OSSL_CMP_MSG_get0_header,
OSSL_CMP_MSG_get_bodytype,
+OSSL_CMP_MSG_get0_certreq_publickey,
OSSL_CMP_MSG_update_transactionID,
+OSSL_CMP_MSG_update_recipNonce,
OSSL_CMP_CTX_setup_CRM,
OSSL_CMP_MSG_read,
OSSL_CMP_MSG_write,
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
+ X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg);
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
+ int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, const char *propq);
int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
OSSL_CMP_MSG_get_bodytype() returns the body type of the given CMP message.
+OSSL_CMP_MSG_get0_certreq_publickey() expects that I<msg> is a certificate request
+messsage and returns the public key in its certificate template if present.
+
OSSL_CMP_MSG_update_transactionID() updates the transactionID field
in the header of the given message according to the CMP_CTX.
-This requires re-protecting the message (if it was protected).
+If I<ctx> does not contain a transaction ID, a fresh one is created before.
+The message gets re-protected (if protecting requests is required).
+
+OSSL_CMP_MSG_update_recipNonce() updates the recipNonce field
+in the header of the given message according to the CMP_CTX.
+The message gets re-protected (if protecting requests is required).
OSSL_CMP_CTX_setup_CRM() creates a CRMF certificate request message
from various information provided in the CMP context argument I<ctx>
=over 4
-=item any subject name in I<ctx> set via L<OSSL_CMP_CTX_set1_subjectName(3)>,
+=item any subject name in I<ctx> set via L<OSSL_CMP_CTX_set1_subjectName(3)> -
+if it is the NULL-DN (i.e., any empty sequence of RDNs), no subject is included,
-=item the subject field of any PKCS#10 CSR is given in I<ctx>, or
+=item the subject field of any PKCS#10 CSR set in I<ctx>
+via L<OSSL_CMP_CTX_set1_p10CSR(3)>,
=item the subject field of any reference certificate given in I<ctx>
-(see L<OSSL_CMP_CTX_set1_oldCert(3)>), if I<for_KUR> is nonzero
+(see L<OSSL_CMP_CTX_set1_oldCert(3)>), but only if I<for_KUR> is nonzero
or the I<ctx> does not include a Subject Alternative Name.
=back
=item the public key derived from any key set via L<OSSL_CMP_CTX_set0_newPkey(3)>,
-=item the public key of any PKCS#10 CSR is given in I<ctx>,
+=item the public key of any PKCS#10 CSR given in I<ctx>,
-=item the public key of any reference certificate given in I<ctx>, or
+=item the public key of any reference certificate given in I<ctx>
+(see L<OSSL_CMP_CTX_set1_oldCert(3)>),
-=item the public key derived from any client private key set via L<OSSL_CMP_CTX_set1_pkey(3)>.
+=item the public key derived from any client's private key
+set via L<OSSL_CMP_CTX_set1_pkey(3)>.
=back
OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error.
-OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success,
+OSSL_CMP_MSG_get0_certreq_publickey() returns a public key or NULL on error.
+
+OSSL_CMP_CTX_setup_CRM() returns a pointer to a B<OSSL_CRMF_MSG> on success,
NULL on error.
d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error.
OSSL_CMP_MSG_read() and d2i_OSSL_CMP_MSG_bio()
return the parsed CMP message or NULL on error.
-OSSL_CMP_MSG_write() and i2d_OSSL_CMP_MSG_bio() return
-the number of bytes successfully encoded or a negative value if an error occurs.
+OSSL_CMP_MSG_write() returns the number of bytes successfully encoded or a
+negative value if an error occurs.
-OSSL_CMP_MSG_update_transactionID() returns 1 on success, 0 on error.
+i2d_OSSL_CMP_MSG_bio(), OSSL_CMP_MSG_update_transactionID(),
+and OSSL_CMP_MSG_update_recipNonce()
+return 1 on success, 0 on error.
+
+=head1 SEE ALSO
+
+L<OSSL_CMP_CTX_set1_subjectName(3)>, L<OSSL_CMP_CTX_set1_p10CSR(3)>,
+L<OSSL_CMP_CTX_set1_oldCert(3)>, L<OSSL_CMP_CTX_set0_newPkey(3)>,
+L<OSSL_CMP_CTX_set1_pkey(3)>, L<OSSL_CMP_CTX_set0_reqExtensions(3)>,
+L<OSSL_CMP_CTX_push1_subjectAltName(3)>, L<OSSL_CMP_CTX_push0_policy(3)>
=head1 HISTORY
The OpenSSL CMP support was added in OpenSSL 3.0.
+OSSL_CMP_MSG_update_recipNonce() was added in OpenSSL 3.0.9.
+
+OSSL_CMP_MSG_get0_certreq_publickey() was added in OpenSSL 3.3.
+
=head1 COPYRIGHT
-Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
projects / thirdparty / openssl.git / blobdiff