 SYNOPSIS 13 14 #include <openssl/x509.h> 15 16 void X509_get0_signature(const ASN1_BIT_STRING **psig, 17 const X509_ALGOR **palg, 18 const X509 *x); 19 void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig); 20 int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg); 21 int X509_get_signature_nid(const X509 *x); 22 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); 23 24 void X509_REQ_get0_signature(const X509_REQ *crl, 25 const ASN1_BIT_STRING **psig, 26 const X509_ALGOR **palg); 27 int X509_REQ_get_signature_nid(const X509_REQ *crl); 28 29 const X509_ALGOR *X509_ACERT_get0_info_sigalg(const X509_ACERT *x); 30 31 void X509_CRL_get0_signature(const X509_CRL *crl, 32 const ASN1_BIT_STRING **psig, 33 const X509_ALGOR **palg); 34 int X509_CRL_get_signature_nid(const X509_CRL *crl); 35 36 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, 37 uint32_t *flags); 38 39 int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid, 40 int *secbits, uint32_t *flags); 41 void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid, 42 int secbits, uint32_t flags); 43 44 #include <openssl/x509_acert.h> 45 46 void X509_ACERT_get0_signature(const X509_ACERT *x, 47 const ASN1_BIT_STRING **psig, 48 const X509_ALGOR **palg); 49 int X509_ACERT_get_signature_nid(const X509_ACERT *x); 50=head1 DESCRIPTION 51 52X509_get0_signature() sets B<*psig> to the signature of B<x> and B<*palg> 53to the signature algorithm of B<x>. The values returned are internal 54pointers which B<MUST NOT> be freed up after the call. 55 56X509_set0_signature() and X509_REQ_set1_signature_algo() are the 57equivalent setters for the two values of X509_get0_signature(). 58 59X509_get0_tbs_sigalg() returns the signature algorithm in the signed 60portion of B<x>. 61 62X509_get_signature_nid() returns the NID corresponding to the signature 63algorithm of B<x>. 64 65X509_REQ_get0_signature(), X509_REQ_get_signature_nid() 66X509_CRL_get0_signature() and X509_CRL_get_signature_nid() perform the 67same function for certificate requests and CRLs. 68 69X509_ACERT_get0_signature(), X509_ACERT_get_signature_nid() and 70X509_ACERT_get0_info_sigalg() perform the same function for attribute 71certificates. 72 73X509_get_signature_info() retrieves information about the signature of 74certificate B<x>. The NID of the signing digest is written to B<*mdnid>, 75the public key algorithm to B<*pknid>, the effective security bits to 76B<*secbits> and flag details to B<*flags>. Any of the parameters can 77be set to B<NULL> if the information is not required. 78 79X509_SIG_INFO_get() and X509_SIG_INFO_set() get and set information 80about a signature in an B<X509_SIG_INFO> structure. They are only 81used by implementations of algorithms which need to set custom 82signature information: most applications will never need to call 83them. 84 85=head1 NOTES 86 87These functions provide lower level access to signatures in certificates 88where an application wishes to analyse or generate a signature in a form 89where X509_sign() et al is not appropriate (for example a non standard 90or unsupported format). 91 92The security bits returned by X509_get_signature_info() refers to information 93available from the certificate signature (such as the signing digest). In some 94cases the actual security of the signature is less because the signing 95key is less secure: for example a certificate signed using SHA-512 and a 961024 bit RSA key. 97 98=head1 RETURN VALUES 99 100X509_get_signature_nid(), X509_REQ_get_signature_nid() and 101X509_CRL_get_signature_nid() return a NID. 102 103X509_get0_signature(), X509_REQ_get0_signature() and 104X509_CRL_get0_signature() do not return values. 105 106X509_get_signature_info() returns 1 if the signature information 107returned is valid or 0 if the information is not available (e.g. 108unknown algorithms or malformed parameters). 109 110X509_REQ_set1_signature_algo() returns 0 on success; or 1 on an 111error (e.g. null ALGO pointer). X509_REQ_set0_signature does 112not return an error value. 113 114=head1 SEE ALSO 115 116L<d2i_X509(3)>, 117L<ERR_get_error(3)>, 118L<X509_CRL_get0_by_serial(3)>, 119L<X509_get_ext_d2i(3)>, 120L<X509_get_extension_flags(3)>, 121L<X509_get_pubkey(3)>, 122L<X509_get_subject_name(3)>, 123L<X509_get_version(3)>, 124L<X509_NAME_add_entry_by_txt(3)>, 125L<X509_NAME_ENTRY_get_object(3)>, 126L<X509_NAME_get_index_by_NID(3)>, 127L<X509_NAME_print_ex(3)>, 128L<X509_new(3)>, 129L<X509_sign(3)>, 130L<X509V3_get_d2i(3)>, 131L<X509_verify_cert(3)> 132 133=head1 HISTORY 134 135The 136X509_get0_signature() and X509_get_signature_nid() functions were 137added in OpenSSL 1.0.2. 138 139The 140X509_REQ_get0_signature(), X509_REQ_get_signature_nid(), 141X509_CRL_get0_signature() and X509_CRL_get_signature_nid() were 142added in OpenSSL 1.1.0. 143 144The X509_REQ_set0_signature() and X509_REQ_set1_signature_algo() 145were added in OpenSSL 1.1.1e. 146 147The X509_ACERT_get0_signature(), X509_ACERT_get0_info_sigalg() and 148X509_ACERT_get_signature_nid() functions were added in OpenSSL 3.4. 149 150=head1 COPYRIGHT 151 152Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. 153 154Licensed under the Apache License 2.0 (the "License"). You may not use 155this file except in compliance with the License. You can obtain a copy 156in the file LICENSE in the source distribution or at 157L<https://www.openssl.org/source/license.html>. 158 159=cut 160
