diff options
Diffstat (limited to 'secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3')
-rw-r--r-- | secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3 | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3 b/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3 index 262a8e2cfe60..bac566df4b2b 100644 --- a/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3 +++ b/secure/lib/libcrypto/man/man3/OSSL_CMP_CTX_new.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -132,8 +132,8 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "OSSL_CMP_CTX_NEW 3" -.TH OSSL_CMP_CTX_NEW 3 "2023-08-01" "3.0.10" "OpenSSL" +.IX Title "OSSL_CMP_CTX_NEW 3ossl" +.TH OSSL_CMP_CTX_NEW 3ossl "2023-09-19" "3.0.11" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -319,7 +319,7 @@ clearing the internal \s-1CMP\s0 transaction (aka session) status, PKIStatusInfo and any previous results (newCert, newChain, caPubs, and extraCertsIn) from the last executed transaction. It also clears any ITAVs that were added by \fBOSSL_CMP_CTX_push0_genm_ITAV()\fR. -All other field values (i.e., \s-1CMP\s0 options) are retained for potential re-use. +All other field values (i.e., \s-1CMP\s0 options) are retained for potential reuse. .PP \&\fBOSSL_CMP_CTX_set_option()\fR sets the given value for the given option (e.g., \s-1OSSL_CMP_OPT_IMPLICIT_CONFIRM\s0) in the given \s-1OSSL_CMP_CTX\s0 structure. @@ -402,11 +402,11 @@ The following options can be set: \& for signature\-based message protection and Proof\-of\-Possession (POPO). \& Default is SHA256. .Ve -.IP "\fB\s-1OSSL_CMP_OPT_OWF_ALGNID\s0\fR The \s-1NID\s0 of the digest algorithm to be used as one-way function (\s-1OWF\s0) in \s-1RFC 4210\s0's \s-1MSG_MAC_ALG\s0 for PBM-based message protection. Default is \s-1SHA256.\s0" 4 -.IX Item "OSSL_CMP_OPT_OWF_ALGNID The NID of the digest algorithm to be used as one-way function (OWF) in RFC 4210's MSG_MAC_ALG for PBM-based message protection. Default is SHA256." +.IP "\fB\s-1OSSL_CMP_OPT_OWF_ALGNID\s0\fR The \s-1NID\s0 of the digest algorithm to be used as one-way function (\s-1OWF\s0) for MAC-based message protection with password-based \s-1MAC\s0 (\s-1PBM\s0). See \s-1RFC 4210\s0 section 5.1.3.1 for details. Default is \s-1SHA256.\s0" 4 +.IX Item "OSSL_CMP_OPT_OWF_ALGNID The NID of the digest algorithm to be used as one-way function (OWF) for MAC-based message protection with password-based MAC (PBM). See RFC 4210 section 5.1.3.1 for details. Default is SHA256." .PD 0 -.IP "\fB\s-1OSSL_CMP_OPT_MAC_ALGNID\s0\fR The \s-1NID\s0 of the \s-1MAC\s0 algorithm to be used in \s-1RFC 4210\s0's \s-1MSG_MAC_ALG\s0 for PBM-based message protection. Default is \s-1HMAC\-SHA1\s0 as per \s-1RFC 4210.\s0" 4 -.IX Item "OSSL_CMP_OPT_MAC_ALGNID The NID of the MAC algorithm to be used in RFC 4210's MSG_MAC_ALG for PBM-based message protection. Default is HMAC-SHA1 as per RFC 4210." +.IP "\fB\s-1OSSL_CMP_OPT_MAC_ALGNID\s0\fR The \s-1NID\s0 of the \s-1MAC\s0 algorithm to be used for message protection with \s-1PBM.\s0 Default is \s-1HMAC\-SHA1\s0 as per \s-1RFC 4210.\s0" 4 +.IX Item "OSSL_CMP_OPT_MAC_ALGNID The NID of the MAC algorithm to be used for message protection with PBM. Default is HMAC-SHA1 as per RFC 4210." .IP "\fB\s-1OSSL_CMP_OPT_REVOCATION_REASON\s0\fR" 4 .IX Item "OSSL_CMP_OPT_REVOCATION_REASON" .PD @@ -600,8 +600,8 @@ The reference counts of those certificates handled successfully are increased. OSSL_CMP_CTX_get0_untrusted(\s-1OSSL_CMP_CTX\s0 *ctx) returns a pointer to the list of untrusted certs, which may be empty if unset. .PP -\&\fBOSSL_CMP_CTX_set1_cert()\fR sets the \s-1CMP\s0 signer certificate -related to the private key used for \s-1CMP\s0 message protection. +\&\fBOSSL_CMP_CTX_set1_cert()\fR sets the \s-1CMP\s0 signer certificate, also called protection +certificate, related to the private key for signature-based message protection. Therefore the public key of this \fIcert\fR must correspond to the private key set before or thereafter via \fBOSSL_CMP_CTX_set1_pkey()\fR. When using signature-based protection of \s-1CMP\s0 request messages @@ -631,15 +631,15 @@ with the \fIcandidates\fR and \fIown_trusted\fR arguments being \s-1NULL.\s0 \&\s-1CMP\s0 signer certificate set via \fBOSSL_CMP_CTX_set1_cert()\fR. This key is used create signature-based protection (protectionAlg = \s-1MSG_SIG_ALG\s0) of outgoing messages -unless a \s-1PBM\s0 secret has been set via \fBOSSL_CMP_CTX_set1_secretValue()\fR. +unless a symmetric secret has been set via \fBOSSL_CMP_CTX_set1_secretValue()\fR. The \fIpkey\fR argument may be \s-1NULL\s0 to clear the entry. .PP -\&\fBOSSL_CMP_CTX_set1_secretValue()\fR sets the byte string \fIsec\fR with length \fIlen\fR -as \s-1PBM\s0 secret in the given \fIctx\fR or clears it if the \fIsec\fR argument is \s-1NULL.\s0 -If present, this secret is used to create PBM-based protection of outgoing -messages and to verify any PBM-based protection of incoming messages -(protectionAlg = \s-1MSG_MAC_ALG\s0). \s-1PBM\s0 stands for Password-Based \s-1MAC.\s0 -PBM-based protection takes precedence over signature-based protection. +\&\fBOSSL_CMP_CTX_set1_secretValue()\fR sets in \fIctx\fR the byte string \fIsec\fR of length +\&\fIlen\fR to use as pre-shared secret, or clears it if the \fIsec\fR argument is \s-1NULL.\s0 +If present, this secret is used to create MAC-based authentication and integrity +protection (rather than applying signature-based protection) +of outgoing messages and to verify authenticity and integrity of incoming +messages that have MAC-based protection (protectionAlg = \f(CW\*(C`MSG_MAC_ALG\*(C'\fR). .PP \&\fBOSSL_CMP_CTX_set1_referenceValue()\fR sets the given referenceValue \fIref\fR with length \fIlen\fR in the given \fIctx\fR or clears it if the \fIref\fR argument is \s-1NULL.\s0 @@ -650,7 +650,7 @@ then the sender field will contain the NULL-DN and the senderKID field of the \s-1CMP\s0 message header must be set. When signature-based protection is used the senderKID will be set to the subjectKeyIdentifier of the \s-1CMP\s0 signer certificate as far as present. -If not present or when PBM-based protection is used +If not present or when MAC-based protection is used the \fIref\fR value is taken as the fallback value for the senderKID. .PP \&\fBOSSL_CMP_CTX_set1_recipient()\fR sets the recipient name that will be used in the @@ -875,7 +875,7 @@ Set up a \s-1CMP\s0 client context for sending requests and verifying responses: \& OSSL_CMP_CTX_set0_trustedStore(cmp_ctx, ts); .Ve .PP -Set up client credentials for password-based protection (\s-1PBM\s0): +Set up symmetric credentials for MAC-based message protection such as \s-1PBM:\s0 .PP .Vb 2 \& OSSL_CMP_CTX_set1_referenceValue(cmp_ctx, ref, ref_len); |