openssl/doc/internal/man3/ossl_cmp_msg_protect.pod

=pod

=head1 NAME

ossl_cmp_calc_protection,
ossl_cmp_msg_protect,
ossl_cmp_msg_add_extraCerts
- functions for producing CMP message protection

=head1 SYNOPSIS

 #include "cmp_local.h"

 ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
                                           const OSSL_CMP_MSG *msg);
 int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
 int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);

=head1 DESCRIPTION

ossl_cmp_calc_protection() calculates the protection for the given I<msg>
according to the algorithm and parameters in the message header's protectionAlg
using the credentials, library context, and property criteria in the I<ctx>.

ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm
depending on the available context information given in the I<ctx>.
If there is a secretValue it selects PBMAC, else if there is a protection cert
it selects Signature and uses L<ossl_cmp_msg_add_extraCerts(3)>.
It also sets the protectionAlg field in the message header accordingly.

ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>.
If signature-based message protection is used it adds first the CMP signer cert
ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx>
tries to build it using ctx->untrusted and caches the result in ctx->chain.
In any case all the certificates explicitly specified to be sent out (i.e.,
I<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate
of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).

=head1 NOTES

CMP is defined in RFC 4210 (and CRMF in RFC 4211).

=head1 RETURN VALUES

ossl_cmp_calc_protection() returns the protection on success, else NULL.

All other functions return 1 on success, 0 on error.

=head1 HISTORY

The OpenSSL CMP support was added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00			`=pod`

			`=head1 NAME`

Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808) 2020-08-13 23:44:54 +08:00			`ossl_cmp_calc_protection,`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00			`ossl_cmp_msg_protect,`
			`ossl_cmp_msg_add_extraCerts`
			`- functions for producing CMP message protection`

			`=head1 SYNOPSIS`

cmp_util.c: Add OPENSSL_CTX parameter to ossl_cmp_build_cert_chain(), improve its doc Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808) 2020-05-13 22:03:26 +08:00			`#include "cmp_local.h"`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00
Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808) 2020-08-13 23:44:54 +08:00			`ASN1_BIT_STRING ossl_cmp_calc_protection(const OSSL_CMP_CTX ctx,`
			`const OSSL_CMP_MSG *msg);`
cmp_util.c: Add OPENSSL_CTX parameter to ossl_cmp_build_cert_chain(), improve its doc Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808) 2020-05-13 22:03:26 +08:00			`int ossl_cmp_msg_protect(OSSL_CMP_CTX ctx, OSSL_CMP_MSG msg);`
			`int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX ctx, OSSL_CMP_MSG msg);`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00
			`=head1 DESCRIPTION`

Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808) 2020-08-13 23:44:54 +08:00			`ossl_cmp_calc_protection() calculates the protection for the given I<msg>`
			`according to the algorithm and parameters in the message header's protectionAlg`
			`using the credentials, library context, and property criteria in the I<ctx>.`

			`ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm`
			`depending on the available context information given in the I<ctx>.`
Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert() Also update documentation and example code in openssl-cmp.pod.in Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11470) 2020-05-08 19:30:44 +08:00			`If there is a secretValue it selects PBMAC, else if there is a protection cert`
Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808) 2020-08-13 23:44:54 +08:00			`it selects Signature and uses L<ossl_cmp_msg_add_extraCerts(3)>.`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00			`It also sets the protectionAlg field in the message header accordingly.`

Strengthen chain building for CMP * Add -own_trusted option to CMP app * Add OSSL_CMP_CTX_build_cert_chain() * Add optional trust store arg to ossl_cmp_build_cert_chain() * Extend the tests in cmp_protect_test.c and the documentation accordingly Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12791) 2020-09-04 21:24:14 +08:00			`ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>.`
			`If signature-based message protection is used it adds first the CMP signer cert`
			`ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx>`
Clean up CMP chain building for CMP signer, TLS client, and newly enrolled certs * Use strenghtened cert chain building, verifying chain using optional trust store while making sure that no certificate status (e.g., CRL) checks are done * Use OSSL_CMP_certConf_cb() by default and move its doc to OSSL_CMP_CTX_new.pod * Simplify certificate and cert store loading in apps/cmp.c Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12741) 2020-08-28 18:11:31 +08:00			`tries to build it using ctx->untrusted and caches the result in ctx->chain.`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00			`In any case all the certificates explicitly specified to be sent out (i.e.,`
Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808) 2020-08-13 23:44:54 +08:00			`I<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00			`of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).`

			`=head1 NOTES`

			`CMP is defined in RFC 4210 (and CRMF in RFC 4211).`

			`=head1 RETURN VALUES`

Use in CMP+CRMF libctx and propq param added to sign/verify/HMAC/decrypt Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808) 2020-08-13 23:44:54 +08:00			`ossl_cmp_calc_protection() returns the protection on success, else NULL.`

cmp_util.c: Add OPENSSL_CTX parameter to ossl_cmp_build_cert_chain(), improve its doc Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11808) 2020-05-13 22:03:26 +08:00			`All other functions return 1 on success, 0 on error.`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00
			`=head1 HISTORY`

			`The OpenSSL CMP support was added in OpenSSL 3.0.`

			`=head1 COPYRIGHT`

Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14986) 2021-04-22 21:38:44 +08:00			`Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.`
add internal doc files actually belonging to CMP contribution chunk 6 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/10620) 2019-12-14 01:54:15 +08:00
			`Licensed under the Apache License 2.0 (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`