1=pod
2
3=head1 NAME
4
5ossl_cmp_calc_protection,
6ossl_cmp_msg_protect,
7ossl_cmp_msg_add_extraCerts
8- functions for producing CMP message protection
9
10=head1 SYNOPSIS
11
12 #include "cmp_local.h"
13
14 ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
15                                           const OSSL_CMP_MSG *msg);
16 int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
17 int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
18
19=head1 DESCRIPTION
20
21ossl_cmp_calc_protection() calculates the protection for the given I<msg>
22according to the algorithm and parameters in the message header's protectionAlg
23using the credentials, library context, and property criteria in the I<ctx>.
24
25ossl_cmp_msg_protect() (re-)protects the given message I<msg> using an algorithm
26depending on the available context information given in the I<ctx>.
27If there is a secretValue it selects PBMAC, else if there is a protection cert
28it selects Signature and uses L<ossl_cmp_msg_add_extraCerts(3)>.
29It also sets the protectionAlg field in the message header accordingly.
30
31ossl_cmp_msg_add_extraCerts() adds elements to the extraCerts field in I<msg>.
32If signature-based message protection is used it adds first the CMP signer cert
33ctx->cert and then its chain ctx->chain. If this chain is not present in I<ctx>
34tries to build it using ctx->untrusted and caches the result in ctx->chain.
35In any case all the certificates explicitly specified to be sent out (i.e.,
36I<ctx->extraCertsOut>) are added. Note that it will NOT add the root certificate
37of the chain, i.e, the trust anchor (unless it is part of extraCertsOut).
38
39=head1 NOTES
40
41CMP is defined in RFC 4210 (and CRMF in RFC 4211).
42
43=head1 RETURN VALUES
44
45ossl_cmp_calc_protection() returns the protection on success, else NULL.
46
47All other functions return 1 on success, 0 on error.
48
49=head1 HISTORY
50
51The OpenSSL CMP support was added in OpenSSL 3.0.
52
53=head1 COPYRIGHT
54
55Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
56
57Licensed under the Apache License 2.0 (the "License").  You may not use
58this file except in compliance with the License.  You can obtain a copy
59in the file LICENSE in the source distribution or at
60L<https://www.openssl.org/source/license.html>.
61
62=cut
63