Provided by: libssl-doc_3.5.3-1ubuntu2_all 
NAME
OSSL_CRMF_MSG_get0_tmpl, OSSL_CRMF_CERTTEMPLATE_get0_publicKey, OSSL_CRMF_CERTTEMPLATE_get0_subject,
OSSL_CRMF_CERTTEMPLATE_get0_issuer, OSSL_CRMF_CERTTEMPLATE_get0_serialNumber,
OSSL_CRMF_CERTTEMPLATE_get0_extensions, OSSL_CRMF_CERTID_get0_serialNumber, OSSL_CRMF_CERTID_get0_issuer,
OSSL_CRMF_ENCRYPTEDKEY_get1_encCert, OSSL_CRMF_ENCRYPTEDKEY_get1_pkey,
OSSL_CRMF_ENCRYPTEDKEY_init_envdata, OSSL_CRMF_ENCRYPTEDVALUE_decrypt,
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, OSSL_CRMF_MSG_get_certReqId, OSSL_CRMF_MSG_centralkeygen_requested
- functions reading from CRMF CertReqMsg structures
SYNOPSIS
#include <openssl/crmf.h>
OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
X509_PUBKEY
*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const ASN1_INTEGER
*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
X509_EXTENSIONS
*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const ASN1_INTEGER
*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
X509 *OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(const OSSL_CRMF_ENCRYPTEDKEY *ecert,
OSSL_LIB_CTX *libctx, const char *propq,
EVP_PKEY *pkey, unsigned int flags);
EVP_PKEY
*OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(OSSL_CRMF_ENCRYPTEDKEY *encryptedKey,
X509_STORE *ts, STACK_OF(X509) *extra,
EVP_PKEY *pkey, X509 *cert,
ASN1_OCTET_STRING *secret,
OSSL_LIB_CTX *libctx, const char *propq);
OSSL_CRMF_ENCRYPTEDKEY
*OSSL_CRMF_ENCRYPTEDKEY_init_envdata(CMS_EnvelopedData *envdata);
unsigned char
*OSSL_CRMF_ENCRYPTEDVALUE_decrypt(const OSSL_CRMF_ENCRYPTEDVALUE *enc,
OSSL_LIB_CTX *libctx, const char *propq,
EVP_PKEY *pkey, int *outlen);
X509
*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
OSSL_LIB_CTX *libctx, const char *propq,
EVP_PKEY *pkey);
int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm,
const X509_REQ *p10cr);
DESCRIPTION
OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of crm.
OSSL_CRMF_CERTTEMPLATE_get0_publicKey() retrieves the public key of the given certificate template tmpl.
OSSL_CRMF_CERTTEMPLATE_get0_subject() retrieves the subject name of the given certificate template tmpl.
OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the given certificate template tmpl.
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the given certificate template
tmpl.
OSSL_CRMF_CERTTEMPLATE_get0_extensions() retrieves the X.509 extensions of the given certificate template
tmpl, or NULL if not present.
OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber of the given CertId cid.
OSSL_CRMF_CERTID_get0_issuer retrieves the issuer name of the given CertId cid, which must be of ASN.1
type GEN_DIRNAME.
OSSL_CRMF_ENCRYPTEDKEY_get1_encCert() decrypts the certificate in the given encryptedKey ecert, using the
private key pkey, library context libctx and property query string propq (see OSSL_LIB_CTX(3)). This is
needed for the indirect POPO method as in RFC 4210 section 5.2.8.2. The function returns the decrypted
certificate as a copy, leaving its ownership with the caller, who is responsible for freeing it.
OSSL_CRMF_ENCRYPTEDKEY_get1_pkey() decrypts the private key in encryptedKey. If encryptedKey is not of
type OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA, decryption uses the private key pkey. The library context
libctx and property query propq are taken into account as usual. The rest of this paragraph is relevant
only if CMS support not disabled for the OpenSSL build and encryptedKey is of type case
OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA. Decryption uses the secret parameter if not NULL; otherwise uses
the private key <pkey> and the certificate cert related to pkey, where cert is recommended to be given if
available. On success, the function verifies the decrypted data as signed data, using the trust store ts
and any untrusted certificates in extra. Doing so, it checks for the purpose "CMP Key Generation
Authority" (cmKGA).
OSSL_CRMF_ENCRYPTEDKEY_init_envdata() returns OSSL_CRMF_ENCRYPTEDKEY, initialized with the enveloped data
envdata.
OSSL_CRMF_ENCRYPTEDVALUE_decrypt() decrypts the encrypted value in the given encryptedValue enc, using
the private key pkey, library context libctx and property query string propq (see OSSL_LIB_CTX(3)).
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert() decrypts the certificate in the given encryptedValue ecert, using
the private key pkey, library context libctx and property query string propq (see OSSL_LIB_CTX(3)). This
is needed for the indirect POPO method as in RFC 4210 section 5.2.8.2. The function returns the
decrypted certificate as a copy, leaving its ownership with the caller, who is responsible for freeing
it.
OSSL_CRMF_MSG_get_certReqId() retrieves the certReqId of crm.
OSSL_CRMF_MSG_centralkeygen_requested() returns 1 if central key generation is requested i.e., the public
key in the certificate request (crm is taken if it is non-NULL, otherwise p10cr) is NULL or has an empty
key value (with length zero). In case crm is non-NULL, this is checked for consistency with its popo
field (must be NULL if and only if central key generation is requested). Otherwise it returns 0, and on
error a negative value.
RETURN VALUES
OSSL_CRMF_MSG_get_certReqId() returns the certificate request ID as a nonnegative integer or -1 on error.
OSSL_CRMF_MSG_centralkeygen_requested() returns 1 if central key generation is requested, 0 if it is not
requested, and a negative value on error.
All other functions return a pointer with the intended result or NULL on error.
SEE ALSO
RFC 4211
HISTORY
The OpenSSL CRMF support was added in OpenSSL 3.0.
OSSL_CRMF_CERTTEMPLATE_get0_publicKey() was added in OpenSSL 3.2.
OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(), OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(),
OSSL_CRMF_ENCRYPTEDKEY_init_envdata(), OSSL_CRMF_ENCRYPTEDVALUE_decrypt() and
OSSL_CRMF_MSG_centralkeygen_requested() were added in OpenSSL 3.5.
COPYRIGHT
Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance
with the License. You can obtain a copy in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.
3.5.3 2025-09-16 OSSL_CRMF_MSG_GET0_TMPL(3SSL)