Home Explore Help
Register Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 1
Files Issues 1 Wiki
Tree: f5afac4bda
Branches Tags
openssl
/
doc
/
internal
/
man3
/
ossl_cmp_msg_protect.pod

ossl_cmp_msg_protect.pod 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. ossl_cmp_calc_protection,
    6. 

  6. ossl_cmp_msg_protect,
    7. 

  7. ossl_cmp_msg_add_extraCerts
    8. 

  8. - functions for producing CMP message protection
    9. 

  9. 

  10. =head1 SYNOPSIS
    11. 

  11. 

  12.  #include "cmp_local.h"
    13. 

  13. 

  14.  ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
    15. 

  15.                                            const OSSL_CMP_MSG *msg);
    16. 

  16.  int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
    17. 

  17.  int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
    18. 

  18. 

  19. =head1 DESCRIPTION
    20. 

  20. 

  21. ossl_cmp_calc_protection() calculates the protection for the given I<msg>
    22. 

  22. according to the algorithm and parameters in the message header's protectionAlg
    23. 

  23. using the credentials, library context, and property criteria in the I<ctx>.
    24. 

  24. 

  25. ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm
    26. 

  26. depending on the available context information given in the I<ctx>.
    27. 

  27. If there is a secretValue it selects PBMAC, else if there is a protection cert
    28. 

  28. it selects Signature and uses L<ossl_cmp_msg_add_extraCerts(3)>.
    29. 

  29. It also sets the protectionAlg field in the message header accordingly.
    30. 

  30. 

  31. ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>.
    32. 

  32. If signature-based message protection is used it adds first the CMP signer cert
    33. 

  33. ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx>
    34. 

  34. tries to build it using ctx->untrusted and caches the result in ctx->chain.
    35. 

  35. In any case all the certificates explicitly specified to be sent out (i.e.,
    36. 

  36. I<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate
    37. 

  37. of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).
    38. 

  38. 

  39. =head1 NOTES
    40. 

  40. 

  41. CMP is defined in RFC 4210 (and CRMF in RFC 4211).
    42. 

  42. 

  43. =head1 RETURN VALUES
    44. 

  44. 

  45. ossl_cmp_calc_protection() returns the protection on success, else NULL.
    46. 

  46. 

  47. All other functions return 1 on success, 0 on error.
    48. 

  48. 

  49. =head1 HISTORY
    50. 

  50. 

  51. The OpenSSL CMP support was added in OpenSSL 3.0.
    52. 

  52. 

  53. =head1 COPYRIGHT
    54. 

  54. 

  55. Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
    56. 

  56. 

  57. Licensed under the Apache License 2.0 (the "License").  You may not use
    58. 

  58. this file except in compliance with the License.  You can obtain a copy
    59. 

  59. in the file LICENSE in the source distribution or at
    60. 

  60. L<https://www.openssl.org/source/license.html>.
    61. 

  61. 

  62. =cut
    63.