]> git.ipfire.org Git - thirdparty/openssl.git/blame - include/openssl/cmp.h
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Strengthen chain building for CMP
[thirdparty/openssl.git] / include / openssl / cmp.h
CommitLineData
7960dbec 1/*
33388b44 2 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
8869ad4a
AK		 3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
8869ad4a
AK		 10 */
11
ae4186b0
DMSP		 12#ifndef OPENSSL_CMP_H
13# define OPENSSL_CMP_H
8869ad4a
AK		 14
15# include <openssl/opensslconf.h>
16# ifndef OPENSSL_NO_CMP
17
18# include <openssl/crmf.h>
19# include <openssl/cmperr.h>
7960dbec 20# include <openssl/cmp_util.h>
29f178bd 21# include <openssl/http.h>
8869ad4a
AK		 22
23/* explicit #includes not strictly needed since implied by the above: */
50cd4768 24# include <openssl/types.h>
8869ad4a
AK		 25# include <openssl/safestack.h>
26# include <openssl/x509.h>
27# include <openssl/x509v3.h>
28
235595c4 29# ifdef __cplusplus
8869ad4a
AK		 30extern "C" {
31# endif
32
33# define OSSL_CMP_PVNO 2
34
35/*-
36 * PKIFailureInfo ::= BIT STRING {
37 * -- since we can fail in more than one way!
38 * -- More codes may be added in the future if/when required.
39 * badAlg (0),
40 * -- unrecognized or unsupported Algorithm Identifier
41 * badMessageCheck (1),
42 * -- integrity check failed (e.g., signature did not verify)
43 * badRequest (2),
44 * -- transaction not permitted or supported
45 * badTime (3),
46 * -- messageTime was not sufficiently close to the system time,
47 * -- as defined by local policy
48 * badCertId (4),
49 * -- no certificate could be found matching the provided criteria
50 * badDataFormat (5),
51 * -- the data submitted has the wrong format
52 * wrongAuthority (6),
53 * -- the authority indicated in the request is different from the
54 * -- one creating the response token
55 * incorrectData (7),
56 * -- the requester's data is incorrect (for notary services)
57 * missingTimeStamp (8),
58 * -- when the timestamp is missing but should be there
59 * -- (by policy)
60 * badPOP (9),
61 * -- the proof-of-possession failed
62 * certRevoked (10),
63 * -- the certificate has already been revoked
64 * certConfirmed (11),
65 * -- the certificate has already been confirmed
66 * wrongIntegrity (12),
67 * -- invalid integrity, password based instead of signature or
68 * -- vice versa
69 * badRecipientNonce (13),
70 * -- invalid recipient nonce, either missing or wrong value
71 * timeNotAvailable (14),
72 * -- the TSA's time source is not available
73 * unacceptedPolicy (15),
74 * -- the requested TSA policy is not supported by the TSA.
75 * unacceptedExtension (16),
76 * -- the requested extension is not supported by the TSA.
77 * addInfoNotAvailable (17),
78 * -- the additional information requested could not be
79 * -- understood or is not available
80 * badSenderNonce (18),
81 * -- invalid sender nonce, either missing or wrong size
82 * badCertTemplate (19),
83 * -- invalid cert. template or missing mandatory information
84 * signerNotTrusted (20),
85 * -- signer of the message unknown or not trusted
86 * transactionIdInUse (21),
87 * -- the transaction identifier is already in use
88 * unsupportedVersion (22),
89 * -- the version of the message is not supported
90 * notAuthorized (23),
91 * -- the sender was not authorized to make the preceding
92 * -- request or perform the preceding action
93 * systemUnavail (24),
94 * -- the request cannot be handled due to system unavailability
95 * systemFailure (25),
96 * -- the request cannot be handled due to system failure
97 * duplicateCertReq (26)
98 * -- certificate cannot be issued because a duplicate
99 * -- certificate already exists
100 * }
101 */
102# define OSSL_CMP_PKIFAILUREINFO_badAlg 0
103# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1
104# define OSSL_CMP_PKIFAILUREINFO_badRequest 2
105# define OSSL_CMP_PKIFAILUREINFO_badTime 3
106# define OSSL_CMP_PKIFAILUREINFO_badCertId 4
107# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5
108# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6
109# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7
110# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8
111# define OSSL_CMP_PKIFAILUREINFO_badPOP 9
112# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10
113# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11
114# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12
115# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13
116# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14
117# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15
118# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16
119# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17
120# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18
121# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19
122# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20
123# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21
124# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22
125# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23
126# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24
127# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25
128# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
129# define OSSL_CMP_PKIFAILUREINFO_MAX 26
130# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \
235595c4 131 ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1)
8869ad4a 132# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
235595c4 133# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
8869ad4a
AK		 134# endif
135
136typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
137
138# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
139# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1)
140# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2)
141# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3)
142# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4)
143# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5)
144# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6)
145# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7)
146# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8)
147# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9)
148# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10)
149# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11)
150# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12)
151# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13)
152# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14)
153# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15)
154# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16)
155# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17)
156# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18)
157# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19)
158# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20)
159# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21)
160# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22)
161# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23)
162# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24)
163# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25)
164# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26)
165
166/*-
167 * PKIStatus ::= INTEGER {
168 * accepted (0),
169 * -- you got exactly what you asked for
170 * grantedWithMods (1),
171 * -- you got something like what you asked for; the
172 * -- requester is responsible for ascertaining the differences
173 * rejection (2),
174 * -- you don't get it, more information elsewhere in the message
175 * waiting (3),
176 * -- the request body part has not yet been processed; expect to
177 * -- hear more later (note: proper handling of this status
178 * -- response MAY use the polling req/rep PKIMessages specified
179 * -- in Section 5.3.22; alternatively, polling in the underlying
180 * -- transport layer MAY have some utility in this regard)
181 * revocationWarning (4),
182 * -- this message contains a warning that a revocation is
183 * -- imminent
184 * revocationNotification (5),
185 * -- notification that a revocation has occurred
186 * keyUpdateWarning (6)
187 * -- update already done for the oldCertId specified in
188 * -- CertReqMsg
189 * }
190 */
191# define OSSL_CMP_PKISTATUS_accepted 0
192# define OSSL_CMP_PKISTATUS_grantedWithMods 1
193# define OSSL_CMP_PKISTATUS_rejection 2
194# define OSSL_CMP_PKISTATUS_waiting 3
195# define OSSL_CMP_PKISTATUS_revocationWarning 4
196# define OSSL_CMP_PKISTATUS_revocationNotification 5
197# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6
198
199typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
200DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
201
202# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
203# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1
204
205/* data type declarations */
7960dbec
DDO		 206typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX;
207typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER;
8869ad4a 208DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
7960dbec 209typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
62dcd2aa 210DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
8869ad4a 211DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
7960dbec 212typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
01659135 213DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTSTATUS)
7960dbec 214typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
62dcd2aa 215DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
01659135 216DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_ITAV)
7960dbec
DDO		 217typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
218typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
62dcd2aa
DDO		 219DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
220DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
01659135 221DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_PKISI)
7960dbec 222typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
01659135 223DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTREPMESSAGE)
7960dbec 224typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
8869ad4a 225typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
7960dbec 226typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
01659135 227DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTRESPONSE)
8869ad4a
AK		 228typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
229
7960dbec
DDO		 230/*
231 * function DECLARATIONS
232 */
233
8869ad4a
AK		 234/* from cmp_asn.c */
235OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
236void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
237 ASN1_TYPE *value);
238ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
239ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
240int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
241 OSSL_CMP_ITAV *itav);
242void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
243void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
7960dbec
DDO		 244
245/* from cmp_ctx.c */
1a7cd250 246OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq);
7960dbec
DDO		 247void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
248int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
249/* various CMP options: */
250# define OSSL_CMP_OPT_LOG_VERBOSITY 0
7e765f46
DDO		 251# define OSSL_CMP_OPT_MSG_TIMEOUT 1
252# define OSSL_CMP_OPT_TOTAL_TIMEOUT 2
253# define OSSL_CMP_OPT_VALIDITY_DAYS 3
7960dbec
DDO		 254# define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 4
255# define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 5
256# define OSSL_CMP_OPT_POLICIES_CRITICAL 6
7e765f46 257# define OSSL_CMP_OPT_POPO_METHOD 7
7960dbec
DDO		 258# define OSSL_CMP_OPT_DIGEST_ALGNID 8
259# define OSSL_CMP_OPT_OWF_ALGNID 9
260# define OSSL_CMP_OPT_MAC_ALGNID 10
261# define OSSL_CMP_OPT_REVOCATION_REASON 11
7e765f46
DDO		 262# define OSSL_CMP_OPT_IMPLICIT_CONFIRM 12
263# define OSSL_CMP_OPT_DISABLE_CONFIRM 13
7960dbec
DDO		 264# define OSSL_CMP_OPT_UNPROTECTED_SEND 14
265# define OSSL_CMP_OPT_UNPROTECTED_ERRORS 15
266# define OSSL_CMP_OPT_IGNORE_KEYUSAGE 16
267# define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 17
268int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
269int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
270/* CMP-specific callback for logging and outputting the error queue: */
7e765f46 271int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb);
3dbc5156 272# define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \
7960dbec 273 OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level)
c4a9e3eb 274void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx);
7960dbec
DDO		 275/* message transfer: */
276int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path);
4b1fe471 277int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
7960dbec 278int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
afe554c2
DDO		 279int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
280int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
29f178bd 281int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
7960dbec
DDO		 282int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
283void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
7e765f46 284typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
29f178bd 285 const OSSL_CMP_MSG *req);
7e765f46 286int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
7960dbec
DDO		 287int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
288void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
289/* server authentication: */
290int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
291int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
292int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
293X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
294int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
295STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx);
296/* client authentication: */
63f1883d 297int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
15076c26
DDO		 298int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
299 STACK_OF(X509) *candidates);
7960dbec
DDO		 300int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
301int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
302 const unsigned char *ref, int len);
303int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
304 const int len);
305/* CMP message header and extra certificates: */
306int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
307int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
308int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
309 STACK_OF(X509) *extraCertsOut);
310/* certificate template: */
311int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
312EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
313int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
314int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
143be474
DDO		 315int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
316 const GENERAL_NAME *name);
7960dbec
DDO		 317int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts);
318int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx);
319int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo);
320int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert);
321int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr);
322/* misc body contents: */
323int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
324/* certificate confirmation: */
7e765f46 325typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
7960dbec 326 int fail_info, const char **txt);
15076c26
DDO		 327int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
328 const char **text);
7e765f46 329int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb);
7960dbec
DDO		 330int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
331void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
332/* result fetching: */
333int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
334OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
335int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
336# define OSSL_CMP_PKISI_BUFLEN 1024
337X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
39082af2 338STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
7960dbec
DDO		 339STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
340STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx);
7960dbec
DDO		 341int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
342 const ASN1_OCTET_STRING *id);
343int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
344 const ASN1_OCTET_STRING *nonce);
8869ad4a 345
4dde554c 346/* from cmp_status.c */
62dcd2aa 347char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf,
4dde554c 348 size_t bufsize);
62dcd2aa
DDO		 349char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo,
350 char *buf, size_t bufsize);
351OSSL_CMP_PKISI *
352OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text);
4dde554c
DDO		 353
354/* from cmp_hdr.c */
143be474
DDO		 355ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
356 OSSL_CMP_PKIHEADER *hdr);
4dde554c
DDO		 357ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
358
3dbc5156 359/* from cmp_msg.c */
3dbc5156 360OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
143be474 361int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
593d6554 362OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
fafa56a1 363OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file);
1202de44 364int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
ae8483d2
DDO		 365OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
366int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
3dbc5156 367
31b28ad9
DDO		 368/* from cmp_vfy.c */
369int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg);
c4a9e3eb 370int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
31b28ad9
DDO		 371 X509_STORE *trusted_store, X509 *cert);
372
afe554c2
DDO		 373/* from cmp_http.c */
374OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
375 const OSSL_CMP_MSG *req);
376
62dcd2aa
DDO		 377/* from cmp_server.c */
378typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
379OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
380 const OSSL_CMP_MSG *req);
381OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
382 const OSSL_CMP_MSG *req);
1a7cd250 383OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OPENSSL_CTX *libctx, const char *propq);
62dcd2aa
DDO		 384void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx);
385typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)
386 (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId,
387 const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr,
388 X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs);
389typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
390 const OSSL_CMP_MSG *req,
391 const X509_NAME *issuer,
392 const ASN1_INTEGER *serial);
393typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
394 const OSSL_CMP_MSG *req,
395 const STACK_OF(OSSL_CMP_ITAV) *in,
396 STACK_OF(OSSL_CMP_ITAV) **out);
397typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
398 const OSSL_CMP_MSG *req,
399 const OSSL_CMP_PKISI *statusInfo,
400 const ASN1_INTEGER *errorCode,
143be474 401 const OSSL_CMP_PKIFREETEXT *errDetails);
62dcd2aa
DDO		 402typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
403 const OSSL_CMP_MSG *req,
404 int certReqId,
405 const ASN1_OCTET_STRING *certHash,
406 const OSSL_CMP_PKISI *si);
407typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
408 const OSSL_CMP_MSG *req, int certReqId,
409 OSSL_CMP_MSG **certReq,
410 int64_t *check_after);
411int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx,
412 OSSL_CMP_SRV_cert_request_cb_t process_cert_request,
413 OSSL_CMP_SRV_rr_cb_t process_rr,
414 OSSL_CMP_SRV_genm_cb_t process_genm,
415 OSSL_CMP_SRV_error_cb_t process_error,
416 OSSL_CMP_SRV_certConf_cb_t process_certConf,
417 OSSL_CMP_SRV_pollReq_cb_t process_pollReq);
418OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
419void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
420int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx,
421 int val);
422int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val);
423int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val);
424int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
425 int val);
426
7e765f46 427/* from cmp_client.c */
299e0f1e
DDO		 428X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
429 const OSSL_CRMF_MSG *crm);
430# define OSSL_CMP_IR 0
431# define OSSL_CMP_CR 2
432# define OSSL_CMP_P10CR 4
433# define OSSL_CMP_KUR 7
434# define OSSL_CMP_exec_IR_ses(ctx) \
435 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL)
436# define OSSL_CMP_exec_CR_ses(ctx) \
437 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL)
438# define OSSL_CMP_exec_P10CR_ses(ctx) \
439 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL)
440# define OSSL_CMP_exec_KUR_ses(ctx) \
441 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL)
442int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
443 const OSSL_CRMF_MSG *crm, int *checkAfter);
7e765f46
DDO		 444X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
445STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
446
3dbc5156 447# ifdef __cplusplus
8869ad4a 448}
3dbc5156 449# endif
62dcd2aa
DDO		 450# endif /* !defined(OPENSSL_NO_CMP) */
451#endif /* !defined(OPENSSL_CMP_H) */
A mirror of the official openssl repository