1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre Proncheryossl_cmp_calc_protection, 6*b077aed3SPierre Proncheryossl_cmp_msg_protect, 7*b077aed3SPierre Proncheryossl_cmp_msg_add_extraCerts 8*b077aed3SPierre Pronchery- functions for producing CMP message protection 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Pronchery=head1 SYNOPSIS 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery #include "cmp_local.h" 13*b077aed3SPierre Pronchery 14*b077aed3SPierre Pronchery ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx, 15*b077aed3SPierre Pronchery const OSSL_CMP_MSG *msg); 16*b077aed3SPierre Pronchery int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); 17*b077aed3SPierre Pronchery int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); 18*b077aed3SPierre Pronchery 19*b077aed3SPierre Pronchery=head1 DESCRIPTION 20*b077aed3SPierre Pronchery 21*b077aed3SPierre Proncheryossl_cmp_calc_protection() calculates the protection for the given I<msg> 22*b077aed3SPierre Proncheryaccording to the algorithm and parameters in the message header's protectionAlg 23*b077aed3SPierre Proncheryusing the credentials, library context, and property criteria in the I<ctx>. 24*b077aed3SPierre Pronchery 25*b077aed3SPierre Proncheryossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm 26*b077aed3SPierre Proncherydepending on the available context information given in the I<ctx>. 27*b077aed3SPierre ProncheryIf there is a secretValue it selects PBMAC, else if there is a protection cert 28*b077aed3SPierre Proncheryit selects Signature and uses ossl_cmp_msg_add_extraCerts (see below). 29*b077aed3SPierre ProncheryIt also sets the protectionAlg field in the message header accordingly. 30*b077aed3SPierre Pronchery 31*b077aed3SPierre Proncheryossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>. 32*b077aed3SPierre ProncheryIf signature-based message protection is used it adds first the CMP signer cert 33*b077aed3SPierre Proncheryctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx> 34*b077aed3SPierre Proncherytries to build it using ctx->untrusted and caches the result in ctx->chain. 35*b077aed3SPierre ProncheryIn any case all the certificates explicitly specified to be sent out (i.e., 36*b077aed3SPierre ProncheryI<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate 37*b077aed3SPierre Proncheryof the chain, i.e, the trust anchor (unless it is part of extraCertsOut). 38*b077aed3SPierre Pronchery 39*b077aed3SPierre Pronchery=head1 NOTES 40*b077aed3SPierre Pronchery 41*b077aed3SPierre ProncheryCMP is defined in RFC 4210 (and CRMF in RFC 4211). 42*b077aed3SPierre Pronchery 43*b077aed3SPierre ProncheryThe I<ctx> parameter of ossl_cmp_msg_add_extraCerts() 44*b077aed3SPierre Proncheryand thus also of ossl_cmp_msg_protect() cannot be made I<const> 45*b077aed3SPierre Proncherybecause I<ctx->chain> may get adapted to cache the chain of the CMP signer cert. 46*b077aed3SPierre Pronchery 47*b077aed3SPierre Pronchery=head1 RETURN VALUES 48*b077aed3SPierre Pronchery 49*b077aed3SPierre Proncheryossl_cmp_calc_protection() returns the protection on success, else NULL. 50*b077aed3SPierre Pronchery 51*b077aed3SPierre ProncheryAll other functions return 1 on success, 0 on error. 52*b077aed3SPierre Pronchery 53*b077aed3SPierre Pronchery=head1 HISTORY 54*b077aed3SPierre Pronchery 55*b077aed3SPierre ProncheryThe OpenSSL CMP support was added in OpenSSL 3.0. 56*b077aed3SPierre Pronchery 57*b077aed3SPierre Pronchery=head1 COPYRIGHT 58*b077aed3SPierre Pronchery 59*b077aed3SPierre ProncheryCopyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. 60*b077aed3SPierre Pronchery 61*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 62*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 63*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 64*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 65*b077aed3SPierre Pronchery 66*b077aed3SPierre Pronchery=cut 67