]>
Commit | Line | Data |
---|---|---|
7960dbec | 1 | /* |
33388b44 | 2 | * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. |
8869ad4a AK |
3 | * Copyright Nokia 2007-2019 |
4 | * Copyright Siemens AG 2015-2019 | |
5 | * | |
6 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
7 | * this file except in compliance with the License. You can obtain a copy | |
8 | * in the file LICENSE in the source distribution or at | |
9 | * https://www.openssl.org/source/license.html | |
8869ad4a AK |
10 | */ |
11 | ||
ae4186b0 DMSP |
12 | #ifndef OPENSSL_CMP_H |
13 | # define OPENSSL_CMP_H | |
8869ad4a AK |
14 | |
15 | # include <openssl/opensslconf.h> | |
16 | # ifndef OPENSSL_NO_CMP | |
17 | ||
18 | # include <openssl/crmf.h> | |
19 | # include <openssl/cmperr.h> | |
7960dbec | 20 | # include <openssl/cmp_util.h> |
29f178bd | 21 | # include <openssl/http.h> |
8869ad4a AK |
22 | |
23 | /* explicit #includes not strictly needed since implied by the above: */ | |
50cd4768 | 24 | # include <openssl/types.h> |
8869ad4a AK |
25 | # include <openssl/safestack.h> |
26 | # include <openssl/x509.h> | |
27 | # include <openssl/x509v3.h> | |
28 | ||
235595c4 | 29 | # ifdef __cplusplus |
8869ad4a AK |
30 | extern "C" { |
31 | # endif | |
32 | ||
33 | # define OSSL_CMP_PVNO 2 | |
34 | ||
35 | /*- | |
36 | * PKIFailureInfo ::= BIT STRING { | |
37 | * -- since we can fail in more than one way! | |
38 | * -- More codes may be added in the future if/when required. | |
39 | * badAlg (0), | |
40 | * -- unrecognized or unsupported Algorithm Identifier | |
41 | * badMessageCheck (1), | |
42 | * -- integrity check failed (e.g., signature did not verify) | |
43 | * badRequest (2), | |
44 | * -- transaction not permitted or supported | |
45 | * badTime (3), | |
46 | * -- messageTime was not sufficiently close to the system time, | |
47 | * -- as defined by local policy | |
48 | * badCertId (4), | |
49 | * -- no certificate could be found matching the provided criteria | |
50 | * badDataFormat (5), | |
51 | * -- the data submitted has the wrong format | |
52 | * wrongAuthority (6), | |
53 | * -- the authority indicated in the request is different from the | |
54 | * -- one creating the response token | |
55 | * incorrectData (7), | |
56 | * -- the requester's data is incorrect (for notary services) | |
57 | * missingTimeStamp (8), | |
58 | * -- when the timestamp is missing but should be there | |
59 | * -- (by policy) | |
60 | * badPOP (9), | |
61 | * -- the proof-of-possession failed | |
62 | * certRevoked (10), | |
63 | * -- the certificate has already been revoked | |
64 | * certConfirmed (11), | |
65 | * -- the certificate has already been confirmed | |
66 | * wrongIntegrity (12), | |
67 | * -- invalid integrity, password based instead of signature or | |
68 | * -- vice versa | |
69 | * badRecipientNonce (13), | |
70 | * -- invalid recipient nonce, either missing or wrong value | |
71 | * timeNotAvailable (14), | |
72 | * -- the TSA's time source is not available | |
73 | * unacceptedPolicy (15), | |
74 | * -- the requested TSA policy is not supported by the TSA. | |
75 | * unacceptedExtension (16), | |
76 | * -- the requested extension is not supported by the TSA. | |
77 | * addInfoNotAvailable (17), | |
78 | * -- the additional information requested could not be | |
79 | * -- understood or is not available | |
80 | * badSenderNonce (18), | |
81 | * -- invalid sender nonce, either missing or wrong size | |
82 | * badCertTemplate (19), | |
83 | * -- invalid cert. template or missing mandatory information | |
84 | * signerNotTrusted (20), | |
85 | * -- signer of the message unknown or not trusted | |
86 | * transactionIdInUse (21), | |
87 | * -- the transaction identifier is already in use | |
88 | * unsupportedVersion (22), | |
89 | * -- the version of the message is not supported | |
90 | * notAuthorized (23), | |
91 | * -- the sender was not authorized to make the preceding | |
92 | * -- request or perform the preceding action | |
93 | * systemUnavail (24), | |
94 | * -- the request cannot be handled due to system unavailability | |
95 | * systemFailure (25), | |
96 | * -- the request cannot be handled due to system failure | |
97 | * duplicateCertReq (26) | |
98 | * -- certificate cannot be issued because a duplicate | |
99 | * -- certificate already exists | |
100 | * } | |
101 | */ | |
102 | # define OSSL_CMP_PKIFAILUREINFO_badAlg 0 | |
103 | # define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 | |
104 | # define OSSL_CMP_PKIFAILUREINFO_badRequest 2 | |
105 | # define OSSL_CMP_PKIFAILUREINFO_badTime 3 | |
106 | # define OSSL_CMP_PKIFAILUREINFO_badCertId 4 | |
107 | # define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 | |
108 | # define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 | |
109 | # define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 | |
110 | # define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 | |
111 | # define OSSL_CMP_PKIFAILUREINFO_badPOP 9 | |
112 | # define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 | |
113 | # define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 | |
114 | # define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 | |
115 | # define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 | |
116 | # define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 | |
117 | # define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 | |
118 | # define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 | |
119 | # define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 | |
120 | # define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 | |
121 | # define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 | |
122 | # define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 | |
123 | # define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 | |
124 | # define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 | |
125 | # define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 | |
126 | # define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 | |
127 | # define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 | |
128 | # define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 | |
129 | # define OSSL_CMP_PKIFAILUREINFO_MAX 26 | |
130 | # define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ | |
235595c4 | 131 | ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1) |
8869ad4a | 132 | # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX |
235595c4 | 133 | # error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int |
8869ad4a AK |
134 | # endif |
135 | ||
136 | typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; | |
137 | ||
138 | # define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) | |
139 | # define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) | |
140 | # define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) | |
141 | # define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) | |
142 | # define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) | |
143 | # define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) | |
144 | # define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) | |
145 | # define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) | |
146 | # define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) | |
147 | # define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) | |
148 | # define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) | |
149 | # define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) | |
150 | # define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) | |
151 | # define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) | |
152 | # define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) | |
153 | # define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) | |
154 | # define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) | |
155 | # define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) | |
156 | # define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) | |
157 | # define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) | |
158 | # define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) | |
159 | # define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) | |
160 | # define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) | |
161 | # define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) | |
162 | # define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) | |
163 | # define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) | |
164 | # define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) | |
165 | ||
166 | /*- | |
167 | * PKIStatus ::= INTEGER { | |
168 | * accepted (0), | |
169 | * -- you got exactly what you asked for | |
170 | * grantedWithMods (1), | |
171 | * -- you got something like what you asked for; the | |
172 | * -- requester is responsible for ascertaining the differences | |
173 | * rejection (2), | |
174 | * -- you don't get it, more information elsewhere in the message | |
175 | * waiting (3), | |
176 | * -- the request body part has not yet been processed; expect to | |
177 | * -- hear more later (note: proper handling of this status | |
178 | * -- response MAY use the polling req/rep PKIMessages specified | |
179 | * -- in Section 5.3.22; alternatively, polling in the underlying | |
180 | * -- transport layer MAY have some utility in this regard) | |
181 | * revocationWarning (4), | |
182 | * -- this message contains a warning that a revocation is | |
183 | * -- imminent | |
184 | * revocationNotification (5), | |
185 | * -- notification that a revocation has occurred | |
186 | * keyUpdateWarning (6) | |
187 | * -- update already done for the oldCertId specified in | |
188 | * -- CertReqMsg | |
189 | * } | |
190 | */ | |
191 | # define OSSL_CMP_PKISTATUS_accepted 0 | |
192 | # define OSSL_CMP_PKISTATUS_grantedWithMods 1 | |
193 | # define OSSL_CMP_PKISTATUS_rejection 2 | |
194 | # define OSSL_CMP_PKISTATUS_waiting 3 | |
195 | # define OSSL_CMP_PKISTATUS_revocationWarning 4 | |
196 | # define OSSL_CMP_PKISTATUS_revocationNotification 5 | |
197 | # define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 | |
198 | ||
199 | typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; | |
200 | DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) | |
201 | ||
202 | # define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 | |
203 | # define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 | |
204 | ||
205 | /* data type declarations */ | |
7960dbec DDO |
206 | typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX; |
207 | typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER; | |
8869ad4a | 208 | DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) |
7960dbec | 209 | typedef struct ossl_cmp_msg_st OSSL_CMP_MSG; |
62dcd2aa | 210 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) |
8869ad4a | 211 | DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) |
7960dbec | 212 | typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS; |
01659135 | 213 | DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTSTATUS) |
7960dbec | 214 | typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV; |
62dcd2aa | 215 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) |
01659135 | 216 | DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_ITAV) |
7960dbec DDO |
217 | typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; |
218 | typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; | |
62dcd2aa DDO |
219 | DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) |
220 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) | |
01659135 | 221 | DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_PKISI) |
7960dbec | 222 | typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; |
01659135 | 223 | DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTREPMESSAGE) |
7960dbec | 224 | typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP; |
8869ad4a | 225 | typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; |
7960dbec | 226 | typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; |
01659135 | 227 | DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTRESPONSE) |
8869ad4a AK |
228 | typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; |
229 | ||
7960dbec DDO |
230 | /* |
231 | * function DECLARATIONS | |
232 | */ | |
233 | ||
8869ad4a AK |
234 | /* from cmp_asn.c */ |
235 | OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); | |
236 | void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, | |
237 | ASN1_TYPE *value); | |
238 | ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); | |
239 | ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); | |
240 | int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, | |
241 | OSSL_CMP_ITAV *itav); | |
242 | void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); | |
243 | void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); | |
7960dbec DDO |
244 | |
245 | /* from cmp_ctx.c */ | |
1a7cd250 | 246 | OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq); |
7960dbec DDO |
247 | void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); |
248 | int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); | |
249 | /* various CMP options: */ | |
250 | # define OSSL_CMP_OPT_LOG_VERBOSITY 0 | |
7e765f46 DDO |
251 | # define OSSL_CMP_OPT_MSG_TIMEOUT 1 |
252 | # define OSSL_CMP_OPT_TOTAL_TIMEOUT 2 | |
253 | # define OSSL_CMP_OPT_VALIDITY_DAYS 3 | |
7960dbec DDO |
254 | # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 4 |
255 | # define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 5 | |
256 | # define OSSL_CMP_OPT_POLICIES_CRITICAL 6 | |
7e765f46 | 257 | # define OSSL_CMP_OPT_POPO_METHOD 7 |
7960dbec DDO |
258 | # define OSSL_CMP_OPT_DIGEST_ALGNID 8 |
259 | # define OSSL_CMP_OPT_OWF_ALGNID 9 | |
260 | # define OSSL_CMP_OPT_MAC_ALGNID 10 | |
261 | # define OSSL_CMP_OPT_REVOCATION_REASON 11 | |
7e765f46 DDO |
262 | # define OSSL_CMP_OPT_IMPLICIT_CONFIRM 12 |
263 | # define OSSL_CMP_OPT_DISABLE_CONFIRM 13 | |
7960dbec DDO |
264 | # define OSSL_CMP_OPT_UNPROTECTED_SEND 14 |
265 | # define OSSL_CMP_OPT_UNPROTECTED_ERRORS 15 | |
266 | # define OSSL_CMP_OPT_IGNORE_KEYUSAGE 16 | |
267 | # define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 17 | |
268 | int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); | |
269 | int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); | |
270 | /* CMP-specific callback for logging and outputting the error queue: */ | |
7e765f46 | 271 | int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb); |
3dbc5156 | 272 | # define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ |
7960dbec | 273 | OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) |
c4a9e3eb | 274 | void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx); |
7960dbec DDO |
275 | /* message transfer: */ |
276 | int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); | |
4b1fe471 | 277 | int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); |
7960dbec | 278 | int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); |
afe554c2 DDO |
279 | int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); |
280 | int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); | |
29f178bd | 281 | int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); |
7960dbec DDO |
282 | int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); |
283 | void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); | |
7e765f46 | 284 | typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, |
29f178bd | 285 | const OSSL_CMP_MSG *req); |
7e765f46 | 286 | int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); |
7960dbec DDO |
287 | int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); |
288 | void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); | |
289 | /* server authentication: */ | |
290 | int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); | |
291 | int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
292 | int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); | |
293 | X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); | |
294 | int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); | |
295 | STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); | |
296 | /* client authentication: */ | |
63f1883d | 297 | int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); |
15076c26 DDO |
298 | int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, |
299 | STACK_OF(X509) *candidates); | |
7960dbec DDO |
300 | int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); |
301 | int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, | |
302 | const unsigned char *ref, int len); | |
303 | int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, | |
304 | const int len); | |
305 | /* CMP message header and extra certificates: */ | |
306 | int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
307 | int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); | |
308 | int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, | |
309 | STACK_OF(X509) *extraCertsOut); | |
310 | /* certificate template: */ | |
311 | int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); | |
312 | EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); | |
313 | int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
314 | int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
143be474 DDO |
315 | int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, |
316 | const GENERAL_NAME *name); | |
7960dbec DDO |
317 | int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); |
318 | int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); | |
319 | int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); | |
320 | int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); | |
321 | int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); | |
322 | /* misc body contents: */ | |
323 | int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); | |
324 | /* certificate confirmation: */ | |
7e765f46 | 325 | typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, |
7960dbec | 326 | int fail_info, const char **txt); |
15076c26 DDO |
327 | int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, |
328 | const char **text); | |
7e765f46 | 329 | int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb); |
7960dbec DDO |
330 | int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); |
331 | void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); | |
332 | /* result fetching: */ | |
333 | int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); | |
334 | OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); | |
335 | int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); | |
336 | # define OSSL_CMP_PKISI_BUFLEN 1024 | |
337 | X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); | |
39082af2 | 338 | STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); |
7960dbec DDO |
339 | STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); |
340 | STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); | |
7960dbec DDO |
341 | int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, |
342 | const ASN1_OCTET_STRING *id); | |
343 | int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, | |
344 | const ASN1_OCTET_STRING *nonce); | |
8869ad4a | 345 | |
4dde554c | 346 | /* from cmp_status.c */ |
62dcd2aa | 347 | char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, |
4dde554c | 348 | size_t bufsize); |
62dcd2aa DDO |
349 | char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo, |
350 | char *buf, size_t bufsize); | |
351 | OSSL_CMP_PKISI * | |
352 | OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text); | |
4dde554c DDO |
353 | |
354 | /* from cmp_hdr.c */ | |
143be474 DDO |
355 | ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const |
356 | OSSL_CMP_PKIHEADER *hdr); | |
4dde554c DDO |
357 | ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); |
358 | ||
3dbc5156 | 359 | /* from cmp_msg.c */ |
3dbc5156 | 360 | OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); |
143be474 | 361 | int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); |
593d6554 | 362 | OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); |
fafa56a1 | 363 | OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file); |
1202de44 | 364 | int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); |
ae8483d2 DDO |
365 | OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); |
366 | int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); | |
3dbc5156 | 367 | |
31b28ad9 DDO |
368 | /* from cmp_vfy.c */ |
369 | int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); | |
c4a9e3eb | 370 | int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, |
31b28ad9 DDO |
371 | X509_STORE *trusted_store, X509 *cert); |
372 | ||
afe554c2 DDO |
373 | /* from cmp_http.c */ |
374 | OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, | |
375 | const OSSL_CMP_MSG *req); | |
376 | ||
62dcd2aa DDO |
377 | /* from cmp_server.c */ |
378 | typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; | |
379 | OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, | |
380 | const OSSL_CMP_MSG *req); | |
381 | OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, | |
382 | const OSSL_CMP_MSG *req); | |
1a7cd250 | 383 | OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OPENSSL_CTX *libctx, const char *propq); |
62dcd2aa DDO |
384 | void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx); |
385 | typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t) | |
386 | (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, | |
387 | const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr, | |
388 | X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs); | |
389 | typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
390 | const OSSL_CMP_MSG *req, | |
391 | const X509_NAME *issuer, | |
392 | const ASN1_INTEGER *serial); | |
393 | typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
394 | const OSSL_CMP_MSG *req, | |
395 | const STACK_OF(OSSL_CMP_ITAV) *in, | |
396 | STACK_OF(OSSL_CMP_ITAV) **out); | |
397 | typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
398 | const OSSL_CMP_MSG *req, | |
399 | const OSSL_CMP_PKISI *statusInfo, | |
400 | const ASN1_INTEGER *errorCode, | |
143be474 | 401 | const OSSL_CMP_PKIFREETEXT *errDetails); |
62dcd2aa DDO |
402 | typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, |
403 | const OSSL_CMP_MSG *req, | |
404 | int certReqId, | |
405 | const ASN1_OCTET_STRING *certHash, | |
406 | const OSSL_CMP_PKISI *si); | |
407 | typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
408 | const OSSL_CMP_MSG *req, int certReqId, | |
409 | OSSL_CMP_MSG **certReq, | |
410 | int64_t *check_after); | |
411 | int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, | |
412 | OSSL_CMP_SRV_cert_request_cb_t process_cert_request, | |
413 | OSSL_CMP_SRV_rr_cb_t process_rr, | |
414 | OSSL_CMP_SRV_genm_cb_t process_genm, | |
415 | OSSL_CMP_SRV_error_cb_t process_error, | |
416 | OSSL_CMP_SRV_certConf_cb_t process_certConf, | |
417 | OSSL_CMP_SRV_pollReq_cb_t process_pollReq); | |
418 | OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); | |
419 | void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); | |
420 | int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, | |
421 | int val); | |
422 | int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val); | |
423 | int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val); | |
424 | int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, | |
425 | int val); | |
426 | ||
7e765f46 | 427 | /* from cmp_client.c */ |
299e0f1e DDO |
428 | X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, |
429 | const OSSL_CRMF_MSG *crm); | |
430 | # define OSSL_CMP_IR 0 | |
431 | # define OSSL_CMP_CR 2 | |
432 | # define OSSL_CMP_P10CR 4 | |
433 | # define OSSL_CMP_KUR 7 | |
434 | # define OSSL_CMP_exec_IR_ses(ctx) \ | |
435 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL) | |
436 | # define OSSL_CMP_exec_CR_ses(ctx) \ | |
437 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL) | |
438 | # define OSSL_CMP_exec_P10CR_ses(ctx) \ | |
439 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL) | |
440 | # define OSSL_CMP_exec_KUR_ses(ctx) \ | |
441 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL) | |
442 | int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, | |
443 | const OSSL_CRMF_MSG *crm, int *checkAfter); | |
7e765f46 DDO |
444 | X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); |
445 | STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); | |
446 | ||
3dbc5156 | 447 | # ifdef __cplusplus |
8869ad4a | 448 | } |
3dbc5156 | 449 | # endif |
62dcd2aa DDO |
450 | # endif /* !defined(OPENSSL_NO_CMP) */ |
451 | #endif /* !defined(OPENSSL_CMP_H) */ |