mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-21 06:09:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
1aa1bba59d
openssl/doc/man3/OSSL_CMP_MSG_get0_header.pod
Dr. David von Oheimb c8c923454b OSSL_CMP_CTX_setup_CRM(): Fix handling of defaults from CSR and refcert 
Also update and complete related documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17726)
2022-03-12 09:05:02 +01:00

122 lines
4.7 KiB
Plaintext
Raw Blame History

=pod
=head1 NAME
OSSL_CMP_MSG_get0_header,
OSSL_CMP_MSG_get_bodytype,
OSSL_CMP_MSG_update_transactionID,
OSSL_CMP_CTX_setup_CRM,
OSSL_CMP_MSG_read,
OSSL_CMP_MSG_write,
d2i_OSSL_CMP_MSG_bio,
i2d_OSSL_CMP_MSG_bio
- function(s) manipulating CMP messages
=head1 SYNOPSIS
#include <openssl/cmp.h>
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, const char *propq);
int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
=head1 DESCRIPTION
OSSL_CMP_MSG_get0_header() returns the header of the given CMP message.
OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message.
OSSL_CMP_MSG_update_transactionID() updates the transactionID field
in the header of the given message according to the CMP_CTX.
This requires re-protecting the message (if it was protected).
OSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message
from various information provided in the CMP context argument I<ctx>
for inclusion in a CMP request message based on details contained in I<ctx>.
The I<rid> argument defines the request identifier to use, which typically is 0.
The subject DN to include in the certificate template is determined as follows.
If I<ctx> includes a subject name set via L<OSSL_CMP_CTX_set1_subjectName(3)>,
this name is used.
Otherwise, if a PKCS#10 CSR is given in I<ctx>, its subject is used.
Otherwise, if a reference certificate is given in I<ctx>
(see L<OSSL_CMP_CTX_set1_oldCert(3)>), its subject is used if I<for_KUR>
is nonzero or the I<ctx> does not include a Subject Alternative Name.
The public key to include is taken from any value set via
L<OSSL_CMP_CTX_set0_newPkey(3)>,
otherwise the public key of any PKCS#10 CSR is given in I<ctx>,
otherwise the public key of any reference certificate given in I<ctx>,
otherwise it is derived from the client private key if given in I<ctx>.
The set of X.509 extensions to include is computed as follows.
If a PKCS#10 CSR is present in I<ctx>, default extensions are taken from there,
otherwise the empty set is taken as the initial value.
If there is a reference certificate in I<ctx> and contains Subject Alternative
Names (SANs) and B<OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT> is not set,
these override any SANs from the PKCS#10 CSR.
The extensions are further augmented or overridden by any extensions with the
same OIDs included in the I<ctx> via L<OSSL_CMP_CTX_set0_reqExtensions(3)>.
The SANs are further overridden by any SANs included in I<ctx> via
L<OSSL_CMP_CTX_push1_subjectAltName(3)>.
Finally, policies are overridden by any policies included in I<ctx> via
L<OSSL_CMP_CTX_push0_policy(3)>.
OSSL_CMP_CTX_setup_CRM() also sets the sets the regToken control B<oldCertID>
for KUR messages using the issuer name and serial number of the reference
certificate, if present.
OSSL_CMP_MSG_read() loads a DER-encoded OSSL_CMP_MSG from I<file>.
OSSL_CMP_MSG_write() stores the given OSSL_CMP_MSG to I<file> in DER encoding.
d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I<bio>.
It assigns a pointer to the new structure to I<*msg> if I<msg> is not NULL.
i2d_OSSL_CMP_MSG_bio() writes the OSSL_CMP_MSG I<msg> in ASN.1 encoding
to BIO I<bio>.
=head1 NOTES
CMP is defined in RFC 4210.
=head1 RETURN VALUES
OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above
or NULL if the respective entry does not exist and on error.
OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error.
OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success,
NULL on error.
d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error.
OSSL_CMP_MSG_read() and d2i_OSSL_CMP_MSG_bio()
return the parsed CMP message or NULL on error.
OSSL_CMP_MSG_write() and i2d_OSSL_CMP_MSG_bio() return
the number of bytes successfully encoded or a negative value if an error occurs.
OSSL_CMP_MSG_update_transactionID() returns 1 on success, 0 on error.
=head1 HISTORY
The OpenSSL CMP support was added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in New Issue View Git Blame Copy Permalink