aboutsummaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3')
-rw-r--r--secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.338
1 files changed, 19 insertions, 19 deletions
diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3
index 262a8e2cfe60..bac566df4b2b 100644
--- a/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3
+++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -132,8 +132,8 @@
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
-.IX Title "OSSL_CMP_CTX_NEW 3"
-.TH OSSL_CMP_CTX_NEW 3 "2023-08-01" "3.0.10" "OpenSSL"
+.IX Title "OSSL_CMP_CTX_NEW 3ossl"
+.TH OSSL_CMP_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -319,7 +319,7 @@ clearing the internal \s-1CMP\s0 transaction (aka session) status, PKIStatusInfo
and any previous results (newCert, newChain, caPubs, and extraCertsIn)
from the last executed transaction.
It also clears any ITAVs that were added by \fBOSSL_CMP_CTX_push0_genm_ITAV()\fR.
-All other field values (i.e., \s-1CMP\s0 options) are retained for potential re-use.
+All other field values (i.e., \s-1CMP\s0 options) are retained for potential reuse.
.PP
\&\fBOSSL_CMP_CTX_set_option()\fR sets the given value for the given option
(e.g., \s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0) in the given \s-1OSSL_CMP_CTX\s0 structure.
@@ -402,11 +402,11 @@ The following options can be set:
\& for signature\-based message protection and Proof\-of\-Possession (POPO).
\& Default is SHA256.
.Ve
-.IP "\fB\s-1OSSL_CMP_OPT_OWF_ALGNID\s0\fR The \s-1NID\s0 of the digest algorithm to be used as one-way function (\s-1OWF\s0) in \s-1RFC 4210\s0's \s-1MSG_MAC_ALG\s0 for PBM-based message protection. Default is \s-1SHA256.\s0" 4
-.IX Item "OSSL_CMP_OPT_OWF_ALGNID The NID of the digest algorithm to be used as one-way function (OWF) in RFC 4210's MSG_MAC_ALG for PBM-based message protection. Default is SHA256."
+.IP "\fB\s-1OSSL_CMP_OPT_OWF_ALGNID\s0\fR The \s-1NID\s0 of the digest algorithm to be used as one-way function (\s-1OWF\s0) for MAC-based message protection with password-based \s-1MAC\s0 (\s-1PBM\s0). See \s-1RFC 4210\s0 section 5.1.3.1 for details. Default is \s-1SHA256.\s0" 4
+.IX Item "OSSL_CMP_OPT_OWF_ALGNID The NID of the digest algorithm to be used as one-way function (OWF) for MAC-based message protection with password-based MAC (PBM). See RFC 4210 section 5.1.3.1 for details. Default is SHA256."
.PD 0
-.IP "\fB\s-1OSSL_CMP_OPT_MAC_ALGNID\s0\fR The \s-1NID\s0 of the \s-1MAC\s0 algorithm to be used in \s-1RFC 4210\s0's \s-1MSG_MAC_ALG\s0 for PBM-based message protection. Default is \s-1HMAC\-SHA1\s0 as per \s-1RFC 4210.\s0" 4
-.IX Item "OSSL_CMP_OPT_MAC_ALGNID The NID of the MAC algorithm to be used in RFC 4210's MSG_MAC_ALG for PBM-based message protection. Default is HMAC-SHA1 as per RFC 4210."
+.IP "\fB\s-1OSSL_CMP_OPT_MAC_ALGNID\s0\fR The \s-1NID\s0 of the \s-1MAC\s0 algorithm to be used for message protection with \s-1PBM.\s0 Default is \s-1HMAC\-SHA1\s0 as per \s-1RFC 4210.\s0" 4
+.IX Item "OSSL_CMP_OPT_MAC_ALGNID The NID of the MAC algorithm to be used for message protection with PBM. Default is HMAC-SHA1 as per RFC 4210."
.IP "\fB\s-1OSSL_CMP_OPT_REVOCATION_REASON\s0\fR" 4
.IX Item "OSSL_CMP_OPT_REVOCATION_REASON"
.PD
@@ -600,8 +600,8 @@ The reference counts of those certificates handled successfully are increased.
OSSL_CMP_CTX_get0_untrusted(\s-1OSSL_CMP_CTX\s0 *ctx) returns a pointer to the
list of untrusted certs, which may be empty if unset.
.PP
-\&\fBOSSL_CMP_CTX_set1_cert()\fR sets the \s-1CMP\s0 signer certificate
-related to the private key used for \s-1CMP\s0 message protection.
+\&\fBOSSL_CMP_CTX_set1_cert()\fR sets the \s-1CMP\s0 signer certificate, also called protection
+certificate, related to the private key for signature-based message protection.
Therefore the public key of this \fIcert\fR must correspond to
the private key set before or thereafter via \fBOSSL_CMP_CTX_set1_pkey()\fR.
When using signature-based protection of \s-1CMP\s0 request messages
@@ -631,15 +631,15 @@ with the \fIcandidates\fR and \fIown_trusted\fR arguments being \s-1NULL.\s0
\&\s-1CMP\s0 signer certificate set via \fBOSSL_CMP_CTX_set1_cert()\fR.
This key is used create signature-based protection (protectionAlg = \s-1MSG_SIG_ALG\s0)
of outgoing messages
-unless a \s-1PBM\s0 secret has been set via \fBOSSL_CMP_CTX_set1_secretValue()\fR.
+unless a symmetric secret has been set via \fBOSSL_CMP_CTX_set1_secretValue()\fR.
The \fIpkey\fR argument may be \s-1NULL\s0 to clear the entry.
.PP
-\&\fBOSSL_CMP_CTX_set1_secretValue()\fR sets the byte string \fIsec\fR with length \fIlen\fR
-as \s-1PBM\s0 secret in the given \fIctx\fR or clears it if the \fIsec\fR argument is \s-1NULL.\s0
-If present, this secret is used to create PBM-based protection of outgoing
-messages and to verify any PBM-based protection of incoming messages
-(protectionAlg = \s-1MSG_MAC_ALG\s0). \s-1PBM\s0 stands for Password-Based \s-1MAC.\s0
-PBM-based protection takes precedence over signature-based protection.
+\&\fBOSSL_CMP_CTX_set1_secretValue()\fR sets in \fIctx\fR the byte string \fIsec\fR of length
+\&\fIlen\fR to use as pre-shared secret, or clears it if the \fIsec\fR argument is \s-1NULL.\s0
+If present, this secret is used to create MAC-based authentication and integrity
+protection (rather than applying signature-based protection)
+of outgoing messages and to verify authenticity and integrity of incoming
+messages that have MAC-based protection (protectionAlg = \f(CW\*(C`MSG_MAC_ALG\*(C'\fR).
.PP
\&\fBOSSL_CMP_CTX_set1_referenceValue()\fR sets the given referenceValue \fIref\fR with
length \fIlen\fR in the given \fIctx\fR or clears it if the \fIref\fR argument is \s-1NULL.\s0
@@ -650,7 +650,7 @@ then the sender field will contain the NULL-DN
and the senderKID field of the \s-1CMP\s0 message header must be set.
When signature-based protection is used the senderKID will be set to
the subjectKeyIdentifier of the \s-1CMP\s0 signer certificate as far as present.
-If not present or when PBM-based protection is used
+If not present or when MAC-based protection is used
the \fIref\fR value is taken as the fallback value for the senderKID.
.PP
\&\fBOSSL_CMP_CTX_set1_recipient()\fR sets the recipient name that will be used in the
@@ -875,7 +875,7 @@ Set up a \s-1CMP\s0 client context for sending requests and verifying responses:
\& OSSL_CMP_CTX_set0_trustedStore(cmp_ctx, ts);
.Ve
.PP
-Set up client credentials for password-based protection (\s-1PBM\s0):
+Set up symmetric credentials for MAC-based message protection such as \s-1PBM:\s0
.PP
.Vb 2
\& OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len);
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 18:10:41 +0000