CMP lib and app: add optional certProfile request message header and respective -profile option

Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)

1 files changed, 30 insertions, 5 deletions

diff --git a/doc/man3/OSSL_CMP_ITAV_set0.pod b/doc/man3/OSSL_CMP_ITAV_set0.pod
index 5dd9bcb266..13d7868a6d 100644
--- a/doc/man3/OSSL_CMP_ITAV_set0.pod
+++ b/doc/man3/OSSL_CMP_ITAV_set0.pod
@@ -6,7 +6,9 @@ OSSL_CMP_ITAV_create,
 OSSL_CMP_ITAV_set0,
 OSSL_CMP_ITAV_get0_type,
 OSSL_CMP_ITAV_get0_value,
-OSSL_CMP_ITAV_push0_stack_item
+OSSL_CMP_ITAV_push0_stack_item,
+OSSL_CMP_ITAV_new0_certProfile,
+OSSL_CMP_ITAV_get0_certProfile
 - OSSL_CMP_ITAV utility functions
 
 =head1 SYNOPSIS
@@ -20,6 +22,10 @@ OSSL_CMP_ITAV_push0_stack_item
  ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
  int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
                                     OSSL_CMP_ITAV *itav);
+ OSSL_CMP_ITAV
+ *OSSL_CMP_ITAV_new0_certProfile(STACK_OF(ASN1_UTF8STRING) *certProfile);
+ int OSSL_CMP_ITAV_get0_certProfile(const OSSL_CMP_ITAV *itav,
+                                    STACK_OF(ASN1_UTF8STRING) **out);
 
 =head1 DESCRIPTION
 
@@ -43,21 +49,37 @@ the I<itav> as generic B<ASN1_TYPE> pointer.
 OSSL_CMP_ITAV_push0_stack_item() pushes I<itav> to the stack pointed to
 by I<*itav_sk_p>. It creates a new stack if I<*itav_sk_p> points to NULL.
 
+OSSL_CMP_ITAV_new0_certProfile() creates a new B<OSSL_CMP_ITAV> structure
+of type B<certProfile> that includes the optionally given list of profile names.
+On success, ownership of the list is with the new B<OSSL_CMP_ITAV> structure.
+
+OSSL_CMP_ITAV_get0_certProfile() on success assigns to I<*out>
+an internal pointer to the
+list of certificate profile names contained in the infoValue field of I<itav>.
+The pointer may be NULL if no profile name is included.
+It is an error if the infoType of I<itav> is not B<certProfile>.
+
 =head1 NOTES
 
-CMP is defined in RFC 4210 (and CRMF in RFC 4211).
+CMP is defined in RFC 4210 and RFC 9480 (and CRMF in RFC 4211).
+
+OIDs to use as types in B<OSSL_CMP_ITAV> can be found at
+L<https://datatracker.ietf.org/doc/html/rfc9480#section-4.2.2>.
+The respective OpenSSL NIDs, such as B<NID_id_it_certProfile>,
+are defined in the F<< <openssl/obj_mac.h> >> header file.
 
 =head1 RETURN VALUES
 
-OSSL_CMP_ITAV_create() returns a pointer to the ITAV structure on success,
-or NULL on error.
+OSSL_CMP_ITAV_create() and OSSL_CMP_ITAV_new0_certProfile()
+return a pointer to an ITAV structure on success, or NULL on error.
 
 OSSL_CMP_ITAV_set0() does not return a value.
 
 OSSL_CMP_ITAV_get0_type() and OSSL_CMP_ITAV_get0_value()
 return the respective pointer or NULL if their input is NULL.
 
-OSSL_CMP_ITAV_push0_stack_item() returns 1 on success, 0 on error.
+OSSL_CMP_ITAV_push0_stack_item() and OSSL_CMP_ITAV_get0_certProfile()
+return 1 on success, 0 on error.
 
 =head1 EXAMPLES
 
@@ -96,6 +118,9 @@ L<OSSL_CMP_CTX_new(3)>, L<OSSL_CMP_CTX_free(3)>, L<ASN1_TYPE_set(3)>
 
 The OpenSSL CMP support was added in OpenSSL 3.0.
 
+OSSL_CMP_ITAV_new0_certProfile() and OSSL_CMP_ITAV_get0_certProfile()
+were added in OpenSSL 3.3.
+
 =head1 COPYRIGHT
 
 Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.