1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre Proncheryossl_cmp_certreq_new, 6*b077aed3SPierre Proncheryossl_cmp_certrep_new, 7*b077aed3SPierre Proncheryossl_cmp_rr_new, 8*b077aed3SPierre Proncheryossl_cmp_rp_new, 9*b077aed3SPierre Proncheryossl_cmp_certConf_new, 10*b077aed3SPierre Proncheryossl_cmp_pkiconf_new, 11*b077aed3SPierre Proncheryossl_cmp_pollReq_new, 12*b077aed3SPierre Proncheryossl_cmp_pollRep_new, 13*b077aed3SPierre Proncheryossl_cmp_genm_new, 14*b077aed3SPierre Proncheryossl_cmp_genp_new, 15*b077aed3SPierre Proncheryossl_cmp_error_new 16*b077aed3SPierre Pronchery- functions for generating CMP messages 17*b077aed3SPierre Pronchery 18*b077aed3SPierre Pronchery=head1 SYNOPSIS 19*b077aed3SPierre Pronchery 20*b077aed3SPierre Pronchery #include "cmp_local.h" 21*b077aed3SPierre Pronchery 22*b077aed3SPierre Pronchery OSSL_ossl_cmp_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype, 23*b077aed3SPierre Pronchery const OSSL_CRMF_MSG *crm); 24*b077aed3SPierre Pronchery OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype, 25*b077aed3SPierre Pronchery int certReqId, const OSSL_CMP_PKISI *si, 26*b077aed3SPierre Pronchery X509 *cert, const X509 *encryption_recip, 27*b077aed3SPierre Pronchery STACK_OF(X509) *chain, STACK_OF(X509) *caPubs, 28*b077aed3SPierre Pronchery int unprotectedErrors); 29*b077aed3SPierre Pronchery OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx); 30*b077aed3SPierre Pronchery OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, 31*b077aed3SPierre Pronchery const OSSL_CRMF_CERTID *cid, 32*b077aed3SPierre Pronchery int unprotectedErrors); 33*b077aed3SPierre Pronchery OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int certReqId, 34*b077aed3SPierre Pronchery int fail_info, const char *text); 35*b077aed3SPierre Pronchery OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx); 36*b077aed3SPierre Pronchery OSSL_CMP_MSG *ossl_cmp_pollReq_new(OSSL_CMP_CTX *ctx, int crid); 37*b077aed3SPierre Pronchery OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, int poll_after); 38*b077aed3SPierre Pronchery OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx); 39*b077aed3SPierre Pronchery OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx); 40*b077aed3SPierre Pronchery OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si, 41*b077aed3SPierre Pronchery int64_t errorCode, const char *details, 42*b077aed3SPierre Pronchery int unprotected); 43*b077aed3SPierre Pronchery 44*b077aed3SPierre Pronchery=head1 DESCRIPTION 45*b077aed3SPierre Pronchery 46*b077aed3SPierre ProncheryThis is the internal API for creating various CMP PKIMESSAGES. 47*b077aed3SPierre ProncheryAll functions are based on L<ossl_cmp_msg_create(3)>. 48*b077aed3SPierre ProncheryThe allocate a new message, fill it with the relevant data derived from 49*b077aed3SPierre Proncherythe given B<OSSL_CMP_CTX>, and create the applicable protection. 50*b077aed3SPierre Pronchery 51*b077aed3SPierre Proncheryossl_cmp_certreq_new() creates a PKIMessage for requesting a certificate, 52*b077aed3SPierre Proncherywhich can be either of IR/CR/KUR/P10CR, depending on the given I<bodytype>. 53*b077aed3SPierre ProncheryThe CRMF message to use may be given explicitly via a non-NULL I<crm> argument, 54*b077aed3SPierre Proncheryotherwise it is created from the information in the I<ctx>. 55*b077aed3SPierre Pronchery 56*b077aed3SPierre ProncheryAvailable CMP certificate request PKIMessage I<bodytype>s are: 57*b077aed3SPierre Pronchery 58*b077aed3SPierre Pronchery=over 4 59*b077aed3SPierre Pronchery 60*b077aed3SPierre Pronchery=item * B<OSSL_CMP_PKIBODY_IR> - Initialization Request 61*b077aed3SPierre Pronchery 62*b077aed3SPierre Pronchery=item * B<OSSL_CMP_PKIBODY_CR> - Certification Request 63*b077aed3SPierre Pronchery 64*b077aed3SPierre Pronchery=item * B<OSSL_CMP_PKIBODY_P10CR> - PKCS#10 Certification Request 65*b077aed3SPierre Pronchery 66*b077aed3SPierre Pronchery=item * B<OSSL_CMP_PKIBODY_KUR> - Key Update Request 67*b077aed3SPierre Pronchery 68*b077aed3SPierre Pronchery=back 69*b077aed3SPierre Pronchery 70*b077aed3SPierre Proncheryossl_cmp_certrep_new() creates a PKIMessage for certificate response, 71*b077aed3SPierre Proncherywhich can be either of IP/CP/KUP, depending on the given I<bodytype>, 72*b077aed3SPierre Proncherywith the given I<certReqId> and I<si> values and optionally with I<cert>, 73*b077aed3SPierre ProncheryI<chain>, and I<caPubs>. The I<cert>, I<chain>, and I<caPubs> arguments 74*b077aed3SPierre Proncheryare not consumed if present but their internal reference counter is increased. 75*b077aed3SPierre ProncheryThe I<encryption_recip> is currently unsupported. 76*b077aed3SPierre ProncheryThe function does not protect the message if the B<status> value in I<si> 77*b077aed3SPierre Proncheryis B<rejected> and I<unprotectedErrors> is nonzero. 78*b077aed3SPierre Pronchery 79*b077aed3SPierre ProncheryAvailable CMP certificate response PKIMessage I<bodytype>s are: 80*b077aed3SPierre Pronchery 81*b077aed3SPierre Pronchery=over 4 82*b077aed3SPierre Pronchery 83*b077aed3SPierre Pronchery=item * B<OSSL_CMP_PKIBODY_IP> - Initialization Response 84*b077aed3SPierre Pronchery 85*b077aed3SPierre Pronchery=item * B<OSSL_CMP_PKIBODY_CP> - Certification Response 86*b077aed3SPierre Pronchery 87*b077aed3SPierre Pronchery=item * B<OSSL_CMP_PKIBODY_KUP> - Key Update Response 88*b077aed3SPierre Pronchery 89*b077aed3SPierre Pronchery=back 90*b077aed3SPierre Pronchery 91*b077aed3SPierre ProncheryThe list of all CMP PKIMessage I<bodytype>s is: 92*b077aed3SPierre Pronchery 93*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_IR 0 94*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_IP 1 95*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_CR 2 96*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_CP 3 97*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_P10CR 4 98*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_POPDECC 5 99*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_POPDECR 6 100*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_KRR 9 101*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_KRP 10 102*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_RR 11 103*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_RP 12 104*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_CCR 13 105*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_CCP 14 106*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_CKUANN 15 107*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_CANN 16 108*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_RANN 17 109*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_CRLANN 18 110*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_PKICONF 19 111*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_NESTED 20 112*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_GENM 21 113*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_GENP 22 114*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_ERROR 23 115*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_CERTCONF 24 116*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_POLLREQ 25 117*b077aed3SPierre Pronchery #define OSSL_CMP_PKIBODY_POLLREP 26 118*b077aed3SPierre Pronchery 119*b077aed3SPierre Proncheryossl_cmp_rr_new() creates a Revocation Request message from the 120*b077aed3SPierre Proncheryinformation set via OSSL_CMP_CTX_set1_oldClCert(). 121*b077aed3SPierre Pronchery 122*b077aed3SPierre Proncheryossl_cmp_rp_new() creates a Revocation Response message with I<si> and I<cid>. 123*b077aed3SPierre ProncheryIt does not protect the message if the B<status> value in I<si> is B<rejected> 124*b077aed3SPierre Proncheryand I<unprotectedErrors> is nonzero. 125*b077aed3SPierre Pronchery 126*b077aed3SPierre Proncheryossl_cmp_certConf_new() creates a Certificate Confirmation message for the last 127*b077aed3SPierre Proncheryreceived certificate with the given I<certReqId>. 128*b077aed3SPierre ProncheryThe PKIStatus defaults to B<accepted> if the I<fail_info> bit field is 0. 129*b077aed3SPierre ProncheryOtherwise it is taken as the failInfo of the PKIStatusInfo, PKIStatus is 130*b077aed3SPierre Proncheryset to B<rejected>, and I<text> is copied to statusString unless it is NULL. 131*b077aed3SPierre Pronchery 132*b077aed3SPierre Proncheryossl_cmp_pkiconf_new() creates a PKI Confirmation message. 133*b077aed3SPierre Pronchery 134*b077aed3SPierre Proncheryossl_cmp_pollReq_new() creates a Polling Request message with certReqId set to 135*b077aed3SPierre ProncheryI<crid>. 136*b077aed3SPierre Pronchery 137*b077aed3SPierre Proncheryossl_cmp_pollRep_new() creates a Polling Response message with certReqId set to 138*b077aed3SPierre ProncheryI<crid> and pollAfter to I<poll_after>. 139*b077aed3SPierre Pronchery 140*b077aed3SPierre Proncheryossl_cmp_genm_new() creates a new General Message with an empty ITAV stack. 141*b077aed3SPierre Pronchery 142*b077aed3SPierre Proncheryossl_cmp_genp_new() creates a new General Response with an empty ITAV stack. 143*b077aed3SPierre Pronchery 144*b077aed3SPierre Proncheryossl_cmp_error_new() creates a new Error Message with the given contents 145*b077aed3SPierre ProncheryI<si>, I<errorCode>, and optional I<details>. 146*b077aed3SPierre ProncheryIf I<errorCode> is positive and in the range of an OpenSSL error code, 147*b077aed3SPierre Proncherythe library and reason strings are included in the B<errorDetails> field. 148*b077aed3SPierre ProncheryIf given, the I<details> are added to the contents of the B<errorDetails> field. 149*b077aed3SPierre ProncheryThe function does not protect the message if I<unprotectedErrors> is nonzero. 150*b077aed3SPierre Pronchery 151*b077aed3SPierre Pronchery=head1 NOTES 152*b077aed3SPierre Pronchery 153*b077aed3SPierre ProncheryCMP is specified in RFC 4210 (and CRMF in RFC 4211). 154*b077aed3SPierre Pronchery 155*b077aed3SPierre Pronchery=head1 RETURN VALUES 156*b077aed3SPierre Pronchery 157*b077aed3SPierre ProncheryAll of the functions return a new OSSL_CMP_MSG structure containing 158*b077aed3SPierre Proncherythe generated message on success, or NULL on error. 159*b077aed3SPierre Pronchery 160*b077aed3SPierre Pronchery=head1 SEE ALSO 161*b077aed3SPierre Pronchery 162*b077aed3SPierre ProncheryL<ossl_cmp_msg_create(3)>, 163*b077aed3SPierre ProncheryL<OSSL_CMP_CTX_new(3)>, L<ERR_load_strings(3)> 164*b077aed3SPierre Pronchery 165*b077aed3SPierre Pronchery=head1 HISTORY 166*b077aed3SPierre Pronchery 167*b077aed3SPierre ProncheryThe OpenSSL CMP support was added in OpenSSL 3.0. 168*b077aed3SPierre Pronchery 169*b077aed3SPierre Pronchery=head1 COPYRIGHT 170*b077aed3SPierre Pronchery 171*b077aed3SPierre ProncheryCopyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. 172*b077aed3SPierre Pronchery 173*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 174*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 175*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 176*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 177*b077aed3SPierre Pronchery 178*b077aed3SPierre Pronchery=cut 179