2 * {- join("\n * ", @autowarntext) -}
4 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
5 * Copyright Nokia 2007-2019
6 * Copyright Siemens AG 2015-2019
8 * Licensed under the Apache License 2.0 (the "License"). You may not use
9 * this file except in compliance with the License. You can obtain a copy
10 * in the file LICENSE in the source distribution or at
11 * https://www.openssl.org/source/license.html
15 use OpenSSL::stackhash qw(generate_stack_macros);
19 # define OPENSSL_CMP_H
21 # include <openssl/opensslconf.h>
22 # ifndef OPENSSL_NO_CMP
24 # include <openssl/crmf.h>
25 # include <openssl/cmperr.h>
26 # include <openssl/cmp_util.h>
27 # include <openssl/http.h>
29 /* explicit #includes not strictly needed since implied by the above: */
30 # include <openssl/types.h>
31 # include <openssl/safestack.h>
32 # include <openssl/x509.h>
33 # include <openssl/x509v3.h>
39 # define OSSL_CMP_PVNO_2 2
40 # define OSSL_CMP_PVNO_3 3
41 # define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
44 * PKIFailureInfo ::= BIT STRING {
45 * -- since we can fail in more than one way!
46 * -- More codes may be added in the future if/when required.
48 * -- unrecognized or unsupported Algorithm Identifier
49 * badMessageCheck (1),
50 * -- integrity check failed (e.g., signature did not verify)
52 * -- transaction not permitted or supported
54 * -- messageTime was not sufficiently close to the system time,
55 * -- as defined by local policy
57 * -- no certificate could be found matching the provided criteria
59 * -- the data submitted has the wrong format
61 * -- the authority indicated in the request is different from the
62 * -- one creating the response token
64 * -- the requester's data is incorrect (for notary services)
65 * missingTimeStamp (8),
66 * -- when the timestamp is missing but should be there
69 * -- the proof-of-possession failed
71 * -- the certificate has already been revoked
73 * -- the certificate has already been confirmed
74 * wrongIntegrity (12),
75 * -- invalid integrity, password based instead of signature or
77 * badRecipientNonce (13),
78 * -- invalid recipient nonce, either missing or wrong value
79 * timeNotAvailable (14),
80 * -- the TSA's time source is not available
81 * unacceptedPolicy (15),
82 * -- the requested TSA policy is not supported by the TSA.
83 * unacceptedExtension (16),
84 * -- the requested extension is not supported by the TSA.
85 * addInfoNotAvailable (17),
86 * -- the additional information requested could not be
87 * -- understood or is not available
88 * badSenderNonce (18),
89 * -- invalid sender nonce, either missing or wrong size
90 * badCertTemplate (19),
91 * -- invalid cert. template or missing mandatory information
92 * signerNotTrusted (20),
93 * -- signer of the message unknown or not trusted
94 * transactionIdInUse (21),
95 * -- the transaction identifier is already in use
96 * unsupportedVersion (22),
97 * -- the version of the message is not supported
99 * -- the sender was not authorized to make the preceding
100 * -- request or perform the preceding action
101 * systemUnavail (24),
102 * -- the request cannot be handled due to system unavailability
103 * systemFailure (25),
104 * -- the request cannot be handled due to system failure
105 * duplicateCertReq (26)
106 * -- certificate cannot be issued because a duplicate
107 * -- certificate already exists
110 # define OSSL_CMP_PKIFAILUREINFO_badAlg 0
111 # define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1
112 # define OSSL_CMP_PKIFAILUREINFO_badRequest 2
113 # define OSSL_CMP_PKIFAILUREINFO_badTime 3
114 # define OSSL_CMP_PKIFAILUREINFO_badCertId 4
115 # define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5
116 # define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6
117 # define OSSL_CMP_PKIFAILUREINFO_incorrectData 7
118 # define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8
119 # define OSSL_CMP_PKIFAILUREINFO_badPOP 9
120 # define OSSL_CMP_PKIFAILUREINFO_certRevoked 10
121 # define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11
122 # define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12
123 # define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13
124 # define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14
125 # define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15
126 # define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16
127 # define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17
128 # define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18
129 # define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19
130 # define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20
131 # define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21
132 # define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22
133 # define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23
134 # define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24
135 # define OSSL_CMP_PKIFAILUREINFO_systemFailure 25
136 # define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
137 # define OSSL_CMP_PKIFAILUREINFO_MAX 26
138 # define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \
139 ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1)
140 # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
141 # error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
144 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
146 # define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
147 # define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1)
148 # define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2)
149 # define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3)
150 # define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4)
151 # define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5)
152 # define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6)
153 # define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7)
154 # define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8)
155 # define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9)
156 # define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10)
157 # define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11)
158 # define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12)
159 # define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13)
160 # define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14)
161 # define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15)
162 # define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16)
163 # define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17)
164 # define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18)
165 # define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19)
166 # define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20)
167 # define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21)
168 # define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22)
169 # define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23)
170 # define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24)
171 # define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25)
172 # define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26)
175 * PKIStatus ::= INTEGER {
177 * -- you got exactly what you asked for
178 * grantedWithMods (1),
179 * -- you got something like what you asked for; the
180 * -- requester is responsible for ascertaining the differences
182 * -- you don't get it, more information elsewhere in the message
184 * -- the request body part has not yet been processed; expect to
185 * -- hear more later (note: proper handling of this status
186 * -- response MAY use the polling req/rep PKIMessages specified
187 * -- in Section 5.3.22; alternatively, polling in the underlying
188 * -- transport layer MAY have some utility in this regard)
189 * revocationWarning (4),
190 * -- this message contains a warning that a revocation is
192 * revocationNotification (5),
193 * -- notification that a revocation has occurred
194 * keyUpdateWarning (6)
195 * -- update already done for the oldCertId specified in
199 # define OSSL_CMP_PKISTATUS_request -3
200 # define OSSL_CMP_PKISTATUS_trans -2
201 # define OSSL_CMP_PKISTATUS_unspecified -1
202 # define OSSL_CMP_PKISTATUS_accepted 0
203 # define OSSL_CMP_PKISTATUS_grantedWithMods 1
204 # define OSSL_CMP_PKISTATUS_rejection 2
205 # define OSSL_CMP_PKISTATUS_waiting 3
206 # define OSSL_CMP_PKISTATUS_revocationWarning 4
207 # define OSSL_CMP_PKISTATUS_revocationNotification 5
208 # define OSSL_CMP_PKISTATUS_keyUpdateWarning 6
210 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
211 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
213 # define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
214 # define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1
216 /* data type declarations */
217 typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX;
218 typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER;
219 DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
220 typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
221 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
222 DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
223 typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
225 generate_stack_macros("OSSL_CMP_CERTSTATUS");
227 typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
228 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
230 generate_stack_macros("OSSL_CMP_ITAV");
232 typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
233 typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
234 DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
235 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
237 generate_stack_macros("OSSL_CMP_PKISI");
239 typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
241 generate_stack_macros("OSSL_CMP_CERTREPMESSAGE");
243 typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
244 typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
245 typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
247 generate_stack_macros("OSSL_CMP_CERTRESPONSE");
249 typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
252 * function DECLARATIONS
256 OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
257 void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
259 ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
260 ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
261 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
262 OSSL_CMP_ITAV *itav);
263 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
264 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
267 OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
268 void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
269 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
270 OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
271 const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
272 /* CMP general options: */
273 # define OSSL_CMP_OPT_LOG_VERBOSITY 0
274 /* CMP transfer options: */
275 # define OSSL_CMP_OPT_KEEP_ALIVE 10
276 # define OSSL_CMP_OPT_MSG_TIMEOUT 11
277 # define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
278 /* CMP request options: */
279 # define OSSL_CMP_OPT_VALIDITY_DAYS 20
280 # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
281 # define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22
282 # define OSSL_CMP_OPT_POLICIES_CRITICAL 23
283 # define OSSL_CMP_OPT_POPO_METHOD 24
284 # define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25
285 # define OSSL_CMP_OPT_DISABLE_CONFIRM 26
286 # define OSSL_CMP_OPT_REVOCATION_REASON 27
287 /* CMP protection options: */
288 # define OSSL_CMP_OPT_UNPROTECTED_SEND 30
289 # define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31
290 # define OSSL_CMP_OPT_OWF_ALGNID 32
291 # define OSSL_CMP_OPT_MAC_ALGNID 33
292 # define OSSL_CMP_OPT_DIGEST_ALGNID 34
293 # define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35
294 # define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36
295 int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
296 int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
297 /* CMP-specific callback for logging and outputting the error queue: */
298 int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb);
299 # define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \
300 OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level)
301 void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx);
302 /* message transfer: */
303 int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path);
304 int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
305 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
306 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
307 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
308 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
309 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
310 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
311 typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
312 const OSSL_CMP_MSG *req);
313 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
314 int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
315 void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
316 /* server authentication: */
317 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
318 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
319 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
320 #define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
321 X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
322 #define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
323 int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
324 STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
325 /* client authentication: */
326 int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
327 int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
328 STACK_OF(X509) *candidates);
329 int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
330 int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
331 const unsigned char *ref, int len);
332 int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
334 /* CMP message header and extra certificates: */
335 int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
336 int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
337 int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx);
338 int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
339 STACK_OF(X509) *extraCertsOut);
340 /* certificate template: */
341 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
342 EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
343 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
344 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
345 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
346 const GENERAL_NAME *name);
347 int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts);
348 int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx);
349 int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo);
350 int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert);
351 int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr);
352 /* misc body contents: */
353 int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
354 /* certificate confirmation: */
355 typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
356 int fail_info, const char **txt);
357 int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
359 int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb);
360 int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
361 void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
362 /* result fetching: */
363 int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
364 OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
365 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
366 # define OSSL_CMP_PKISI_BUFLEN 1024
367 X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
368 X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
369 STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
370 STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
371 STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx);
372 int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
373 const ASN1_OCTET_STRING *id);
374 int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
375 const ASN1_OCTET_STRING *nonce);
377 /* from cmp_status.c */
378 char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf,
380 char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo,
381 char *buf, size_t bufsize);
383 OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text);
386 ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
387 OSSL_CMP_PKIHEADER *hdr);
388 ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
391 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
392 int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
393 int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
394 OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
395 OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
397 int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
398 OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
399 int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
402 int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg);
403 int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
404 X509_STORE *trusted_store, X509 *cert);
406 /* from cmp_http.c */
407 OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
408 const OSSL_CMP_MSG *req);
410 /* from cmp_server.c */
411 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
412 OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
413 const OSSL_CMP_MSG *req);
414 OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
415 const OSSL_CMP_MSG *req);
416 OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
417 void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx);
418 typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)
419 (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId,
420 const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr,
421 X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs);
422 typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
423 const OSSL_CMP_MSG *req,
424 const X509_NAME *issuer,
425 const ASN1_INTEGER *serial);
426 typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
427 const OSSL_CMP_MSG *req,
428 const STACK_OF(OSSL_CMP_ITAV) *in,
429 STACK_OF(OSSL_CMP_ITAV) **out);
430 typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
431 const OSSL_CMP_MSG *req,
432 const OSSL_CMP_PKISI *statusInfo,
433 const ASN1_INTEGER *errorCode,
434 const OSSL_CMP_PKIFREETEXT *errDetails);
435 typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
436 const OSSL_CMP_MSG *req,
438 const ASN1_OCTET_STRING *certHash,
439 const OSSL_CMP_PKISI *si);
440 typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
441 const OSSL_CMP_MSG *req, int certReqId,
442 OSSL_CMP_MSG **certReq,
443 int64_t *check_after);
444 int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx,
445 OSSL_CMP_SRV_cert_request_cb_t process_cert_request,
446 OSSL_CMP_SRV_rr_cb_t process_rr,
447 OSSL_CMP_SRV_genm_cb_t process_genm,
448 OSSL_CMP_SRV_error_cb_t process_error,
449 OSSL_CMP_SRV_certConf_cb_t process_certConf,
450 OSSL_CMP_SRV_pollReq_cb_t process_pollReq);
451 OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
452 void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
453 int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx,
455 int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val);
456 int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val);
457 int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
460 /* from cmp_client.c */
461 X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
462 const OSSL_CRMF_MSG *crm);
463 # define OSSL_CMP_IR 0
464 # define OSSL_CMP_CR 2
465 # define OSSL_CMP_P10CR 4
466 # define OSSL_CMP_KUR 7
467 # define OSSL_CMP_exec_IR_ses(ctx) \
468 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL)
469 # define OSSL_CMP_exec_CR_ses(ctx) \
470 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL)
471 # define OSSL_CMP_exec_P10CR_ses(ctx) \
472 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL)
473 # define OSSL_CMP_exec_KUR_ses(ctx) \
474 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL)
475 int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
476 const OSSL_CRMF_MSG *crm, int *checkAfter);
477 int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
478 STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
483 # endif /* !defined(OPENSSL_NO_CMP) */
484 #endif /* !defined(OPENSSL_CMP_H) */