1=pod 2 3=head1 NAME 4 5ossl_cmp_hdr_set_pvno, 6ossl_cmp_hdr_get_pvno, 7ossl_cmp_hdr_get_protection_nid, 8ossl_cmp_hdr_get0_sendernonce, 9ossl_cmp_general_name_is_NULL_DN, 10ossl_cmp_hdr_set1_sender, 11ossl_cmp_hdr_set1_recipient, 12ossl_cmp_hdr_update_messagetime, 13ossl_cmp_hdr_set1_senderKID, 14ossl_cmp_hdr_push0_freeText, 15ossl_cmp_hdr_push1_freeText, 16ossl_cmp_hdr_generalinfo_item_push0, 17ossl_cmp_hdr_generalinfo_items_push1, 18ossl_cmp_hdr_set_implicitConfirm, 19ossl_cmp_hdr_has_implicitConfirm, 20ossl_cmp_hdr_set_transactionID, 21ossl_cmp_hdr_init 22- functions handling CMP message headers 23 24=head1 SYNOPSIS 25 26 #include "cmp_local.h" 27 28 int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno); 29 int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr); 30 int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr); 31 ASN1_OCTET_STRING 32 *ossl_cmp_hdr_get0_sendernonce(const OSSL_CMP_PKIHEADER *hdr); 33 int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name); 34 35 int ossl_cmp_hdr_set1_sender(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm); 36 int ossl_cmp_hdr_set1_recipient(OSSL_CMP_PKIHEADER *hdr, const X509_NAME *nm); 37 int ossl_cmp_hdr_update_messagetime(OSSL_CMP_PKIHEADER *hdr); 38 int ossl_cmp_hdr_set1_senderKID(OSSL_CMP_PKIHEADER *hdr, 39 const ASN1_OCTET_STRING *senderKID); 40 int ossl_cmp_hdr_generalinfo_item_push0(OSSL_CMP_PKIHEADER *hdr, 41 OSSL_CMP_ITAV *itav); 42 int ossl_cmp_hdr_generalinfo_items_push1(OSSL_CMP_PKIHEADER *hdr, 43 STACK_OF(OSSL_CMP_ITAV) *itavs); 44 int ossl_cmp_hdr_push0_freeText(OSSL_CMP_PKIHEADER *hdr, 45 ASN1_UTF8STRING *text); 46 int ossl_cmp_hdr_push1_freeText(OSSL_CMP_PKIHEADER *hdr, 47 ASN1_UTF8STRING *text); 48 int ossl_cmp_hdr_set_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); 49 int ossl_cmp_hdr_has_implicitConfirm(OSSL_CMP_PKIHEADER *hdr); 50 int ossl_cmp_hdr_set_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); 51 int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); 52 53=head1 DESCRIPTION 54 55ossl_cmp_hdr_set_pvno() sets hdr->pvno to the given B<pvno>. 56 57ossl_cmp_hdr_get_pvno() returns the pvno of the given B<hdr> or -1 on error. 58 59ossl_cmp_hdr_get_protection_nid returns the NID of the protection algorithm 60in B<hdr> or NID_undef on error. 61 62ossl_cmp_hdr_get0_sendernonce() returns the sender nonce of the given PKIHeader. 63 64ossl_cmp_general_name_is_NULL_DN() determines if the given GENERAL_NAME 65is the NULL-DN. 66 67ossl_cmp_hdr_set1_sender() sets the sender field in the given PKIHeader 68to the given X509 Name value, without consuming the pointer. 69 70ossl_cmp_hdr_set1_recipient() sets the recipient field in the given 71PKIHeader to the given X509 Name value, without consuming the pointer. 72If B<nm> is NULL, recipient is set to the NULL DN (the empty list of strings). 73 74ossl_cmp_hdr_update_messagetime() (re-)sets the messageTime to the current 75system time. As written in RFC 4210, section 5.1.1: 76The messageTime field contains the time at which the sender created the message. 77This may be useful to allow end entities to correct/check their local time for 78consistency with the time on a central system. 79 80ossl_cmp_hdr_set1_senderKID() Sets hdr->senderKID to the given string. 81In an PBMAC-protected IR this usually is a reference number issued by the CA, 82else the subject key ID of the sender's protecting certificate. 83 84ossl_cmp_hdr_push0_freeText() pushes an ASN1_UTF8STRING to 85hdr->freeText and consumes the given pointer. 86 87ossl_cmp_hdr_push1_freeText() pushes an ASN1_UTF8STRING to 88hdr->freeText and does not consume the pointer. 89 90ossl_cmp_hdr_generalinfo_item_push0() adds the given InfoTypeAndValue 91item to the hdr->generalInfo stack. Consumes the B<itav> pointer. 92 93ossl_cmp_hdr_generalinfo_items_push1() adds a copy of the B<itavs> stack to 94the generalInfo field of PKIheader of the B<hdr>. Does not consume the B<itavs> 95pointer. 96 97ossl_cmp_hdr_set_implicitConfirm() sets implicitConfirm in the generalInfo field 98of the PKIMessage header. 99 100ossl_cmp_hdr_has_implicitConfirm() returns 1 if implicitConfirm is 101set int generalInfo field of the given PKIMessage header, 0 if not. 102 103ossl_cmp_hdr_set_transactionID() sets the B<transactionID> field in C<hdr>. 104In case ctx->transactionID is NULL, it starts a new transaction 105by creating and storing a new random valuee with 128 bits length. 106 107ossl_cmp_hdr_init() initializes a PKIHeader structure based on the 108values in the given OSSL_CMP_CTX structure. 109This starts a new transaction in case ctx->transactionID is NULL. 110The sender name is copied from the subject of the client cert, if any, 111or else from the subject name provided for certification requests. 112As required by RFC 4210 section 5.1.1., if the sender name is not known 113to the client it set to the NULL-DN. In this case for identification at least 114the senderKID must be set, which we take from any referenceValue provided. 115 116=head1 NOTES 117 118CMP is defined in RFC 4210 (and CRMF in RFC 4211). 119 120=head1 RETURN VALUES 121 122ossl_cmp_hdr_get_pvno() returns the pvno of the given B<hdr> or -1 on error. 123 124ossl_cmp_hdr_get_protection_nid returns the respective NID, NID_undef on error. 125 126ossl_cmp_hdr_get0_sendernonce() returns the respective nonce, or NULL. 127 128ossl_cmp_general_name_is_NULL_DN() returns 1 given a NULL-DN, else 0. 129 130All other functions return 1 on success, 0 on error. 131 132See the individual functions above. 133 134=head1 SEE ALSO 135 136L<ossl_cmp_msg_create(3)> 137 138=head1 HISTORY 139 140The OpenSSL CMP support was added in OpenSSL 3.0. 141 142=head1 COPYRIGHT 143 144Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. 145 146Licensed under the Apache License 2.0 (the "License"). You may not use 147this file except in compliance with the License. You can obtain a copy 148in the file LICENSE in the source distribution or at 149L<https://www.openssl.org/source/license.html>. 150 151=cut 152