ossl_cmp_msg_check_update.pod 3.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495
  1. =pod
  2. =head1 NAME
  3. ossl_cmp_allow_unprotected_cb_t,
  4. ossl_cmp_msg_check_update
  5. - generic checks on a received CMP message, updating the context
  6. =head1 SYNOPSIS
  7. #include "cmp_local.h"
  8. typedef int (*ossl_cmp_allow_unprotected_cb_t)(const OSSL_CMP_CTX *ctx,
  9. const OSSL_CMP_MSG *msg,
  10. int invalid_protection, int arg);
  11. int ossl_cmp_msg_check_update(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
  12. ossl_cmp_allow_unprotected_cb_t cb, int cb_arg);
  13. =head1 DESCRIPTION
  14. ossl_cmp_msg_check_update() does all generic checks on the given message B<msg>,
  15. which may be a server response or a request by some client,
  16. and updates the B<ctx> accordingly.
  17. The B<msg> is checked for the following:
  18. =over 4
  19. =item its sender is of appropriate type (currently only B<X509_NAME>)
  20. and matches any expected sender or srvCert subject given in B<ctx>,
  21. =item its protection is present and valid (or a callback function B<cb>
  22. is present and indicates that a missing or invalid protection is acceptable),
  23. =item its CMP protocol version is acceptable,
  24. =item its body type is valid,
  25. =item its transaction ID matches any transaction ID given in B<ctx>, and
  26. =item its recipNonce matches any senderNonce given in B<ctx>.
  27. =back
  28. In case no protection is present and B<cb> is not NULL then this callback
  29. function is called with its B<invalid_protection> parameter being 0, while in
  30. case an invalid protection is present the B<invalid_protection> parameter is 1.
  31. The callback is passed also the arguments B<ctx>, B<msg>, and <cb_arg>
  32. (which typically contains the expected message type).
  33. The callback should return 1 on acceptance, 0 on rejection, or -1 on error.
  34. It should not put an error on the error stack since this could be misleading.
  35. ossl_cmp_msg_check_update() adds all extraCerts contained in the <msg> to
  36. the list of untrusted certificates in B<ctx> such that they are already usable
  37. for OSSL_CMP_validate_msg(), which is called internally, and for future use.
  38. Thus they are available also to the certificate confirmation callback, and the
  39. peer does not need to send them again (at least not in the same transaction).
  40. Note that it does not help validating the message before storing the extraCerts
  41. because they are not part of the protected portion of the message anyway.
  42. For efficiency, the extraCerts are prepended to the list so they get used first.
  43. If all checks pass then ossl_cmp_msg_check_update()
  44. records in B<ctx> the senderNonce of the received message as the new recipNonce
  45. and learns the transaction ID if none is currently present in B<ctx>.
  46. Moreover, according to RFC 4210 section 5.3.2, if the message protection is
  47. PBM-based then any certificates in the caPubs field are added to the list of
  48. trusted certificates (if set via L<OSSL_CMP_CTX_set0_trusted(3)>).
  49. This way these certs are available for validating subsequent messages in the
  50. same context and could apply to any Polling Response (pollRep), error, or PKI
  51. Confirmation (PKIConf) messages following in the same or future transactions.
  52. =head1 RETURN VALUES
  53. ossl_cmp_msg_check_update() returns 1 on success, -1 on error.
  54. =head1 SEE ALSO
  55. L<OSSL_CMP_validate_msg(3)>
  56. =head1 HISTORY
  57. The OpenSSL CMP support was added in OpenSSL 3.0.
  58. =head1 COPYRIGHT
  59. Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
  60. Licensed under the Apache License 2.0 (the "License"). You may not use
  61. this file except in compliance with the License. You can obtain a copy
  62. in the file LICENSE in the source distribution or at
  63. L<https://www.openssl.org/source/license.html>.
  64. =cut