2019-12-14 01:54:15 +08:00
|
|
|
=pod
|
|
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
2020-08-13 23:44:54 +08:00
|
|
|
ossl_cmp_calc_protection,
|
2019-12-14 01:54:15 +08:00
|
|
|
ossl_cmp_msg_protect,
|
|
|
|
|
ossl_cmp_msg_add_extraCerts
|
|
|
|
|
- functions for producing CMP message protection
|
|
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
2020-05-13 22:03:26 +08:00
|
|
|
#include "cmp_local.h"
|
2019-12-14 01:54:15 +08:00
|
|
|
|
2020-08-13 23:44:54 +08:00
|
|
|
ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
|
|
|
|
|
const OSSL_CMP_MSG *msg);
|
2020-05-13 22:03:26 +08:00
|
|
|
int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
|
|
|
|
|
int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
|
2019-12-14 01:54:15 +08:00
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
2020-08-13 23:44:54 +08:00
|
|
|
ossl_cmp_calc_protection() calculates the protection for the given I<msg>
|
|
|
|
|
according to the algorithm and parameters in the message header's protectionAlg
|
|
|
|
|
using the credentials, library context, and property criteria in the I<ctx>.
|
2023-08-29 17:09:05 +08:00
|
|
|
Unless I<msg->header->protectionAlg> is B<PasswordBasedMAC>,
|
|
|
|
|
its value is completed according to I<ctx->pkey> and I<ctx->digest>,
|
|
|
|
|
where the latter irrelevant in the case of Edwards curves.
|
2020-08-13 23:44:54 +08:00
|
|
|
|
|
|
|
|
ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm
|
|
|
|
|
depending on the available context information given in the I<ctx>.
|
2020-05-08 19:30:44 +08:00
|
|
|
If there is a secretValue it selects PBMAC, else if there is a protection cert
|
2023-02-03 17:31:19 +08:00
|
|
|
it selects Signature and uses ossl_cmp_msg_add_extraCerts (see below).
|
2019-12-14 01:54:15 +08:00
|
|
|
It also sets the protectionAlg field in the message header accordingly.
|
|
|
|
|
|
2020-09-04 21:24:14 +08:00
|
|
|
ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>.
|
|
|
|
|
If signature-based message protection is used it adds first the CMP signer cert
|
|
|
|
|
ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx>
|
2020-08-28 18:11:31 +08:00
|
|
|
tries to build it using ctx->untrusted and caches the result in ctx->chain.
|
2019-12-14 01:54:15 +08:00
|
|
|
In any case all the certificates explicitly specified to be sent out (i.e.,
|
2020-08-13 23:44:54 +08:00
|
|
|
I<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate
|
2019-12-14 01:54:15 +08:00
|
|
|
of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).
|
|
|
|
|
|
|
|
|
|
=head1 NOTES
|
|
|
|
|
|
|
|
|
|
CMP is defined in RFC 4210 (and CRMF in RFC 4211).
|
|
|
|
|
|
2023-02-03 17:31:19 +08:00
|
|
|
The I<ctx> parameter of ossl_cmp_msg_add_extraCerts()
|
|
|
|
|
and thus also of ossl_cmp_msg_protect() cannot be made I<const>
|
|
|
|
|
because I<ctx->chain> may get adapted to cache the chain of the CMP signer cert.
|
|
|
|
|
|
2019-12-14 01:54:15 +08:00
|
|
|
=head1 RETURN VALUES
|
|
|
|
|
|
2020-08-13 23:44:54 +08:00
|
|
|
ossl_cmp_calc_protection() returns the protection on success, else NULL.
|
|
|
|
|
|
2020-05-13 22:03:26 +08:00
|
|
|
All other functions return 1 on success, 0 on error.
|
2019-12-14 01:54:15 +08:00
|
|
|
|
|
|
|
|
=head1 HISTORY
|
|
|
|
|
|
|
|
|
|
The OpenSSL CMP support was added in OpenSSL 3.0.
|
|
|
|
|
|
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
2023-09-07 16:59:15 +08:00
|
|
|
Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
2019-12-14 01:54:15 +08:00
|
|
|
|
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
|
this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
in the file LICENSE in the source distribution or at
|
|
|
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
|
|
|
|
|
|
=cut
|
