OSSL_CMP_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype,
const OSSL_CRMF_MSG *crm);
OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype,
- int certReqId, OSSL_CMP_PKISI *si,
- X509 *cert, STACK_OF(X509) *chain,
- STACK_OF(X509) *caPubs, int encrypted,
+ int certReqId, const OSSL_CMP_PKISI *si,
+ X509 *cert, const X509 *encryption_recip,
+ STACK_OF(X509) *chain, STACK_OF(X509) *caPubs,
int unprotectedErrors);
OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx);
-OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si,
- OSSL_CRMF_CERTID *certId, int unprot_err);
+OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
+ const OSSL_CRMF_CERTID *cid,
+ int unprotectedErrors);
OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx);
OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid,
int64_t poll_after);
OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx);
OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx,
const STACK_OF(OSSL_CMP_ITAV) *itavs);
-OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si,
- int errorCode,
- const char *details, int unprotected);
+OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
+ int errorCode, const char *details,
+ int unprotected);
int ossl_cmp_certstatus_set0_certHash(OSSL_CMP_CERTSTATUS *certStatus,
ASN1_OCTET_STRING *hash);
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
}
OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype,
- int certReqId, OSSL_CMP_PKISI *si,
- X509 *cert, STACK_OF(X509) *chain,
- STACK_OF(X509) *caPubs, int encrypted,
+ int certReqId, const OSSL_CMP_PKISI *si,
+ X509 *cert, const X509 *encryption_recip,
+ STACK_OF(X509) *chain, STACK_OF(X509) *caPubs,
int unprotectedErrors)
{
OSSL_CMP_MSG *msg = NULL;
status = ossl_cmp_pkisi_get_status(resp->status);
if (status != OSSL_CMP_PKISTATUS_rejection
&& status != OSSL_CMP_PKISTATUS_waiting && cert != NULL) {
- if (encrypted) {
- ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS);
+ if (encryption_recip != NULL) {
+ ERR_raise(ERR_LIB_CMP, ERR_R_UNSUPPORTED);
goto err;
}
return NULL;
}
-OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si,
- OSSL_CRMF_CERTID *cid, int unprot_err)
+OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
+ const OSSL_CRMF_CERTID *cid, int unprotectedErrors)
{
OSSL_CMP_REVREPCONTENT *rep = NULL;
OSSL_CMP_PKISI *si1 = NULL;
}
}
- if (!unprot_err
+ if (!unprotectedErrors
|| ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_rejection)
if (!ossl_cmp_msg_protect(ctx, msg))
goto err;
OSSL_CMP_PKIBODY_GENP, CMP_R_ERROR_CREATING_GENP);
}
-OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si,
- int errorCode,
- const char *details, int unprotected)
+OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
+ int errorCode, const char *details,
+ int unprotected)
{
OSSL_CMP_MSG *msg = NULL;
OSSL_CMP_PKIFREETEXT *ft;
}
msg = ossl_cmp_certrep_new(srv_ctx->ctx, bodytype, certReqId, si,
- certOut, chainOut, caPubs, 0 /* encrypted */,
+ certOut, NULL /* enc */, chainOut, caPubs,
srv_ctx->sendUnprotectedErrors);
if (msg == NULL)
ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_CREATING_CERTREP);
=head1 SYNOPSIS
- #include <openssl/cmp.h>
-
-# define OSSL_CMP_PKIBODY_IR 0
-# define OSSL_CMP_PKIBODY_IP 1
-# define OSSL_CMP_PKIBODY_CR 2
-# define OSSL_CMP_PKIBODY_CP 3
-# define OSSL_CMP_PKIBODY_P10CR 4
-# define OSSL_CMP_PKIBODY_POPDECC 5
-# define OSSL_CMP_PKIBODY_POPDECR 6
-# define OSSL_CMP_PKIBODY_KUR 7
-# define OSSL_CMP_PKIBODY_KUP 8
-# define OSSL_CMP_PKIBODY_KRR 9
-# define OSSL_CMP_PKIBODY_KRP 10
-# define OSSL_CMP_PKIBODY_RR 11
-# define OSSL_CMP_PKIBODY_RP 12
-# define OSSL_CMP_PKIBODY_CCR 13
-# define OSSL_CMP_PKIBODY_CCP 14
-# define OSSL_CMP_PKIBODY_CKUANN 15
-# define OSSL_CMP_PKIBODY_CANN 16
-# define OSSL_CMP_PKIBODY_RANN 17
-# define OSSL_CMP_PKIBODY_CRLANN 18
-# define OSSL_CMP_PKIBODY_PKICONF 19
-# define OSSL_CMP_PKIBODY_NESTED 20
-# define OSSL_CMP_PKIBODY_GENM 21
-# define OSSL_CMP_PKIBODY_GENP 22
-# define OSSL_CMP_PKIBODY_ERROR 23
-# define OSSL_CMP_PKIBODY_CERTCONF 24
-# define OSSL_CMP_PKIBODY_POLLREQ 25
-# define OSSL_CMP_PKIBODY_POLLREP 26
+ #include "cmp_local.h"
OSSL_ossl_cmp_MSG *ossl_cmp_certreq_new(OSSL_CMP_CTX *ctx, int bodytype,
const OSSL_CRMF_MSG *crm);
OSSL_CMP_MSG *ossl_cmp_certrep_new(OSSL_CMP_CTX *ctx, int bodytype,
- int certReqId, OSSL_CMP_PKISI *si,
- X509 *cert, STACK_OF(X509) *chain,
- STACK_OF(X509) *caPubs,
- int encrypted, int unprotectedErrors);
+ int certReqId, const OSSL_CMP_PKISI *si,
+ X509 *cert, const X509 *encryption_recip,
+ STACK_OF(X509) *chain, STACK_OF(X509) *caPubs,
+ int unprotectedErrors);
OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx);
- OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si,
- OSSL_CRMF_CERTID *cid, int unprot_err);
+ OSSL_CMP_MSG *ossl_cmp_rp_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
+ const OSSL_CRMF_CERTID *cid,
+ int unprotectedErrors);
OSSL_CMP_MSG *ossl_cmp_certConf_new(OSSL_CMP_CTX *ctx, int fail_info,
const char *text);
OSSL_CMP_MSG *ossl_cmp_pkiconf_new(OSSL_CMP_CTX *ctx);
OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid, int poll_after);
OSSL_CMP_MSG *ossl_cmp_genm_new(OSSL_CMP_CTX *ctx);
OSSL_CMP_MSG *ossl_cmp_genp_new(OSSL_CMP_CTX *ctx);
- OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si,
- int errorCode,
- OSSL_CMP_PKIFREETEXT *errorDetails,
+ OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, const OSSL_CMP_PKISI *si,
+ int errorCode, const char *details,
int unprotected);
=head1 DESCRIPTION
-This is the API for creating various CMP PKIMESSAGES. The
-functions allocate a new message, fill it with the relevant data derived from
-the given OSSL_CMP_CTX, and create the applicable protection.
+This is the internal API for creating various CMP PKIMESSAGES.
+All functions are based on L<ossl_cmp_msg_create(3)>.
+The allocate a new message, fill it with the relevant data derived from
+the given B<OSSL_CMP_CTX>, and create the applicable protection.
ossl_cmp_certreq_new() creates a PKIMessage for requesting a certificate,
-which can be either of IR/CR/KUR/P10CR, depending on the given B<bodytype>.
-The CRMF message to use may be given via the B<crm> argument;
-else (if B<crm> is NULL) it is created from the information in the B<ctx>.
+which can be either of IR/CR/KUR/P10CR, depending on the given I<bodytype>.
+The CRMF message to use may be given explicitly via a non-NULL I<crm> argument,
+otherwise it is created from the information in the I<ctx>.
-Available CMP certificate request PKIMessage B<bodytype>s are:
+Available CMP certificate request PKIMessage I<bodytype>s are:
=over 4
=back
-ossl_cmp_certrep_new() creates a PKIMessage for certificate response, which can
-be either of IP/CP/KUP, depending on the given B<bodytype>.
+ossl_cmp_certrep_new() creates a PKIMessage for certificate response,
+which can be either of IP/CP/KUP, depending on the given I<bodytype>,
+with the given I<certReqId> and I<si> values and optionally with I<cert>,
+I<chain>, and I<caPubs>. The I<cert>, I<chain>, and I<caPubs> arguments
+are not consumed if present but their internal reference counter is increased.
+The I<encryption_recip> is currently unsupported.
+The function does not protect the message if the B<status> value in I<si>
+is B<rejected> and I<unprotectedErrors> is nonzero.
-Available CMP certificate response PKIMessage B<bodytype>s are:
+Available CMP certificate response PKIMessage I<bodytype>s are:
=over 4
=back
-The list of all CMP PKIMessage B<bodytype>s is:
+The list of all CMP PKIMessage I<bodytype>s is:
#define OSSL_CMP_PKIBODY_IR 0
#define OSSL_CMP_PKIBODY_IP 1
ossl_cmp_rr_new() creates a Revocation Request message from the
information set via OSSL_CMP_CTX_set1_oldClCert().
-ossl_cmp_rp_new() creates a Revocation Response message with status set to
-B<si> and CertID set to B<cid>. Consumes B<cid>.
-Accepts unprotected errors if B<uprot_err> != 0.
+ossl_cmp_rp_new() creates a Revocation Response message with I<si> and I<cid>.
+It does not protect the message if the B<status> value in I<si> is B<rejected>
+and I<unprotectedErrors> is nonzero.
ossl_cmp_certConf_new() creates a Certificate Confirmation message for the last
-received certificate. PKIStatus defaults to B<accepted> if the B<fail_info> bit
+received certificate. PKIStatus defaults to B<accepted> if the I<fail_info> bit
field is 0. Else it is taken as the failInfo of the PKIStatusInfo, PKIStatus is
-set to B<rejected>, and B<text> is copied to statusString unless it is NULL.
+set to B<rejected>, and I<text> is copied to statusString unless it is NULL.
ossl_cmp_pkiconf_new() creates a PKI Confirmation message.
ossl_cmp_pollReq_new() creates a Polling Request message with certReqId set to
-B<crid>.
+I<crid>.
ossl_cmp_pollRep_new() creates a Polling Response message with certReqId set to
-
B<crid> and pollAfter to B<poll_after>.
+
I<crid> and pollAfter to I<poll_after>.
ossl_cmp_genm_new() creates a new General Message with an empty ITAV stack.
ossl_cmp_genp_new() creates a new General Response with an empty ITAV stack.
-ossl_cmp_error_new() creates a new Error Message with the given contents,
-copying B<si> and B<errorDetails>.
+ossl_cmp_error_new() creates a new Error Message with the given contents
+with the given I<si>, I<errorCode> (if nonnegative), and optional I<details>.
+It does not protect the message if I<unprotectedErrors> is nonzero.
=head1 NOTES
=head1 SEE ALSO
+L<ossl_cmp_msg_create(3)>,
L<OSSL_CMP_CTX_new(3)>, L<ERR_load_strings(3)>
=head1 HISTORY
ossl_cmp_hdr_generalinfo_items_push1,
ossl_cmp_hdr_set_implicitConfirm,
ossl_cmp_hdr_has_implicitConfirm,
+ossl_cmp_hdr_set_transactionID,
ossl_cmp_hdr_init
-- functions manipulating CMP message headers
+- functions handling CMP message headers
=head1 SYNOPSIS
ASN1_UTF8STRING *text);
int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr);
int ossl_cmp_hdr_has_implicitConfirm(OSSL_CMP_PKIHEADER *hdr);
+ int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr);
int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr);
=head1 DESCRIPTION
ossl_cmp_hdr_has_implicitConfirm() returns 1 if implicitConfirm is
set int generalInfo field of the given PKIMessage header, 0 if not.
+ossl_cmp_hdr_set_transactionID() sets the B<transactionID> field in C<hdr>.
+In case ctx->transactionID is NULL, it starts a new transaction
+by creating and storing a new random valuee with 128 bits length.
+
ossl_cmp_hdr_init() initializes a PKIHeader structure based on the
values in the given OSSL_CMP_CTX structure.
This starts a new transaction in case ctx->transactionID is NULL.
See the individual functions above.
+=head1 SEE ALSO
+
+L<ossl_cmp_msg_create(3)>
+
=head1 HISTORY
The OpenSSL CMP support was added in OpenSSL 3.0.
=head1 NAME
+OSSL_CMP_PKIBODY_IR,
+OSSL_CMP_PKIBODY_IP,
+OSSL_CMP_PKIBODY_CR,
+OSSL_CMP_PKIBODY_CP,
+OSSL_CMP_PKIBODY_P10CR,
+OSSL_CMP_PKIBODY_POPDECC,
+OSSL_CMP_PKIBODY_POPDECR,
+OSSL_CMP_PKIBODY_KUR,
+OSSL_CMP_PKIBODY_KUP,
+OSSL_CMP_PKIBODY_KRR,
+OSSL_CMP_PKIBODY_KRP,
+OSSL_CMP_PKIBODY_RR,
+OSSL_CMP_PKIBODY_RP,
+OSSL_CMP_PKIBODY_CCR,
+OSSL_CMP_PKIBODY_CCP,
+OSSL_CMP_PKIBODY_CKUANN,
+OSSL_CMP_PKIBODY_CANN,
+OSSL_CMP_PKIBODY_RANN,
+OSSL_CMP_PKIBODY_CRLANN,
+OSSL_CMP_PKIBODY_PKICONF,
+OSSL_CMP_PKIBODY_NESTED,
+OSSL_CMP_PKIBODY_GENM,
+OSSL_CMP_PKIBODY_GENP,
+OSSL_CMP_PKIBODY_ERROR,
+OSSL_CMP_PKIBODY_CERTCONF,
+OSSL_CMP_PKIBODY_POLLREQ,
+OSSL_CMP_PKIBODY_POLLREP,
ossl_cmp_bodytype_to_string,
ossl_cmp_msg_get_bodytype,
ossl_cmp_msg_set_bodytype,
ossl_cmp_msg_create,
ossl_cmp_msg_gen_ITAV_push0,
ossl_cmp_msg_gen_ITAVs_push1
-- functions manipulating CMP messages
+- functions handling CMP messages
=head1 SYNOPSIS
- #include "cmp_local.h"
+ #include "cmp_local.h"
+
+ #define OSSL_CMP_PKIBODY_IR 0
+ #define OSSL_CMP_PKIBODY_IP 1
+ #define OSSL_CMP_PKIBODY_CR 2
+ #define OSSL_CMP_PKIBODY_CP 3
+ #define OSSL_CMP_PKIBODY_P10CR 4
+ #define OSSL_CMP_PKIBODY_POPDECC 5
+ #define OSSL_CMP_PKIBODY_POPDECR 6
+ #define OSSL_CMP_PKIBODY_KUR 7
+ #define OSSL_CMP_PKIBODY_KUP 8
+ #define OSSL_CMP_PKIBODY_KRR 9
+ #define OSSL_CMP_PKIBODY_KRP 10
+ #define OSSL_CMP_PKIBODY_RR 11
+ #define OSSL_CMP_PKIBODY_RP 12
+ #define OSSL_CMP_PKIBODY_CCR 13
+ #define OSSL_CMP_PKIBODY_CCP 14
+ #define OSSL_CMP_PKIBODY_CKUANN 15
+ #define OSSL_CMP_PKIBODY_CANN 16
+ #define OSSL_CMP_PKIBODY_RANN 17
+ #define OSSL_CMP_PKIBODY_CRLANN 18
+ #define OSSL_CMP_PKIBODY_PKICONF 19
+ #define OSSL_CMP_PKIBODY_NESTED 20
+ #define OSSL_CMP_PKIBODY_GENM 21
+ #define OSSL_CMP_PKIBODY_GENP 22
+ #define OSSL_CMP_PKIBODY_ERROR 23
+ #define OSSL_CMP_PKIBODY_CERTCONF 24
+ #define OSSL_CMP_PKIBODY_POLLREQ 25
+ #define OSSL_CMP_PKIBODY_POLLREP 26
const char *ossl_cmp_bodytype_to_string(int type);
int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg);
the PKIMessage body field.
Returns 1 on success, 0 on error.
-ossl_cmp_msg_create() creates and initializes a OSSL_CMP_MSG structure,
-using B<ctx> for the header and B<bodytype> for the body.
-Returns pointer to created OSSL_CMP_MSG on success, NULL on error.
+ossl_cmp_msg_create() creates and initializes an B<OSSL_CMP_MSG> structure,
+using fields of B<ctx> for the header and B<bodytype> for the body.
+If the current B<transactionID> field in I<ctx> indicates that there is no
+current transaction, it creates and stores a random one with 128 bits length.
+Thus, the I<ctx> may be modified by this and related ossl_cmp_*_new() functions.
+Returns pointer to created B<OSSL_CMP_MSG> on success, NULL on error.
ossl_cmp_msg_gen_ITAV_push0() pushes the B<itav> to the body of the
PKIMessage B<msg> of GenMsg or GenRep type. Consumes the B<itavs> pointer.
=head1 SEE ALSO
+L<ossl_cmp_hdr_init(3)>,
L<OSSL_CMP_CTX_new(3)>, L<OSSL_CMP_exec_certreq(3)>
=head1 HISTORY
projects / thirdparty / openssl.git / commitdiff
