1b077aed3SPierre Pronchery=pod 2b077aed3SPierre Pronchery 3b077aed3SPierre Pronchery=head1 NAME 4b077aed3SPierre Pronchery 5b077aed3SPierre Proncheryossl_cmp_calc_protection, 6b077aed3SPierre Proncheryossl_cmp_msg_protect, 7b077aed3SPierre Proncheryossl_cmp_msg_add_extraCerts 8b077aed3SPierre Pronchery- functions for producing CMP message protection 9b077aed3SPierre Pronchery 10b077aed3SPierre Pronchery=head1 SYNOPSIS 11b077aed3SPierre Pronchery 12b077aed3SPierre Pronchery #include "cmp_local.h" 13b077aed3SPierre Pronchery 14b077aed3SPierre Pronchery ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, 15b077aed3SPierre Pronchery const OSSL_CMP_MSG *msg); 16b077aed3SPierre Pronchery int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); 17b077aed3SPierre Pronchery int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); 18b077aed3SPierre Pronchery 19b077aed3SPierre Pronchery=head1 DESCRIPTION 20b077aed3SPierre Pronchery 21b077aed3SPierre Proncheryossl_cmp_calc_protection() calculates the protection for the given I<msg> 22b077aed3SPierre Proncheryaccording to the algorithm and parameters in the message header's protectionAlg 23b077aed3SPierre Proncheryusing the credentials, library context, and property criteria in the I<ctx>. 24*e7be843bSPierre ProncheryUnless I<msg->header->protectionAlg> is B<PasswordBasedMAC>, 25*e7be843bSPierre Proncheryits value is completed according to I<ctx->pkey> and I<ctx->digest>, 26*e7be843bSPierre Proncherywhere the latter irrelevant in the case of Edwards curves. 27b077aed3SPierre Pronchery 28b077aed3SPierre Proncheryossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm 29b077aed3SPierre Proncherydepending on the available context information given in the I<ctx>. 30b077aed3SPierre ProncheryIf there is a secretValue it selects PBMAC, else if there is a protection cert 31b077aed3SPierre Proncheryit selects Signature and uses ossl_cmp_msg_add_extraCerts (see below). 32b077aed3SPierre ProncheryIt also sets the protectionAlg field in the message header accordingly. 33b077aed3SPierre Pronchery 34b077aed3SPierre Proncheryossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>. 35b077aed3SPierre ProncheryIf signature-based message protection is used it adds first the CMP signer cert 36b077aed3SPierre Proncheryctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx> 37b077aed3SPierre Proncherytries to build it using ctx->untrusted and caches the result in ctx->chain. 38b077aed3SPierre ProncheryIn any case all the certificates explicitly specified to be sent out (i.e., 39b077aed3SPierre ProncheryI<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate 40b077aed3SPierre Proncheryof the chain, i.e, the trust anchor (unless it is part of extraCertsOut). 41b077aed3SPierre Pronchery 42b077aed3SPierre Pronchery=head1 NOTES 43b077aed3SPierre Pronchery 44b077aed3SPierre ProncheryCMP is defined in RFC 4210 (and CRMF in RFC 4211). 45b077aed3SPierre Pronchery 46b077aed3SPierre ProncheryThe I<ctx> parameter of ossl_cmp_msg_add_extraCerts() 47b077aed3SPierre Proncheryand thus also of ossl_cmp_msg_protect() cannot be made I<const> 48b077aed3SPierre Proncherybecause I<ctx->chain> may get adapted to cache the chain of the CMP signer cert. 49b077aed3SPierre Pronchery 50b077aed3SPierre Pronchery=head1 RETURN VALUES 51b077aed3SPierre Pronchery 52b077aed3SPierre Proncheryossl_cmp_calc_protection() returns the protection on success, else NULL. 53b077aed3SPierre Pronchery 54b077aed3SPierre ProncheryAll other functions return 1 on success, 0 on error. 55b077aed3SPierre Pronchery 56b077aed3SPierre Pronchery=head1 HISTORY 57b077aed3SPierre Pronchery 58b077aed3SPierre ProncheryThe OpenSSL CMP support was added in OpenSSL 3.0. 59b077aed3SPierre Pronchery 60b077aed3SPierre Pronchery=head1 COPYRIGHT 61b077aed3SPierre Pronchery 62b077aed3SPierre ProncheryCopyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. 63b077aed3SPierre Pronchery 64b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 65b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 66b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 67b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 68b077aed3SPierre Pronchery 69b077aed3SPierre Pronchery=cut 70