OSSL_CRMF_MSG_GET0_TMPL(3ossl) OpenSSL OSSL_CRMF_MSG_GET0_TMPL(3ossl)
NAME
OSSL_CRMF_MSG_get0_tmpl, OSSL_CRMF_CERTTEMPLATE_get0_publicKey,
OSSL_CRMF_CERTTEMPLATE_get0_subject,
OSSL_CRMF_CERTTEMPLATE_get0_issuer,
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber,
OSSL_CRMF_CERTTEMPLATE_get0_extensions,
OSSL_CRMF_CERTID_get0_serialNumber, OSSL_CRMF_CERTID_get0_issuer,
OSSL_CRMF_ENCRYPTEDKEY_get1_encCert, OSSL_CRMF_ENCRYPTEDKEY_get1_pkey,
OSSL_CRMF_ENCRYPTEDKEY_init_envdata, OSSL_CRMF_ENCRYPTEDVALUE_decrypt,
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert, OSSL_CRMF_MSG_get_certReqId,
OSSL_CRMF_MSG_centralkeygen_requested - functions reading from CRMF
CertReqMsg structures
SYNOPSIS
#include <openssl/crmf.h>
OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
X509_PUBKEY
*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const X509_NAME
*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const ASN1_INTEGER
*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
X509_EXTENSIONS
*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
const ASN1_INTEGER
*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
const X509_NAME *OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
X509 *OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(const OSSL_CRMF_ENCRYPTEDKEY *ecert,
OSSL_LIB_CTX *libctx, const char *propq,
EVP_PKEY *pkey, unsigned int flags);
EVP_PKEY
*OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(OSSL_CRMF_ENCRYPTEDKEY *encryptedKey,
X509_STORE *ts, STACK_OF(X509) *extra,
EVP_PKEY *pkey, X509 *cert,
ASN1_OCTET_STRING *secret,
OSSL_LIB_CTX *libctx, const char *propq);
OSSL_CRMF_ENCRYPTEDKEY
*OSSL_CRMF_ENCRYPTEDKEY_init_envdata(CMS_EnvelopedData *envdata);
unsigned char
*OSSL_CRMF_ENCRYPTEDVALUE_decrypt(const OSSL_CRMF_ENCRYPTEDVALUE *enc,
OSSL_LIB_CTX *libctx, const char *propq,
EVP_PKEY *pkey, int *outlen);
X509
*OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
OSSL_LIB_CTX *libctx, const char *propq,
EVP_PKEY *pkey);
int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm,
const X509_REQ *p10cr);
DESCRIPTION
OSSL_CRMF_MSG_get0_tmpl(3) retrieves the certificate template of crm.
OSSL_CRMF_CERTTEMPLATE_get0_publicKey() retrieves the public key of the
given certificate template tmpl.
OSSL_CRMF_CERTTEMPLATE_get0_subject() retrieves the subject name of the
given certificate template tmpl.
OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the
given certificate template tmpl.
OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber
of the given certificate template tmpl.
OSSL_CRMF_CERTTEMPLATE_get0_extensions() retrieves the X.509 extensions
of the given certificate template tmpl, or NULL if not present.
OSSL_CRMF_CERTID_get0_serialNumber retrieves the serialNumber of the
given CertId cid.
OSSL_CRMF_CERTID_get0_issuer retrieves the issuer name of the given
CertId cid, which must be of ASN.1 type GEN_DIRNAME.
OSSL_CRMF_ENCRYPTEDKEY_get1_encCert() decrypts the certificate in the
given encryptedKey ecert, using the private key pkey, library context
libctx and property query string propq (see OSSL_LIB_CTX(3)). This is
needed for the indirect POPO method as in RFC 4210 section 5.2.8.2.
The function returns the decrypted certificate as a copy, leaving its
ownership with the caller, who is responsible for freeing it.
OSSL_CRMF_ENCRYPTEDKEY_get1_pkey() decrypts the private key in
encryptedKey. If encryptedKey is not of type
OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA, decryption uses the private key
pkey. The library context libctx and property query propq are taken
into account as usual. The rest of this paragraph is relevant only if
CMS support not disabled for the OpenSSL build and encryptedKey is of
type case OSSL_CRMF_ENCRYPTEDKEY_ENVELOPEDDATA. Decryption uses the
secret parameter if not NULL; otherwise uses the private key <pkey> and
the certificate cert related to pkey, where cert is recommended to be
given if available. On success, the function verifies the decrypted
data as signed data, using the trust store ts and any untrusted
certificates in extra. Doing so, it checks for the purpose "CMP Key
Generation Authority" (cmKGA).
OSSL_CRMF_ENCRYPTEDKEY_init_envdata() returns OSSL_CRMF_ENCRYPTEDKEY,
initialized with the enveloped data envdata.
OSSL_CRMF_ENCRYPTEDVALUE_decrypt() decrypts the encrypted value in the
given encryptedValue enc, using the private key pkey, library context
libctx and property query string propq (see OSSL_LIB_CTX(3)).
OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert() decrypts the certificate in the
given encryptedValue ecert, using the private key pkey, library context
libctx and property query string propq (see OSSL_LIB_CTX(3)). This is
needed for the indirect POPO method as in RFC 4210 section 5.2.8.2.
The function returns the decrypted certificate as a copy, leaving its
ownership with the caller, who is responsible for freeing it.
OSSL_CRMF_MSG_get_certReqId() retrieves the certReqId of crm.
OSSL_CRMF_MSG_centralkeygen_requested() returns 1 if central key
generation is requested i.e., the public key in the certificate request
(crm is taken if it is non-NULL, otherwise p10cr) is NULL or has an
empty key value (with length zero). In case crm is non-NULL, this is
checked for consistency with its popo field (must be NULL if and only
if central key generation is requested). Otherwise it returns 0, and
on error a negative value.
RETURN VALUES
OSSL_CRMF_MSG_get_certReqId() returns the certificate request ID as a
nonnegative integer or -1 on error.
OSSL_CRMF_MSG_centralkeygen_requested() returns 1 if central key
generation is requested, 0 if it is not requested, and a negative value
on error.
All other functions return a pointer with the intended result or NULL
on error.
SEE ALSO
RFC 4211
HISTORY
The OpenSSL CRMF support was added in OpenSSL 3.0.
OSSL_CRMF_CERTTEMPLATE_get0_publicKey() was added in OpenSSL 3.2.
OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(),
OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(),
OSSL_CRMF_ENCRYPTEDKEY_init_envdata(),
OSSL_CRMF_ENCRYPTEDVALUE_decrypt() and
OSSL_CRMF_MSG_centralkeygen_requested() were added in OpenSSL 3.5.
COPYRIGHT
Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.
3.5.4 2025-09-30 OSSL_CRMF_MSG_GET0_TMPL(3ossl)
openssl3 3.5.4 - Generated Thu Oct 2 13:00:25 CDT 2025