*** UNIX MANUAL PAGE BROWSER ***

A Nergahak database for man pages research.

Navigation

Location: Home > OpenBSD > Section 3 > X509_get0_signature
Quick Actions: [Home] [Up]

Directory Browser

1Browse 4.4BSD4.4BSD
1Browse Digital UNIXDigital UNIX 4.0e
1Browse FreeBSDFreeBSD 14.3
1Browse MINIXMINIX 3.4.0rc6-d5e4fc0
1Browse NetBSDNetBSD 10.1
1Browse OpenBSDOpenBSD 7.7
1Browse UNIX v7Version 7 UNIX
1Browse UNIX v10Version 10 UNIX

Manual Page Search

Manual Page Result

0 Command: X509_get0_signature | Section: 3 | Source: OpenBSD | File: X509_get0_signature.3
X509_GET0_SIGNATURE(3) FreeBSD Library Functions Manual NAME X509_get0_signature, X509_REQ_get0_signature, X509_CRL_get0_signature, X509_get0_tbs_sigalg, X509_CRL_get0_tbs_sigalg, X509_get_signature_type, X509_get_signature_nid, X509_REQ_get_signature_nid, X509_CRL_get_signature_nid, X509_get_signature_info - signature information SYNOPSIS #include <openssl/x509.h> void X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, const X509 *x); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); const X509_ALGOR * X509_get0_tbs_sigalg(const X509 *x); const X509_ALGOR * X509_CRL_get0_tbs_sigalg(const X509_CRL *crl); int X509_get_signature_type(const X509 *x); int X509_get_signature_nid(const X509 *x); int X509_REQ_get_signature_nid(const X509_REQ *req); int X509_CRL_get_signature_nid(const X509_CRL *crl); int X509_get_signature_info(X509 *x, int *md_nid, int *pkey_nid, int *security_bits, uint32_t *flags); DESCRIPTION X509_get0_signature(), X509_REQ_get0_signature(), and X509_CRL_get0_signature() set *psig to the signature and *palg to the signature algorithm of x, req, or crl, respectively. X509_get0_tbs_sigalg() and X509_CRL_get0_tbs_sigalg() return the signature algorithm in the signed portion of x or crl, respectively. The values returned are internal pointers that must not be freed by the caller. X509_get_signature_type() returns the base NID corresponding to the signature algorithm of x just like EVP_PKEY_base_id(3) does. X509_get_signature_nid(), X509_REQ_get_signature_nid(), and X509_CRL_get_signature_nid() return the NID corresponding to the signature algorithm of x, req, or crl, respectively, just like EVP_PKEY_id(3) does. X509_get_signature_info() retrieves information about the signature of certificate x. The NID of the digest algorithm is written to *md_nid, the public key algorithm to *pkey_nid, the effective security bits to *security_bits, and flag details to *flags. Any of the output parameters can be set to NULL if the information is not required. If flags is not a NULL pointer, *flags is set to the bitwise OR of: X509_SIG_INFO_VALID No error occurred. This flag is set if X509_get_signature_info() returns 1. X509_SIG_INFO_TLS The signature algorithm is appropriate for use in TLS. For a supported EdDSA algorithm (in LibreSSL this is Ed25519) this flag is always set. For an RSASSA-PSS PSS algorithm this flag is set if the parameters are DER encoded, the digest algorithm is one of SHA256, SHA384, or SHA512, the same digest algorithm is used in the mask generation function, and the salt length is equal to the digest algorithm's output length. For all other signature algorithms this flag is set if the digest algorithm is one of SHA1, SHA256, SHA384, or SHA512. X509_get_signature_info() returns 1 on success and 0 on failure. Failure conditions include unsupported signature algorithms, certificate parsing errors and memory allocation failure. These functions provide lower level access to the signature for cases where an application wishes to analyse or generate a signature in a form where X509_sign(3) is not appropriate, for example in a non-standard or unsupported format. SEE ALSO EVP_PKEY_base_id(3), OBJ_obj2nid(3), X509_ALGOR_new(3), X509_CRL_get0_by_serial(3), X509_CRL_new(3), X509_get_pubkey(3), X509_get_subject_name(3), X509_get_version(3), X509_new(3), X509_REQ_new(3), X509_sign(3), X509_signature_dump(3), X509_verify_cert(3) HISTORY X509_get_signature_type() first appeared in SSLeay 0.8.0 and has been available since OpenBSD 2.4. X509_get0_signature() and X509_get_signature_nid() first appeared in OpenSSL 1.0.2. X509_REQ_get0_signature(), X509_CRL_get0_signature(), X509_get0_tbs_sigalg(), X509_REQ_get_signature_nid(), and X509_CRL_get_signature_nid() first appeared in OpenSSL 1.1.0. All these functions have been available since OpenBSD 6.3. X509_CRL_get0_tbs_sigalg() first appeared in LibreSSL 3.7.1 and has been available since OpenBSD 7.3. X509_get_signature_info() first appeared in OpenSSL 1.1.1 and has been available since OpenBSD 7.6. CAVEATS The security bits returned by X509_get_signature_info() refer to the information available from the certificate signature (such as the signing digest). In some cases the actual security of the signature is smaller because the signing key is less secure. For example in a certificate signed using SHA512 and a 1024-bit RSA key. FreeBSD 14.1-RELEASE-p8 August 28, 2024 FreeBSD 14.1-RELEASE-p8

Navigation Options

Actions: [Home] [Back] [New Search]
Browse: [Browse OpenBSD] [Section 3]
Print/Export: [Print] [Raw Text]
Date: 2025-08-18 Time: 19:21:51 SAST |
Page generated in 0.3189 seconds
Nergahak ManpageViewer v1.4
[Back to Top]