1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncheryOSSL_CMP_MSG_get0_header, 6*b077aed3SPierre ProncheryOSSL_CMP_MSG_get_bodytype, 7*b077aed3SPierre ProncheryOSSL_CMP_MSG_update_transactionID, 8*b077aed3SPierre ProncheryOSSL_CMP_MSG_update_recipNonce, 9*b077aed3SPierre ProncheryOSSL_CMP_CTX_setup_CRM, 10*b077aed3SPierre ProncheryOSSL_CMP_MSG_read, 11*b077aed3SPierre ProncheryOSSL_CMP_MSG_write, 12*b077aed3SPierre Proncheryd2i_OSSL_CMP_MSG_bio, 13*b077aed3SPierre Proncheryi2d_OSSL_CMP_MSG_bio 14*b077aed3SPierre Pronchery- function(s) manipulating CMP messages 15*b077aed3SPierre Pronchery 16*b077aed3SPierre Pronchery=head1 SYNOPSIS 17*b077aed3SPierre Pronchery 18*b077aed3SPierre Pronchery #include <openssl/cmp.h> 19*b077aed3SPierre Pronchery 20*b077aed3SPierre Pronchery OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); 21*b077aed3SPierre Pronchery int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); 22*b077aed3SPierre Pronchery int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); 23*b077aed3SPierre Pronchery int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); 24*b077aed3SPierre Pronchery OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); 25*b077aed3SPierre Pronchery OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, const char *propq); 26*b077aed3SPierre Pronchery int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); 27*b077aed3SPierre Pronchery OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); 28*b077aed3SPierre Pronchery int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); 29*b077aed3SPierre Pronchery 30*b077aed3SPierre Pronchery=head1 DESCRIPTION 31*b077aed3SPierre Pronchery 32*b077aed3SPierre ProncheryOSSL_CMP_MSG_get0_header() returns the header of the given CMP message. 33*b077aed3SPierre Pronchery 34*b077aed3SPierre ProncheryOSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message. 35*b077aed3SPierre Pronchery 36*b077aed3SPierre ProncheryOSSL_CMP_MSG_update_transactionID() updates the transactionID field 37*b077aed3SPierre Proncheryin the header of the given message according to the CMP_CTX. 38*b077aed3SPierre ProncheryIf I<ctx> does not contain a transaction ID, a fresh one is created before. 39*b077aed3SPierre ProncheryThe message gets re-protected (if protecting requests is required). 40*b077aed3SPierre Pronchery 41*b077aed3SPierre ProncheryOSSL_CMP_MSG_update_recipNonce() updates the recipNonce field 42*b077aed3SPierre Proncheryin the header of the given message according to the CMP_CTX. 43*b077aed3SPierre ProncheryThe message gets re-protected (if protecting requests is required). 44*b077aed3SPierre Pronchery 45*b077aed3SPierre ProncheryOSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message 46*b077aed3SPierre Proncheryfrom various information provided in the CMP context argument I<ctx> 47*b077aed3SPierre Proncheryfor inclusion in a CMP request message based on details contained in I<ctx>. 48*b077aed3SPierre ProncheryThe I<rid> argument defines the request identifier to use, which typically is 0. 49*b077aed3SPierre Pronchery 50*b077aed3SPierre ProncheryThe subject DN included in the certificate template is 51*b077aed3SPierre Proncherythe first available value of these: 52*b077aed3SPierre Pronchery 53*b077aed3SPierre Pronchery=over 4 54*b077aed3SPierre Pronchery 55*b077aed3SPierre Pronchery=item any subject name in I<ctx> set via L<OSSL_CMP_CTX_set1_subjectName(3)> - 56*b077aed3SPierre Proncheryif it is the NULL-DN (i.e., any empty sequence of RDNs), no subject is included, 57*b077aed3SPierre Pronchery 58*b077aed3SPierre Pronchery=item the subject field of any PKCS#10 CSR set in I<ctx> 59*b077aed3SPierre Proncheryvia L<OSSL_CMP_CTX_set1_p10CSR(3)>, 60*b077aed3SPierre Pronchery 61*b077aed3SPierre Pronchery=item the subject field of any reference certificate given in I<ctx> 62*b077aed3SPierre Pronchery(see L<OSSL_CMP_CTX_set1_oldCert(3)>), but only if I<for_KUR> is nonzero 63*b077aed3SPierre Proncheryor the I<ctx> does not include a Subject Alternative Name. 64*b077aed3SPierre Pronchery 65*b077aed3SPierre Pronchery=back 66*b077aed3SPierre Pronchery 67*b077aed3SPierre ProncheryThe public key included is the first available value of these: 68*b077aed3SPierre Pronchery 69*b077aed3SPierre Pronchery=over 4 70*b077aed3SPierre Pronchery 71*b077aed3SPierre Pronchery=item the public key derived from any key set via L<OSSL_CMP_CTX_set0_newPkey(3)>, 72*b077aed3SPierre Pronchery 73*b077aed3SPierre Pronchery=item the public key of any PKCS#10 CSR given in I<ctx>, 74*b077aed3SPierre Pronchery 75*b077aed3SPierre Pronchery=item the public key of any reference certificate given in I<ctx> 76*b077aed3SPierre Pronchery(see L<OSSL_CMP_CTX_set1_oldCert(3)>), 77*b077aed3SPierre Pronchery 78*b077aed3SPierre Pronchery=item the public key derived from any client's private key 79*b077aed3SPierre Proncheryset via L<OSSL_CMP_CTX_set1_pkey(3)>. 80*b077aed3SPierre Pronchery 81*b077aed3SPierre Pronchery=back 82*b077aed3SPierre Pronchery 83*b077aed3SPierre ProncheryThe set of X.509 extensions to include is computed as follows. 84*b077aed3SPierre ProncheryIf a PKCS#10 CSR is present in I<ctx>, default extensions are taken from there, 85*b077aed3SPierre Proncheryotherwise the empty set is taken as the initial value. 86*b077aed3SPierre ProncheryIf there is a reference certificate in I<ctx> and contains Subject Alternative 87*b077aed3SPierre ProncheryNames (SANs) and B<OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT> is not set, 88*b077aed3SPierre Proncherythese override any SANs from the PKCS#10 CSR. 89*b077aed3SPierre ProncheryThe extensions are further augmented or overridden by any extensions with the 90*b077aed3SPierre Proncherysame OIDs included in the I<ctx> via L<OSSL_CMP_CTX_set0_reqExtensions(3)>. 91*b077aed3SPierre ProncheryThe SANs are further overridden by any SANs included in I<ctx> via 92*b077aed3SPierre ProncheryL<OSSL_CMP_CTX_push1_subjectAltName(3)>. 93*b077aed3SPierre ProncheryFinally, policies are overridden by any policies included in I<ctx> via 94*b077aed3SPierre ProncheryL<OSSL_CMP_CTX_push0_policy(3)>. 95*b077aed3SPierre Pronchery 96*b077aed3SPierre ProncheryOSSL_CMP_CTX_setup_CRM() also sets the sets the regToken control B<oldCertID> 97*b077aed3SPierre Proncheryfor KUR messages using the issuer name and serial number of the reference 98*b077aed3SPierre Proncherycertificate, if present. 99*b077aed3SPierre Pronchery 100*b077aed3SPierre ProncheryOSSL_CMP_MSG_read() loads a DER-encoded OSSL_CMP_MSG from I<file>. 101*b077aed3SPierre Pronchery 102*b077aed3SPierre ProncheryOSSL_CMP_MSG_write() stores the given OSSL_CMP_MSG to I<file> in DER encoding. 103*b077aed3SPierre Pronchery 104*b077aed3SPierre Proncheryd2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the BIO I<bio>. 105*b077aed3SPierre ProncheryIt assigns a pointer to the new structure to I<*msg> if I<msg> is not NULL. 106*b077aed3SPierre Pronchery 107*b077aed3SPierre Proncheryi2d_OSSL_CMP_MSG_bio() writes the OSSL_CMP_MSG I<msg> in ASN.1 encoding 108*b077aed3SPierre Proncheryto BIO I<bio>. 109*b077aed3SPierre Pronchery 110*b077aed3SPierre Pronchery=head1 NOTES 111*b077aed3SPierre Pronchery 112*b077aed3SPierre ProncheryCMP is defined in RFC 4210. 113*b077aed3SPierre Pronchery 114*b077aed3SPierre Pronchery=head1 RETURN VALUES 115*b077aed3SPierre Pronchery 116*b077aed3SPierre ProncheryOSSL_CMP_MSG_get0_header() returns the intended pointer value as described above 117*b077aed3SPierre Proncheryor NULL if the respective entry does not exist and on error. 118*b077aed3SPierre Pronchery 119*b077aed3SPierre ProncheryOSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error. 120*b077aed3SPierre Pronchery 121*b077aed3SPierre ProncheryOSSL_CMP_CTX_setup_CRM() returns a pointer to a B<OSSL_CRMF_MSG> on success, 122*b077aed3SPierre ProncheryNULL on error. 123*b077aed3SPierre Pronchery 124*b077aed3SPierre Proncheryd2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error. 125*b077aed3SPierre Pronchery 126*b077aed3SPierre ProncheryOSSL_CMP_MSG_read() and d2i_OSSL_CMP_MSG_bio() 127*b077aed3SPierre Proncheryreturn the parsed CMP message or NULL on error. 128*b077aed3SPierre Pronchery 129*b077aed3SPierre ProncheryOSSL_CMP_MSG_write() returns the number of bytes successfully encoded or a 130*b077aed3SPierre Proncherynegative value if an error occurs. 131*b077aed3SPierre Pronchery 132*b077aed3SPierre Proncheryi2d_OSSL_CMP_MSG_bio(), OSSL_CMP_MSG_update_transactionID(), 133*b077aed3SPierre Proncheryand OSSL_CMP_MSG_update_recipNonce() 134*b077aed3SPierre Proncheryreturn 1 on success, 0 on error. 135*b077aed3SPierre Pronchery 136*b077aed3SPierre Pronchery=head1 SEE ALSO 137*b077aed3SPierre Pronchery 138*b077aed3SPierre ProncheryL<OSSL_CMP_CTX_set1_subjectName(3)>, L<OSSL_CMP_CTX_set1_p10CSR(3)>, 139*b077aed3SPierre ProncheryL<OSSL_CMP_CTX_set1_oldCert(3)>, L<OSSL_CMP_CTX_set0_newPkey(3)>, 140*b077aed3SPierre ProncheryL<OSSL_CMP_CTX_set1_pkey(3)>, L<OSSL_CMP_CTX_set0_reqExtensions(3)>, 141*b077aed3SPierre ProncheryL<OSSL_CMP_CTX_push1_subjectAltName(3)>, L<OSSL_CMP_CTX_push0_policy(3)> 142*b077aed3SPierre Pronchery 143*b077aed3SPierre Pronchery=head1 HISTORY 144*b077aed3SPierre Pronchery 145*b077aed3SPierre ProncheryThe OpenSSL CMP support was added in OpenSSL 3.0. 146*b077aed3SPierre Pronchery 147*b077aed3SPierre ProncheryOSSL_CMP_MSG_update_recipNonce() was added in OpenSSL 3.0.9. 148*b077aed3SPierre Pronchery 149*b077aed3SPierre Pronchery=head1 COPYRIGHT 150*b077aed3SPierre Pronchery 151*b077aed3SPierre ProncheryCopyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. 152*b077aed3SPierre Pronchery 153*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 154*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 155*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 156*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 157*b077aed3SPierre Pronchery 158*b077aed3SPierre Pronchery=cut 159