1OSSL_CMP_MSG_GET0_HEADER(3ossl)     OpenSSL    OSSL_CMP_MSG_GET0_HEADER(3ossl)
2
3
4

NAME

6       OSSL_CMP_MSG_get0_header, OSSL_CMP_MSG_get_bodytype,
7       OSSL_CMP_MSG_update_transactionID, OSSL_CMP_MSG_update_recipNonce,
8       OSSL_CMP_CTX_setup_CRM, OSSL_CMP_MSG_read, OSSL_CMP_MSG_write,
9       d2i_OSSL_CMP_MSG_bio, i2d_OSSL_CMP_MSG_bio - function(s) manipulating
10       CMP messages
11

SYNOPSIS

13         #include <openssl/cmp.h>
14
15         OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
16         int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
17         int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
18         int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
19         OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
20         OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, const char *propq);
21         int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
22         OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
23         int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
24

DESCRIPTION

26       OSSL_CMP_MSG_get0_header() returns the header of the given CMP message.
27
28       OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP
29       message.
30
31       OSSL_CMP_MSG_update_transactionID() updates the transactionID field in
32       the header of the given message according to the CMP_CTX.  If ctx does
33       not contain a transaction ID, a fresh one is created before.  The
34       message gets re-protected (if protecting requests is required).
35
36       OSSL_CMP_MSG_update_recipNonce() updates the recipNonce field in the
37       header of the given message according to the CMP_CTX.  The message gets
38       re-protected (if protecting requests is required).
39
40       OSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message
41       from various information provided in the CMP context argument ctx for
42       inclusion in a CMP request message based on details contained in ctx.
43       The rid argument defines the request identifier to use, which typically
44       is 0.
45
46       The subject DN included in the certificate template is the first
47       available value of these:
48
49       any subject name in ctx set via OSSL_CMP_CTX_set1_subjectName(3) - if
50       it is the NULL-DN (i.e., any empty sequence of RDNs), no subject is
51       included,
52       the subject field of any PKCS#10 CSR set in ctx via
53       OSSL_CMP_CTX_set1_p10CSR(3),
54       the subject field of any reference certificate given in ctx (see
55       OSSL_CMP_CTX_set1_oldCert(3)), but only if for_KUR is nonzero or the
56       ctx does not include a Subject Alternative Name.
57
58       The public key included is the first available value of these:
59
60       the public key derived from any key set via
61       OSSL_CMP_CTX_set0_newPkey(3),
62       the public key of any PKCS#10 CSR given in ctx,
63       the public key of any reference certificate given in ctx (see
64       OSSL_CMP_CTX_set1_oldCert(3)),
65       the public key derived from any client's private key set via
66       OSSL_CMP_CTX_set1_pkey(3).
67
68       The set of X.509 extensions to include is computed as follows.  If a
69       PKCS#10 CSR is present in ctx, default extensions are taken from there,
70       otherwise the empty set is taken as the initial value.  If there is a
71       reference certificate in ctx and contains Subject Alternative Names
72       (SANs) and OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT is not set, these
73       override any SANs from the PKCS#10 CSR.  The extensions are further
74       augmented or overridden by any extensions with the same OIDs included
75       in the ctx via OSSL_CMP_CTX_set0_reqExtensions(3).  The SANs are
76       further overridden by any SANs included in ctx via
77       OSSL_CMP_CTX_push1_subjectAltName(3).  Finally, policies are overridden
78       by any policies included in ctx via OSSL_CMP_CTX_push0_policy(3).
79
80       OSSL_CMP_CTX_setup_CRM() also sets the sets the regToken control
81       oldCertID for KUR messages using the issuer name and serial number of
82       the reference certificate, if present.
83
84       OSSL_CMP_MSG_read() loads a DER-encoded OSSL_CMP_MSG from file.
85
86       OSSL_CMP_MSG_write() stores the given OSSL_CMP_MSG to file in DER
87       encoding.
88
89       d2i_OSSL_CMP_MSG_bio() parses an ASN.1-encoded OSSL_CMP_MSG from the
90       BIO bio.  It assigns a pointer to the new structure to *msg if msg is
91       not NULL.
92
93       i2d_OSSL_CMP_MSG_bio() writes the OSSL_CMP_MSG msg in ASN.1 encoding to
94       BIO bio.
95

NOTES

97       CMP is defined in RFC 4210.
98

RETURN VALUES

100       OSSL_CMP_MSG_get0_header() returns the intended pointer value as
101       described above or NULL if the respective entry does not exist and on
102       error.
103
104       OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error.
105
106       OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on
107       success, NULL on error.
108
109       d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error.
110
111       OSSL_CMP_MSG_read() and d2i_OSSL_CMP_MSG_bio() return the parsed CMP
112       message or NULL on error.
113
114       OSSL_CMP_MSG_write() returns the number of bytes successfully encoded
115       or a negative value if an error occurs.
116
117       i2d_OSSL_CMP_MSG_bio(), OSSL_CMP_MSG_update_transactionID(), and
118       OSSL_CMP_MSG_update_recipNonce() return 1 on success, 0 on error.
119

SEE ALSO

121       OSSL_CMP_CTX_set1_subjectName(3), OSSL_CMP_CTX_set1_p10CSR(3),
122       OSSL_CMP_CTX_set1_oldCert(3), OSSL_CMP_CTX_set0_newPkey(3),
123       OSSL_CMP_CTX_set1_pkey(3), OSSL_CMP_CTX_set0_reqExtensions(3),
124       OSSL_CMP_CTX_push1_subjectAltName(3), OSSL_CMP_CTX_push0_policy(3)
125

HISTORY

127       The OpenSSL CMP support was added in OpenSSL 3.0.
128
129       OSSL_CMP_MSG_update_recipNonce() was added in OpenSSL 3.0.9.
130
132       Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
133
134       Licensed under the Apache License 2.0 (the "License").  You may not use
135       this file except in compliance with the License.  You can obtain a copy
136       in the file LICENSE in the source distribution or at
137       <https://www.openssl.org/source/license.html>.
138
139
140
1413.1.1                             2023-08-31   OSSL_CMP_MSG_GET0_HEADER(3ossl)
Impressum