OSSL_CMP_MSG_get0_header.pod 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167
  1. =pod
  2. =head1 NAME
  3. OSSL_CMP_MSG_get0_header,
  4. OSSL_CMP_MSG_get_bodytype,
  5. OSSL_CMP_MSG_get0_certreq_publickey,
  6. OSSL_CMP_MSG_update_transactionID,
  7. OSSL_CMP_MSG_update_recipNonce,
  8. OSSL_CMP_CTX_setup_CRM,
  9. OSSL_CMP_MSG_read,
  10. OSSL_CMP_MSG_write,
  11. d2i_OSSL_CMP_MSG_bio,
  12. i2d_OSSL_CMP_MSG_bio
  13. - function(s) manipulating CMP messages
  14. =head1 SYNOPSIS
  15. #include <openssl/cmp.h>
  16. OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
  17. int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
  18. X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg);
  19. int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
  20. int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
  21. OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
  22. OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, const char *propq);
  23. int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
  24. OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
  25. int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
  26. =head1 DESCRIPTION
  27. OSSL_CMP_MSG_get0_header() returns the header of the given CMP message.
  28. OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message.
  29. OSSL_CMP_MSG_get0_certreq_publickey() expects that I<msg> is a certificate request
  30. message and returns the public key in its certificate template if present.
  31. OSSL_CMP_MSG_update_transactionID() updates the transactionID field
  32. in the header of the given message according to the CMP_CTX.
  33. If I<ctx> does not contain a transaction ID, a fresh one is created before.
  34. The message gets re-protected (if protecting requests is required).
  35. OSSL_CMP_MSG_update_recipNonce() updates the recipNonce field
  36. in the header of the given message according to the CMP_CTX.
  37. The message gets re-protected (if protecting requests is required).
  38. OSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message
  39. from various information provided in the CMP context argument I<ctx>
  40. for inclusion in a CMP request message based on details contained in I<ctx>.
  41. The I<rid> argument defines the request identifier to use, which typically is 0.
  42. The subject DN included in the certificate template is
  43. the first available value of these:
  44. =over 4
  45. =item any subject name in I<ctx> set via L<OSSL_CMP_CTX_set1_subjectName(3)> -
  46. if it is the NULL-DN (i.e., any empty sequence of RDNs), no subject is included,
  47. =item the subject field of any PKCS#10 CSR set in I<ctx>
  48. via L<OSSL_CMP_CTX_set1_p10CSR(3)>,
  49. =item the subject field of any reference certificate given in I<ctx>
  50. (see L<OSSL_CMP_CTX_set1_oldCert(3)>), but only if I<for_KUR> is nonzero
  51. or the I<ctx> does not include a Subject Alternative Name.
  52. =back
  53. The public key included is the first available value of these:
  54. =over 4
  55. =item the public key derived from any key set via L<OSSL_CMP_CTX_set0_newPkey(3)>,
  56. =item the public key of any PKCS#10 CSR given in I<ctx>,
  57. =item the public key of any reference certificate given in I<ctx>
  58. (see L<OSSL_CMP_CTX_set1_oldCert(3)>),
  59. =item the public key derived from any client's private key
  60. set via L<OSSL_CMP_CTX_set1_pkey(3)>.
  61. =back
  62. The set of X.509 extensions to include is computed as follows.
  63. If a PKCS#10 CSR is present in I<ctx>, default extensions are taken from there,
  64. otherwise the empty set is taken as the initial value.
  65. If there is a reference certificate in I<ctx> and contains Subject Alternative
  66. Names (SANs) and B<OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT> is not set,
  67. these override any SANs from the PKCS#10 CSR.
  68. The extensions are further augmented or overridden by any extensions with the
  69. same OIDs included in the I<ctx> via L<OSSL_CMP_CTX_set0_reqExtensions(3)>.
  70. The SANs are further overridden by any SANs included in I<ctx> via
  71. L<OSSL_CMP_CTX_push1_subjectAltName(3)>.
  72. Finally, policies are overridden by any policies included in I<ctx> via
  73. L<OSSL_CMP_CTX_push0_policy(3)>.
  74. OSSL_CMP_CTX_setup_CRM() also sets the sets the regToken control B<oldCertID>
  75. for KUR messages using the issuer name and serial number of the reference
  76. certificate, if present.
  77. OSSL_CMP_MSG_read() loads a DER-encoded OSSL_CMP_MSG from I<file>.
  78. OSSL_CMP_MSG_write() stores the given OSSL_CMP_MSG to I<file> in DER encoding.
  79. d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I<bio>.
  80. It assigns a pointer to the new structure to I<*msg> if I<msg> is not NULL.
  81. i2d_OSSL_CMP_MSG_bio() writes the OSSL_CMP_MSG I<msg> in ASN.1 encoding
  82. to BIO I<bio>.
  83. =head1 NOTES
  84. CMP is defined in RFC 4210.
  85. =head1 RETURN VALUES
  86. OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above
  87. or NULL if the respective entry does not exist and on error.
  88. OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error.
  89. OSSL_CMP_MSG_get0_certreq_publickey() returns a public key or NULL on error.
  90. OSSL_CMP_CTX_setup_CRM() returns a pointer to a B<OSSL_CRMF_MSG> on success,
  91. NULL on error.
  92. d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error.
  93. OSSL_CMP_MSG_read() and d2i_OSSL_CMP_MSG_bio()
  94. return the parsed CMP message or NULL on error.
  95. OSSL_CMP_MSG_write() returns the number of bytes successfully encoded or a
  96. negative value if an error occurs.
  97. i2d_OSSL_CMP_MSG_bio(), OSSL_CMP_MSG_update_transactionID(),
  98. and OSSL_CMP_MSG_update_recipNonce()
  99. return 1 on success, 0 on error.
  100. =head1 SEE ALSO
  101. L<OSSL_CMP_CTX_set1_subjectName(3)>, L<OSSL_CMP_CTX_set1_p10CSR(3)>,
  102. L<OSSL_CMP_CTX_set1_oldCert(3)>, L<OSSL_CMP_CTX_set0_newPkey(3)>,
  103. L<OSSL_CMP_CTX_set1_pkey(3)>, L<OSSL_CMP_CTX_set0_reqExtensions(3)>,
  104. L<OSSL_CMP_CTX_push1_subjectAltName(3)>, L<OSSL_CMP_CTX_push0_policy(3)>
  105. =head1 HISTORY
  106. The OpenSSL CMP support was added in OpenSSL 3.0.
  107. OSSL_CMP_MSG_update_recipNonce() was added in OpenSSL 3.0.9.
  108. OSSL_CMP_MSG_get0_certreq_publickey() was added in OpenSSL 3.3.
  109. =head1 COPYRIGHT
  110. Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
  111. Licensed under the Apache License 2.0 (the "License"). You may not use
  112. this file except in compliance with the License. You can obtain a copy
  113. in the file LICENSE in the source distribution or at
  114. L<https://www.openssl.org/source/license.html>.
  115. =cut