2023-10-12 00:19:16 +00:00
|
|
|
/*
|
|
|
|
|
* {- join("\n * ", @autowarntext) -}
|
|
|
|
|
*
|
|
|
|
|
* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
|
* Copyright Nokia 2007-2019
|
|
|
|
|
* Copyright Siemens AG 2015-2019
|
|
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
{-
|
|
|
|
|
use OpenSSL::stackhash qw(generate_stack_macros);
|
|
|
|
|
-}
|
|
|
|
|
|
|
|
|
|
#ifndef OPENSSL_CMP_H
|
|
|
|
|
# define OPENSSL_CMP_H
|
|
|
|
|
|
|
|
|
|
# include <openssl/opensslconf.h>
|
|
|
|
|
# ifndef OPENSSL_NO_CMP
|
|
|
|
|
|
|
|
|
|
# include <openssl/crmf.h>
|
|
|
|
|
# include <openssl/cmperr.h>
|
|
|
|
|
# include <openssl/cmp_util.h>
|
|
|
|
|
# include <openssl/http.h>
|
|
|
|
|
|
|
|
|
|
/* explicit #includes not strictly needed since implied by the above: */
|
|
|
|
|
# include <openssl/types.h>
|
|
|
|
|
# include <openssl/safestack.h>
|
|
|
|
|
# include <openssl/x509.h>
|
|
|
|
|
# include <openssl/x509v3.h>
|
|
|
|
|
|
|
|
|
|
# ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
# endif
|
|
|
|
|
|
2023-11-25 17:40:08 +00:00
|
|
|
# define OSSL_CMP_PVNO_2 2
|
|
|
|
|
# define OSSL_CMP_PVNO_3 3
|
|
|
|
|
# define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
|
2023-10-12 00:19:16 +00:00
|
|
|
|
|
|
|
|
/*-
|
|
|
|
|
* PKIFailureInfo ::= BIT STRING {
|
|
|
|
|
* -- since we can fail in more than one way!
|
|
|
|
|
* -- More codes may be added in the future if/when required.
|
|
|
|
|
* badAlg (0),
|
|
|
|
|
* -- unrecognized or unsupported Algorithm Identifier
|
|
|
|
|
* badMessageCheck (1),
|
|
|
|
|
* -- integrity check failed (e.g., signature did not verify)
|
|
|
|
|
* badRequest (2),
|
|
|
|
|
* -- transaction not permitted or supported
|
|
|
|
|
* badTime (3),
|
|
|
|
|
* -- messageTime was not sufficiently close to the system time,
|
|
|
|
|
* -- as defined by local policy
|
|
|
|
|
* badCertId (4),
|
|
|
|
|
* -- no certificate could be found matching the provided criteria
|
|
|
|
|
* badDataFormat (5),
|
|
|
|
|
* -- the data submitted has the wrong format
|
|
|
|
|
* wrongAuthority (6),
|
|
|
|
|
* -- the authority indicated in the request is different from the
|
|
|
|
|
* -- one creating the response token
|
|
|
|
|
* incorrectData (7),
|
|
|
|
|
* -- the requester's data is incorrect (for notary services)
|
|
|
|
|
* missingTimeStamp (8),
|
|
|
|
|
* -- when the timestamp is missing but should be there
|
|
|
|
|
* -- (by policy)
|
|
|
|
|
* badPOP (9),
|
|
|
|
|
* -- the proof-of-possession failed
|
|
|
|
|
* certRevoked (10),
|
|
|
|
|
* -- the certificate has already been revoked
|
|
|
|
|
* certConfirmed (11),
|
|
|
|
|
* -- the certificate has already been confirmed
|
|
|
|
|
* wrongIntegrity (12),
|
|
|
|
|
* -- invalid integrity, password based instead of signature or
|
|
|
|
|
* -- vice versa
|
|
|
|
|
* badRecipientNonce (13),
|
|
|
|
|
* -- invalid recipient nonce, either missing or wrong value
|
|
|
|
|
* timeNotAvailable (14),
|
|
|
|
|
* -- the TSA's time source is not available
|
|
|
|
|
* unacceptedPolicy (15),
|
|
|
|
|
* -- the requested TSA policy is not supported by the TSA.
|
|
|
|
|
* unacceptedExtension (16),
|
|
|
|
|
* -- the requested extension is not supported by the TSA.
|
|
|
|
|
* addInfoNotAvailable (17),
|
|
|
|
|
* -- the additional information requested could not be
|
|
|
|
|
* -- understood or is not available
|
|
|
|
|
* badSenderNonce (18),
|
|
|
|
|
* -- invalid sender nonce, either missing or wrong size
|
|
|
|
|
* badCertTemplate (19),
|
|
|
|
|
* -- invalid cert. template or missing mandatory information
|
|
|
|
|
* signerNotTrusted (20),
|
|
|
|
|
* -- signer of the message unknown or not trusted
|
|
|
|
|
* transactionIdInUse (21),
|
|
|
|
|
* -- the transaction identifier is already in use
|
|
|
|
|
* unsupportedVersion (22),
|
|
|
|
|
* -- the version of the message is not supported
|
|
|
|
|
* notAuthorized (23),
|
|
|
|
|
* -- the sender was not authorized to make the preceding
|
|
|
|
|
* -- request or perform the preceding action
|
|
|
|
|
* systemUnavail (24),
|
|
|
|
|
* -- the request cannot be handled due to system unavailability
|
|
|
|
|
* systemFailure (25),
|
|
|
|
|
* -- the request cannot be handled due to system failure
|
|
|
|
|
* duplicateCertReq (26)
|
|
|
|
|
* -- certificate cannot be issued because a duplicate
|
|
|
|
|
* -- certificate already exists
|
|
|
|
|
* }
|
|
|
|
|
*/
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_badAlg 0
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_badRequest 2
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_badTime 3
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_badCertId 4
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_badPOP 9
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_MAX 26
|
|
|
|
|
# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \
|
|
|
|
|
((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1)
|
|
|
|
|
# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
|
|
|
|
|
# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
|
|
|
|
|
# endif
|
|
|
|
|
typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
|
|
|
|
|
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25)
|
|
|
|
|
# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26)
|
|
|
|
|
|
|
|
|
|
/*-
|
|
|
|
|
* PKIStatus ::= INTEGER {
|
|
|
|
|
* accepted (0),
|
|
|
|
|
* -- you got exactly what you asked for
|
|
|
|
|
* grantedWithMods (1),
|
|
|
|
|
* -- you got something like what you asked for; the
|
|
|
|
|
* -- requester is responsible for ascertaining the differences
|
|
|
|
|
* rejection (2),
|
|
|
|
|
* -- you don't get it, more information elsewhere in the message
|
|
|
|
|
* waiting (3),
|
|
|
|
|
* -- the request body part has not yet been processed; expect to
|
|
|
|
|
* -- hear more later (note: proper handling of this status
|
|
|
|
|
* -- response MAY use the polling req/rep PKIMessages specified
|
|
|
|
|
* -- in Section 5.3.22; alternatively, polling in the underlying
|
|
|
|
|
* -- transport layer MAY have some utility in this regard)
|
|
|
|
|
* revocationWarning (4),
|
|
|
|
|
* -- this message contains a warning that a revocation is
|
|
|
|
|
* -- imminent
|
|
|
|
|
* revocationNotification (5),
|
|
|
|
|
* -- notification that a revocation has occurred
|
|
|
|
|
* keyUpdateWarning (6)
|
|
|
|
|
* -- update already done for the oldCertId specified in
|
|
|
|
|
* -- CertReqMsg
|
|
|
|
|
* }
|
|
|
|
|
*/
|
|
|
|
|
# define OSSL_CMP_PKISTATUS_request -3
|
|
|
|
|
# define OSSL_CMP_PKISTATUS_trans -2
|
|
|
|
|
# define OSSL_CMP_PKISTATUS_unspecified -1
|
|
|
|
|
# define OSSL_CMP_PKISTATUS_accepted 0
|
|
|
|
|
# define OSSL_CMP_PKISTATUS_grantedWithMods 1
|
|
|
|
|
# define OSSL_CMP_PKISTATUS_rejection 2
|
|
|
|
|
# define OSSL_CMP_PKISTATUS_waiting 3
|
|
|
|
|
# define OSSL_CMP_PKISTATUS_revocationWarning 4
|
|
|
|
|
# define OSSL_CMP_PKISTATUS_revocationNotification 5
|
|
|
|
|
# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6
|
|
|
|
|
typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
|
2023-11-25 17:40:08 +00:00
|
|
|
|
2023-10-12 00:19:16 +00:00
|
|
|
DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
|
|
|
|
|
|
|
|
|
|
# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
|
|
|
|
|
# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1
|
|
|
|
|
|
|
|
|
|
/* data type declarations */
|
|
|
|
|
typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX;
|
|
|
|
|
typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER;
|
|
|
|
|
DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
|
|
|
|
|
typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
|
|
|
|
|
DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
|
|
|
|
|
DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
|
|
|
|
|
typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
|
|
|
|
|
{-
|
|
|
|
|
generate_stack_macros("OSSL_CMP_CERTSTATUS");
|
|
|
|
|
-}
|
|
|
|
|
typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
|
|
|
|
|
DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
|
|
|
|
|
{-
|
|
|
|
|
generate_stack_macros("OSSL_CMP_ITAV");
|
|
|
|
|
-}
|
|
|
|
|
typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
|
|
|
|
|
typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
|
|
|
|
|
DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
|
|
|
|
|
DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
|
|
|
|
|
{-
|
|
|
|
|
generate_stack_macros("OSSL_CMP_PKISI");
|
|
|
|
|
-}
|
|
|
|
|
typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
|
|
|
|
|
{-
|
|
|
|
|
generate_stack_macros("OSSL_CMP_CERTREPMESSAGE");
|
|
|
|
|
-}
|
|
|
|
|
typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
|
|
|
|
|
typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
|
|
|
|
|
typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
|
|
|
|
|
{-
|
|
|
|
|
generate_stack_macros("OSSL_CMP_CERTRESPONSE");
|
|
|
|
|
-}
|
|
|
|
|
typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* function DECLARATIONS
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* from cmp_asn.c */
|
|
|
|
|
OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
|
|
|
|
|
void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
|
|
|
|
|
ASN1_TYPE *value);
|
|
|
|
|
ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
|
|
|
|
|
ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
|
|
|
|
|
int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
|
|
|
|
|
OSSL_CMP_ITAV *itav);
|
|
|
|
|
void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
|
2023-11-25 17:40:08 +00:00
|
|
|
|
|
|
|
|
OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
|
|
|
|
|
int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
|
|
|
|
|
|
|
|
|
|
OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
|
|
|
|
|
int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
|
|
|
|
|
OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
|
|
|
|
|
const X509 *newWithOld,
|
|
|
|
|
const X509 *oldWithNew);
|
|
|
|
|
int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
|
|
|
|
|
X509 **newWithNew,
|
|
|
|
|
X509 **newWithOld,
|
|
|
|
|
X509 **oldWithNew);
|
|
|
|
|
|
2023-10-12 00:19:16 +00:00
|
|
|
void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
|
|
|
|
|
|
|
|
|
|
/* from cmp_ctx.c */
|
|
|
|
|
OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
|
|
|
|
|
void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
|
|
|
|
|
int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
|
2023-11-25 17:40:08 +00:00
|
|
|
OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
|
2023-10-12 00:19:16 +00:00
|
|
|
/* CMP general options: */
|
|
|
|
|
# define OSSL_CMP_OPT_LOG_VERBOSITY 0
|
|
|
|
|
/* CMP transfer options: */
|
2023-11-25 17:40:08 +00:00
|
|
|
# define OSSL_CMP_OPT_KEEP_ALIVE 10
|
|
|
|
|
# define OSSL_CMP_OPT_MSG_TIMEOUT 11
|
2023-10-12 00:19:16 +00:00
|
|
|
# define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
|
2023-11-25 17:40:08 +00:00
|
|
|
# define OSSL_CMP_OPT_USE_TLS 13
|
2023-10-12 00:19:16 +00:00
|
|
|
/* CMP request options: */
|
|
|
|
|
# define OSSL_CMP_OPT_VALIDITY_DAYS 20
|
|
|
|
|
# define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
|
|
|
|
|
# define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22
|
|
|
|
|
# define OSSL_CMP_OPT_POLICIES_CRITICAL 23
|
|
|
|
|
# define OSSL_CMP_OPT_POPO_METHOD 24
|
|
|
|
|
# define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25
|
|
|
|
|
# define OSSL_CMP_OPT_DISABLE_CONFIRM 26
|
|
|
|
|
# define OSSL_CMP_OPT_REVOCATION_REASON 27
|
|
|
|
|
/* CMP protection options: */
|
|
|
|
|
# define OSSL_CMP_OPT_UNPROTECTED_SEND 30
|
|
|
|
|
# define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31
|
|
|
|
|
# define OSSL_CMP_OPT_OWF_ALGNID 32
|
|
|
|
|
# define OSSL_CMP_OPT_MAC_ALGNID 33
|
|
|
|
|
# define OSSL_CMP_OPT_DIGEST_ALGNID 34
|
|
|
|
|
# define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35
|
|
|
|
|
# define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36
|
|
|
|
|
int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
|
|
|
|
|
int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
|
|
|
|
|
/* CMP-specific callback for logging and outputting the error queue: */
|
|
|
|
|
int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb);
|
|
|
|
|
# define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \
|
|
|
|
|
OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level)
|
|
|
|
|
void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
/* message transfer: */
|
|
|
|
|
int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path);
|
|
|
|
|
int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
|
|
|
|
|
int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
|
|
|
|
|
int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
|
|
|
|
|
int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
|
2023-11-25 17:40:08 +00:00
|
|
|
# ifndef OPENSSL_NO_HTTP
|
2023-10-12 00:19:16 +00:00
|
|
|
int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
|
|
|
|
|
int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
|
|
|
|
|
void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
|
2023-11-25 17:40:08 +00:00
|
|
|
# endif
|
2023-10-12 00:19:16 +00:00
|
|
|
typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
|
|
|
|
|
const OSSL_CMP_MSG *req);
|
|
|
|
|
int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
|
|
|
|
|
int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
|
|
|
|
|
void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
/* server authentication: */
|
|
|
|
|
int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
|
|
|
|
|
int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
|
|
|
|
|
int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
|
2023-11-25 17:40:08 +00:00
|
|
|
# define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
|
2023-10-12 00:19:16 +00:00
|
|
|
X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
|
2023-11-25 17:40:08 +00:00
|
|
|
# define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
|
2023-10-12 00:19:16 +00:00
|
|
|
int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
|
|
|
|
|
STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
/* client authentication: */
|
|
|
|
|
int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
|
|
|
|
|
int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
|
|
|
|
|
STACK_OF(X509) *candidates);
|
|
|
|
|
int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
|
|
|
|
|
int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
|
|
|
|
|
const unsigned char *ref, int len);
|
|
|
|
|
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
|
|
|
|
|
const unsigned char *sec, int len);
|
|
|
|
|
/* CMP message header and extra certificates: */
|
|
|
|
|
int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
|
|
|
|
|
int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
|
|
|
|
|
int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx);
|
|
|
|
|
int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
|
|
|
|
|
STACK_OF(X509) *extraCertsOut);
|
|
|
|
|
/* certificate template: */
|
|
|
|
|
int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
|
|
|
|
|
EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
|
|
|
|
|
int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
|
2023-11-25 17:40:08 +00:00
|
|
|
int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
|
2023-10-12 00:19:16 +00:00
|
|
|
int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
|
|
|
|
|
int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
|
|
|
|
|
const GENERAL_NAME *name);
|
|
|
|
|
int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts);
|
|
|
|
|
int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx);
|
|
|
|
|
int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo);
|
|
|
|
|
int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert);
|
|
|
|
|
int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr);
|
|
|
|
|
/* misc body contents: */
|
|
|
|
|
int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
|
|
|
|
|
/* certificate confirmation: */
|
|
|
|
|
typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
|
|
|
|
|
int fail_info, const char **txt);
|
|
|
|
|
int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
|
|
|
|
|
const char **text);
|
|
|
|
|
int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb);
|
|
|
|
|
int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
|
|
|
|
|
void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
/* result fetching: */
|
|
|
|
|
int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
# define OSSL_CMP_PKISI_BUFLEN 1024
|
2023-11-25 17:40:08 +00:00
|
|
|
X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
|
2023-10-12 00:19:16 +00:00
|
|
|
X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx);
|
|
|
|
|
int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
|
|
|
|
|
const ASN1_OCTET_STRING *id);
|
|
|
|
|
int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
|
|
|
|
|
const ASN1_OCTET_STRING *nonce);
|
|
|
|
|
|
|
|
|
|
/* from cmp_status.c */
|
|
|
|
|
char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf,
|
|
|
|
|
size_t bufsize);
|
|
|
|
|
char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo,
|
|
|
|
|
char *buf, size_t bufsize);
|
|
|
|
|
OSSL_CMP_PKISI *
|
|
|
|
|
OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text);
|
|
|
|
|
|
|
|
|
|
/* from cmp_hdr.c */
|
|
|
|
|
ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
|
|
|
|
|
OSSL_CMP_PKIHEADER *hdr);
|
|
|
|
|
ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
|
|
|
|
|
|
|
|
|
|
/* from cmp_msg.c */
|
|
|
|
|
OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
|
|
|
|
|
int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
|
|
|
|
|
int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
|
|
|
|
|
int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
|
|
|
|
|
OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
|
|
|
|
|
OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
|
|
|
|
|
const char *propq);
|
|
|
|
|
int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
|
|
|
|
|
OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
|
|
|
|
|
int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
|
|
|
|
|
|
|
|
|
|
/* from cmp_vfy.c */
|
|
|
|
|
int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg);
|
|
|
|
|
int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
|
|
|
|
|
X509_STORE *trusted_store, X509 *cert);
|
|
|
|
|
|
|
|
|
|
/* from cmp_http.c */
|
2023-11-25 17:40:08 +00:00
|
|
|
# ifndef OPENSSL_NO_HTTP
|
2023-10-12 00:19:16 +00:00
|
|
|
OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
|
|
|
|
|
const OSSL_CMP_MSG *req);
|
2023-11-25 17:40:08 +00:00
|
|
|
# endif
|
2023-10-12 00:19:16 +00:00
|
|
|
|
|
|
|
|
/* from cmp_server.c */
|
|
|
|
|
typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
|
|
|
|
|
OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
|
|
|
|
|
const OSSL_CMP_MSG *req);
|
|
|
|
|
OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
|
|
|
|
|
const OSSL_CMP_MSG *req);
|
|
|
|
|
OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
|
|
|
|
|
void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx);
|
|
|
|
|
typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)
|
|
|
|
|
(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId,
|
|
|
|
|
const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr,
|
|
|
|
|
X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs);
|
|
|
|
|
typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
|
|
|
|
|
const OSSL_CMP_MSG *req,
|
|
|
|
|
const X509_NAME *issuer,
|
|
|
|
|
const ASN1_INTEGER *serial);
|
|
|
|
|
typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
|
|
|
|
|
const OSSL_CMP_MSG *req,
|
|
|
|
|
const STACK_OF(OSSL_CMP_ITAV) *in,
|
|
|
|
|
STACK_OF(OSSL_CMP_ITAV) **out);
|
|
|
|
|
typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
|
|
|
|
|
const OSSL_CMP_MSG *req,
|
|
|
|
|
const OSSL_CMP_PKISI *statusInfo,
|
|
|
|
|
const ASN1_INTEGER *errorCode,
|
|
|
|
|
const OSSL_CMP_PKIFREETEXT *errDetails);
|
|
|
|
|
typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
|
|
|
|
|
const OSSL_CMP_MSG *req,
|
|
|
|
|
int certReqId,
|
|
|
|
|
const ASN1_OCTET_STRING *certHash,
|
|
|
|
|
const OSSL_CMP_PKISI *si);
|
|
|
|
|
typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
|
|
|
|
|
const OSSL_CMP_MSG *req, int certReqId,
|
|
|
|
|
OSSL_CMP_MSG **certReq,
|
|
|
|
|
int64_t *check_after);
|
|
|
|
|
int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx,
|
|
|
|
|
OSSL_CMP_SRV_cert_request_cb_t process_cert_request,
|
|
|
|
|
OSSL_CMP_SRV_rr_cb_t process_rr,
|
|
|
|
|
OSSL_CMP_SRV_genm_cb_t process_genm,
|
|
|
|
|
OSSL_CMP_SRV_error_cb_t process_error,
|
|
|
|
|
OSSL_CMP_SRV_certConf_cb_t process_certConf,
|
|
|
|
|
OSSL_CMP_SRV_pollReq_cb_t process_pollReq);
|
|
|
|
|
OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
|
|
|
|
|
void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
|
|
|
|
|
int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx,
|
|
|
|
|
int val);
|
|
|
|
|
int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val);
|
|
|
|
|
int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val);
|
|
|
|
|
int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
|
|
|
|
|
int val);
|
|
|
|
|
|
|
|
|
|
/* from cmp_client.c */
|
|
|
|
|
X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
|
|
|
|
|
const OSSL_CRMF_MSG *crm);
|
|
|
|
|
# define OSSL_CMP_IR 0
|
|
|
|
|
# define OSSL_CMP_CR 2
|
|
|
|
|
# define OSSL_CMP_P10CR 4
|
|
|
|
|
# define OSSL_CMP_KUR 7
|
|
|
|
|
# define OSSL_CMP_exec_IR_ses(ctx) \
|
|
|
|
|
OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL)
|
|
|
|
|
# define OSSL_CMP_exec_CR_ses(ctx) \
|
|
|
|
|
OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL)
|
|
|
|
|
# define OSSL_CMP_exec_P10CR_ses(ctx) \
|
|
|
|
|
OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL)
|
|
|
|
|
# define OSSL_CMP_exec_KUR_ses(ctx) \
|
|
|
|
|
OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL)
|
|
|
|
|
int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
|
|
|
|
|
const OSSL_CRMF_MSG *crm, int *checkAfter);
|
|
|
|
|
int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
|
|
|
|
|
STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
|
|
|
|
|
|
2023-11-25 17:40:08 +00:00
|
|
|
/* from cmp_genm.c */
|
|
|
|
|
int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
|
|
|
|
|
int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
|
|
|
|
|
const X509 *oldWithOld, X509 **newWithNew,
|
|
|
|
|
X509 **newWithOld, X509 **oldWithNew);
|
|
|
|
|
|
2023-10-12 00:19:16 +00:00
|
|
|
# ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
# endif
|
|
|
|
|
# endif /* !defined(OPENSSL_NO_CMP) */
|
|
|
|
|
#endif /* !defined(OPENSSL_CMP_H) */
|
