xref: /freebsd/crypto/openssl/doc/man3/OSSL_CMP_MSG_get0_header.pod (revision 734e82fe33aa764367791a7d603b383996c6b40b)
1=pod
2
3=head1 NAME
4
5OSSL_CMP_MSG_get0_header,
6OSSL_CMP_MSG_get_bodytype,
7OSSL_CMP_MSG_update_transactionID,
8OSSL_CMP_MSG_update_recipNonce,
9OSSL_CMP_CTX_setup_CRM,
10OSSL_CMP_MSG_read,
11OSSL_CMP_MSG_write,
12d2i_OSSL_CMP_MSG_bio,
13i2d_OSSL_CMP_MSG_bio
14- function(s) manipulating CMP messages
15
16=head1 SYNOPSIS
17
18  #include <openssl/cmp.h>
19
20  OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
21  int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
22  int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
23  int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
24  OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
25  OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, const char *propq);
26  int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
27  OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
28  int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
29
30=head1 DESCRIPTION
31
32OSSL_CMP_MSG_get0_header() returns the header of the given CMP message.
33
34OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message.
35
36OSSL_CMP_MSG_update_transactionID() updates the transactionID field
37in the header of the given message according to the CMP_CTX.
38If I<ctx> does not contain a transaction ID, a fresh one is created before.
39The message gets re-protected (if protecting requests is required).
40
41OSSL_CMP_MSG_update_recipNonce() updates the recipNonce field
42in the header of the given message according to the CMP_CTX.
43The message gets re-protected (if protecting requests is required).
44
45OSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message
46from various information provided in the CMP context argument I<ctx>
47for inclusion in a CMP request message based on details contained in I<ctx>.
48The I<rid> argument defines the request identifier to use, which typically is 0.
49
50The subject DN included in the certificate template is
51the first available value of these:
52
53=over 4
54
55=item any subject name in I<ctx> set via L<OSSL_CMP_CTX_set1_subjectName(3)> -
56if it is the NULL-DN (i.e., any empty sequence of RDNs), no subject is included,
57
58=item the subject field of any PKCS#10 CSR set in I<ctx>
59via L<OSSL_CMP_CTX_set1_p10CSR(3)>,
60
61=item the subject field of any reference certificate given in I<ctx>
62(see L<OSSL_CMP_CTX_set1_oldCert(3)>), but only if I<for_KUR> is nonzero
63or the I<ctx> does not include a Subject Alternative Name.
64
65=back
66
67The public key included is the first available value of these:
68
69=over 4
70
71=item the public key derived from any key set via L<OSSL_CMP_CTX_set0_newPkey(3)>,
72
73=item the public key of any PKCS#10 CSR given in I<ctx>,
74
75=item the public key of any reference certificate given in I<ctx>
76(see L<OSSL_CMP_CTX_set1_oldCert(3)>),
77
78=item the public key derived from any client's private key
79set via L<OSSL_CMP_CTX_set1_pkey(3)>.
80
81=back
82
83The set of X.509 extensions to include is computed as follows.
84If a PKCS#10 CSR is present in I<ctx>, default extensions are taken from there,
85otherwise the empty set is taken as the initial value.
86If there is a reference certificate in I<ctx> and contains Subject Alternative
87Names (SANs) and B<OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT> is not set,
88these override any SANs from the PKCS#10 CSR.
89The extensions are further augmented or overridden by any extensions with the
90same OIDs included in the I<ctx> via L<OSSL_CMP_CTX_set0_reqExtensions(3)>.
91The SANs are further overridden by any SANs included in I<ctx> via
92L<OSSL_CMP_CTX_push1_subjectAltName(3)>.
93Finally, policies are overridden by any policies included in I<ctx> via
94L<OSSL_CMP_CTX_push0_policy(3)>.
95
96OSSL_CMP_CTX_setup_CRM() also sets the sets the regToken control B<oldCertID>
97for KUR messages using the issuer name and serial number of the reference
98certificate, if present.
99
100OSSL_CMP_MSG_read() loads a DER-encoded OSSL_CMP_MSG from I<file>.
101
102OSSL_CMP_MSG_write() stores the given OSSL_CMP_MSG to I<file> in DER encoding.
103
104d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I<bio>.
105It assigns a pointer to the new structure to I<*msg> if I<msg> is not NULL.
106
107i2d_OSSL_CMP_MSG_bio() writes the OSSL_CMP_MSG I<msg> in ASN.1 encoding
108to BIO I<bio>.
109
110=head1 NOTES
111
112CMP is defined in RFC 4210.
113
114=head1 RETURN VALUES
115
116OSSL_CMP_MSG_get0_header() returns the intended pointer value as described above
117or NULL if the respective entry does not exist and on error.
118
119OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error.
120
121OSSL_CMP_CTX_setup_CRM() returns a pointer to a B<OSSL_CRMF_MSG> on success,
122NULL on error.
123
124d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error.
125
126OSSL_CMP_MSG_read() and d2i_OSSL_CMP_MSG_bio()
127return the parsed CMP message or NULL on error.
128
129OSSL_CMP_MSG_write() returns the number of bytes successfully encoded or a
130negative value if an error occurs.
131
132i2d_OSSL_CMP_MSG_bio(), OSSL_CMP_MSG_update_transactionID(),
133and OSSL_CMP_MSG_update_recipNonce()
134return 1 on success, 0 on error.
135
136=head1 SEE ALSO
137
138L<OSSL_CMP_CTX_set1_subjectName(3)>, L<OSSL_CMP_CTX_set1_p10CSR(3)>,
139L<OSSL_CMP_CTX_set1_oldCert(3)>, L<OSSL_CMP_CTX_set0_newPkey(3)>,
140L<OSSL_CMP_CTX_set1_pkey(3)>, L<OSSL_CMP_CTX_set0_reqExtensions(3)>,
141L<OSSL_CMP_CTX_push1_subjectAltName(3)>, L<OSSL_CMP_CTX_push0_policy(3)>
142
143=head1 HISTORY
144
145The OpenSSL CMP support was added in OpenSSL 3.0.
146
147OSSL_CMP_MSG_update_recipNonce() was added in OpenSSL 3.0.9.
148
149=head1 COPYRIGHT
150
151Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
152
153Licensed under the Apache License 2.0 (the "License").  You may not use
154this file except in compliance with the License.  You can obtain a copy
155in the file LICENSE in the source distribution or at
156L<https://www.openssl.org/source/license.html>.
157
158=cut
159