xref: /freebsd/crypto/openssl/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod (revision e7be843b4a162e68651d3911f0357ed464915629) 
1=pod
2
3=head1 NAME
4
5OSSL_CRMF_MSG_get0_tmpl,
6OSSL_CRMF_CERTTEMPLATE_get0_publicKey,
7OSSL_CRMF_CERTTEMPLATE_get0_subject,
8OSSL_CRMF_CERTTEMPLATE_get0_issuer,
9OSSL_CRMF_CERTTEMPLATE_get0_serialNumber,
10OSSL_CRMF_CERTTEMPLATE_get0_extensions,
11OSSL_CRMF_CERTID_get0_serialNumber,
12OSSL_CRMF_CERTID_get0_issuer,
13OSSL_CRMF_ENCRYPTEDKEY_get1_encCert,
14OSSL_CRMF_ENCRYPTEDKEY_get1_pkey,
15OSSL_CRMF_ENCRYPTEDKEY_init_envdata,
16OSSL_CRMF_ENCRYPTEDVALUE_decrypt,
17OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert,
18OSSL_CRMF_MSG_get_certReqId,
19OSSL_CRMF_MSG_centralkeygen_requested
20- functions reading from CRMF CertReqMsg structures
21
22=head1 SYNOPSIS
23
24 #include <openssl/crmf.h>
25
26 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
27 X509_PUBKEY
28 *OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
29 const X509_NAME
30 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
31 const X509_NAME
32 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
33 const ASN1_INTEGER
34 *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
35 X509_EXTENSIONS
36 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
37
38 const ASN1_INTEGER
39 *OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
40 const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
41
42 X509 *OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(const OSSL_CRMF_ENCRYPTEDKEY *ecert,
43                                           OSSL_LIB_CTX *libctx, const char *propq,
44                                           EVP_PKEY *pkey, unsigned int flags);
45 EVP_PKEY
46 *OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(OSSL_CRMF_ENCRYPTEDKEY *encryptedKey,
47                                   X509_STORE *ts, STACK_OF(X509) *extra,
48                                   EVP_PKEY *pkey, X509 *cert,
49                                   ASN1_OCTET_STRING *secret,
50                                   OSSL_LIB_CTX *libctx, const char *propq);
51 OSSL_CRMF_ENCRYPTEDKEY
52 *OSSL_CRMF_ENCRYPTEDKEY_init_envdata(CMS_EnvelopedData *envdata);
53
54 unsigned char
55 *OSSL_CRMF_ENCRYPTEDVALUE_decrypt(const OSSL_CRMF_ENCRYPTEDVALUE *enc,
56                                   OSSL_LIB_CTX *libctx, const char *propq,
57                                   EVP_PKEY *pkey, int *outlen);
58 X509
59 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
60                                        OSSL_LIB_CTX *libctx, const char *propq,
61                                        EVP_PKEY *pkey);
62
63 int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
64 int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm,
65                                           const X509_REQ *p10cr);
66
67=head1 DESCRIPTION
68
69OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of I<crm>.
70
71OSSL_CRMF_CERTTEMPLATE_get0_publicKey() retrieves the public key of the
72given certificate template I<tmpl>.
73
74OSSL_CRMF_CERTTEMPLATE_get0_subject() retrieves the subject name of the
75given certificate template I<tmpl>.
76
77OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the
78given certificate template I<tmpl>.
79
80OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the
81given certificate template I<tmpl>.
82
83OSSL_CRMF_CERTTEMPLATE_get0_extensions() retrieves the X.509 extensions
84of the given certificate template I<tmpl>, or NULL if not present.
85
86OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber
87of the given CertId I<cid>.
88
89OSSL_CRMF_CERTID_get0_issuer retrieves the issuer name
90of the given CertId I<cid>, which must be of ASN.1 type GEN_DIRNAME.
91
92OSSL_CRMF_ENCRYPTEDKEY_get1_encCert() decrypts the certificate in the given
93encryptedKey I<ecert>, using the private key I<pkey>, library context
94I<libctx> and property query string I<propq> (see L<OSSL_LIB_CTX(3)>).
95This is needed for the indirect POPO method as in RFC 4210 section 5.2.8.2.
96The function returns the decrypted certificate as a copy, leaving its ownership
97with the caller, who is responsible for freeing it.
98
99OSSL_CRMF_ENCRYPTEDKEY_get1_pkey() decrypts the private key in I<encryptedKey>.
100If I<encryptedKey> is not of type B<OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA>,
101decryption uses the private key I<pkey>.
102The library context I<libctx> and property query I<propq> are taken into account as usual.
103The rest of this paragraph is relevant only if CMS support not disabled for the OpenSSL build
104and I<encryptedKey> is of type case B<OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA>.
105Decryption uses the I<secret> parameter if not NULL;
106otherwise uses the private key <pkey> and the certificate I<cert>
107related to I<pkey>, where I<cert> is recommended to be given if available.
108On success, the function verifies the decrypted data as signed data,
109using the trust store I<ts> and any untrusted certificates in I<extra>.
110Doing so, it checks for the purpose "CMP Key Generation Authority" (cmKGA).
111
112OSSL_CRMF_ENCRYPTEDKEY_init_envdata() returns I<OSSL_CRMF_ENCRYPTEDKEY>, initialized with
113the enveloped data I<envdata>.
114
115OSSL_CRMF_ENCRYPTEDVALUE_decrypt() decrypts the encrypted value in the given
116encryptedValue I<enc>, using the private key I<pkey>, library context
117I<libctx> and property query string I<propq> (see L<OSSL_LIB_CTX(3)>).
118
119OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert() decrypts the certificate in the given
120encryptedValue I<ecert>, using the private key I<pkey>, library context
121I<libctx> and property query string I<propq> (see L<OSSL_LIB_CTX(3)>).
122This is needed for the indirect POPO method as in RFC 4210 section 5.2.8.2.
123The function returns the decrypted certificate as a copy, leaving its ownership
124with the caller, who is responsible for freeing it.
125
126OSSL_CRMF_MSG_get_certReqId() retrieves the certReqId of I<crm>.
127
128OSSL_CRMF_MSG_centralkeygen_requested() returns 1 if central key generation
129is requested i.e., the public key in the certificate request (I<crm> is taken if it is non-NULL,
130otherwise I<p10cr>) is NULL or has an empty key value (with length zero).
131In case I<crm> is non-NULL, this is checked for consistency with its B<popo> field
132(must be NULL if and only if central key generation is requested).
133Otherwise it returns 0, and on error a negative value.
134
135=head1 RETURN VALUES
136
137OSSL_CRMF_MSG_get_certReqId() returns the certificate request ID as a
138nonnegative integer or -1 on error.
139
140OSSL_CRMF_MSG_centralkeygen_requested() returns 1 if central key generation
141is requested, 0 if it is not requested, and a negative value on error.
142
143All other functions return a pointer with the intended result or NULL on error.
144
145=head1 SEE ALSO
146
147RFC 4211
148
149=head1 HISTORY
150
151The OpenSSL CRMF support was added in OpenSSL 3.0.
152
153OSSL_CRMF_CERTTEMPLATE_get0_publicKey() was added in OpenSSL 3.2.
154
155OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(), OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(),
156OSSL_CRMF_ENCRYPTEDKEY_init_envdata(), OSSL_CRMF_ENCRYPTEDVALUE_decrypt()
157and OSSL_CRMF_MSG_centralkeygen_requested() were added in OpenSSL 3.5.
158
159=head1 COPYRIGHT
160
161Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
162
163Licensed under the Apache License 2.0 (the "License").  You may not use
164this file except in compliance with the License.  You can obtain a copy
165in the file LICENSE in the source distribution or at
166L<https://www.openssl.org/source/license.html>.
167
168=cut
169