Make CMP server use same protection for response as for request

Also adds ossl_cmp_hdr_get_protection_nid() simplifying cmp_vfy.c

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11998)

1 files changed, 8 insertions, 1 deletions

diff --git a/doc/internal/man3/ossl_cmp_hdr_init.pod b/doc/internal/man3/ossl_cmp_hdr_init.pod
index cf7f596551..0c6405054f 100644
--- a/doc/internal/man3/ossl_cmp_hdr_init.pod
+++ b/doc/internal/man3/ossl_cmp_hdr_init.pod
@@ -4,6 +4,7 @@
 
 ossl_cmp_hdr_set_pvno,
 ossl_cmp_hdr_get_pvno,
+ossl_cmp_hdr_get_protection_nid,
 ossl_cmp_hdr_get0_sendernonce,
 ossl_cmp_general_name_is_NULL_DN,
 ossl_cmp_hdr_set1_sender,
@@ -25,6 +26,7 @@ ossl_cmp_hdr_init
 
   int ossl_cmp_hdr_set_pvno(OSSL_CMP_PKIHEADER *hdr, int pvno);
   int ossl_cmp_hdr_get_pvno(const OSSL_CMP_PKIHEADER *hdr);
+  int ossl_cmp_hdr_get_protection_nid(const OSSL_CMP_PKIHEADER *hdr);
   ASN1_OCTET_STRING
      *ossl_cmp_hdr_get0_sendernonce(const OSSL_CMP_PKIHEADER *hdr);
   int ossl_cmp_general_name_is_NULL_DN(GENERAL_NAME *name);
@@ -52,6 +54,9 @@ ossl_cmp_hdr_set_pvno() sets hdr->pvno to the given B<pvno>.
 
 ossl_cmp_hdr_get_pvno() returns the pvno of the given B<hdr> or -1 on error.
 
+ossl_cmp_hdr_get_protection_nid returns the NID of the protection algorithm
+in B<hdr> or NID_undef on error.
+
 ossl_cmp_hdr_get0_sendernonce() returns the sender nonce of the given PKIHeader.
 
 ossl_cmp_general_name_is_NULL_DN() determines if the given GENERAL_NAME
@@ -110,7 +115,9 @@ CMP is defined in RFC 4210 (and CRMF in RFC 4211).
 
 ossl_cmp_hdr_get_pvno() returns the pvno of the given B<hdr> or -1 on error.
 
-ossl_cmp_hdr_get0_sendernonce() returns the respective nonce.
+ossl_cmp_hdr_get_protection_nid returns the respective NID, NID_undef on error.
+
+ossl_cmp_hdr_get0_sendernonce() returns the respective nonce, or NULL.
 
 ossl_cmp_general_name_is_NULL_DN() returns 1 given a NULL-DN, else 0.