Ubuntu Manpage: OSSL_CRMF_MSG_get0_tmpl, OSSL_CRMF_CERTTEMPLATE_get0_publicKey, OSSL_CRMF_CERTTEMPLATE_get0

Provided by: libssl-doc_3.5.0-2ubuntu1_all

NAME

       OSSL_CRMF_MSG_get0_tmpl, OSSL_CRMF_CERTTEMPLATE_get0_publicKey, OSSL_CRMF_CERTTEMPLATE_get0_subject,
       OSSL_CRMF_CERTTEMPLATE_get0_issuer, OSSL_CRMF_CERTTEMPLATE_get0_serialNumber,
       OSSL_CRMF_CERTTEMPLATE_get0_extensions, OSSL_CRMF_CERTID_get0_serialNumber, OSSL_CRMF_CERTID_get0_issuer,
       OSSL_CRMF_ENCRYPTEDKEY_get1_encCert, OSSL_CRMF_ENCRYPTEDKEY_get1_pkey,
       OSSL_CRMF_ENCRYPTEDKEY_init_envdata, OSSL_CRMF_ENCRYPTEDVALUE_decrypt,
       OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, OSSL_CRMF_MSG_get_certReqId, OSSL_CRMF_MSG_centralkeygen_requested
       - functions reading from CRMF CertReqMsg structures

SYNOPSIS

        #include <openssl/crmf.h>

        OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
        X509_PUBKEY
        *OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
        const X509_NAME
        *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
        const X509_NAME
        *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
        const ASN1_INTEGER
        *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
        X509_EXTENSIONS
        *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);

        const ASN1_INTEGER
        *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
        const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);

        X509 *OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(const OSSL_CRMF_ENCRYPTEDKEY *ecert,
                                                  OSSL_LIB_CTX *libctx, const char *propq,
                                                  EVP_PKEY *pkey, unsigned int flags);
        EVP_PKEY
        *OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(OSSL_CRMF_ENCRYPTEDKEY *encryptedKey,
                                          X509_STORE *ts, STACK_OF(X509) *extra,
                                          EVP_PKEY *pkey, X509 *cert,
                                          ASN1_OCTET_STRING *secret,
                                          OSSL_LIB_CTX *libctx, const char *propq);
        OSSL_CRMF_ENCRYPTEDKEY
        *OSSL_CRMF_ENCRYPTEDKEY_init_envdata(CMS_EnvelopedData *envdata);

        unsigned char
        *OSSL_CRMF_ENCRYPTEDVALUE_decrypt(const OSSL_CRMF_ENCRYPTEDVALUE *enc,
                                          OSSL_LIB_CTX *libctx, const char *propq,
                                          EVP_PKEY *pkey, int *outlen);
        X509
        *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
                                               OSSL_LIB_CTX *libctx, const char *propq,
                                               EVP_PKEY *pkey);

        int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
        int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm,
                                                  const X509_REQ *p10cr);

DESCRIPTION

       OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of crm.

       OSSL_CRMF_CERTTEMPLATE_get0_publicKey() retrieves the public key of the given certificate template tmpl.

       OSSL_CRMF_CERTTEMPLATE_get0_subject() retrieves the subject name of the given certificate template tmpl.

       OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the given certificate template tmpl.

       OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the given certificate template
       tmpl.

       OSSL_CRMF_CERTTEMPLATE_get0_extensions() retrieves the X.509 extensions of the given certificate template
       tmpl, or NULL if not present.

       OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber of the given CertId cid.

       OSSL_CRMF_CERTID_get0_issuer retrieves the issuer name of the given CertId cid, which must be of ASN.1
       type GEN_DIRNAME.

       OSSL_CRMF_ENCRYPTEDKEY_get1_encCert() decrypts the certificate in the given encryptedKey ecert, using the
       private key pkey, library context libctx and property query string propq (see OSSL_LIB_CTX(3)).  This is
       needed for the indirect POPO method as in RFC 4210 section 5.2.8.2.  The function returns the decrypted
       certificate as a copy, leaving its ownership with the caller, who is responsible for freeing it.

       OSSL_CRMF_ENCRYPTEDKEY_get1_pkey() decrypts the private key in encryptedKey.  If encryptedKey is not of
       type OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA, decryption uses the private key pkey.  The library context
       libctx and property query propq are taken into account as usual.  The rest of this paragraph is relevant
       only if CMS support not disabled for the OpenSSL build and encryptedKey is of type case
       OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA.  Decryption uses the secret parameter if not NULL; otherwise uses
       the private key <pkey> and the certificate cert related to pkey, where cert is recommended to be given if
       available.  On success, the function verifies the decrypted data as signed data, using the trust store ts
       and any untrusted certificates in extra.  Doing so, it checks for the purpose "CMP Key Generation
       Authority" (cmKGA).

       OSSL_CRMF_ENCRYPTEDKEY_init_envdata() returns OSSL_CRMF_ENCRYPTEDKEY, intialized with the enveloped data
       envdata.

       OSSL_CRMF_ENCRYPTEDVALUE_decrypt() decrypts the encrypted value in the given encryptedValue enc, using
       the private key pkey, library context libctx and property query string propq (see OSSL_LIB_CTX(3)).

       OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert() decrypts the certificate in the given encryptedValue ecert, using
       the private key pkey, library context libctx and property query string propq (see OSSL_LIB_CTX(3)).  This
       is needed for the indirect POPO method as in RFC 4210 section 5.2.8.2.  The function returns the
       decrypted certificate as a copy, leaving its ownership with the caller, who is responsible for freeing
       it.

       OSSL_CRMF_MSG_get_certReqId() retrieves the certReqId of crm.

       OSSL_CRMF_MSG_centralkeygen_requested() returns 1 if central key generation is requested i.e., the public
       key in the certificate request (crm is taken if it is non-NULL, otherwise p10cr) is NULL or has an empty
       key value (with length zero).  In case crm is non-NULL, this is checked for consistency with its popo
       field (must be NULL if and only if central key generation is requested).  Otherwise it returns 0, and on
       error a negative value.

RETURN VALUES

       OSSL_CRMF_MSG_get_certReqId() returns the certificate request ID as a nonnegative integer or -1 on error.

       OSSL_CRMF_MSG_centralkeygen_requested() returns 1 if central key generation is requested, 0 if it is not
       requested, and a negative value on error.

       All other functions return a pointer with the intended result or NULL on error.

HISTORY

       The OpenSSL CRMF support was added in OpenSSL 3.0.

       OSSL_CRMF_CERTTEMPLATE_get0_publicKey() was added in OpenSSL 3.2.

       OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(), OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(),
       OSSL_CRMF_ENCRYPTEDKEY_init_envdata(), OSSL_CRMF_ENCRYPTEDVALUE_decrypt() and
       OSSL_CRMF_MSG_centralkeygen_requested() were added in OpenSSL 3.5.

COPYRIGHT

       Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use this file except in compliance
       with the License.  You can obtain a copy in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>.

3.5.0                                              2025-06-04                      OSSL_CRMF_MSG_GET0_TMPL(3SSL)

NAME

SYNOPSIS

DESCRIPTION

RETURN VALUES

SEE ALSO

HISTORY

COPYRIGHT