]>
Commit | Line | Data |
---|---|---|
7960dbec | 1 | /* |
8869ad4a AK |
2 | * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. |
3 | * Copyright Nokia 2007-2019 | |
4 | * Copyright Siemens AG 2015-2019 | |
5 | * | |
6 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
7 | * this file except in compliance with the License. You can obtain a copy | |
8 | * in the file LICENSE in the source distribution or at | |
9 | * https://www.openssl.org/source/license.html | |
8869ad4a AK |
10 | */ |
11 | ||
12 | #ifndef OSSL_HEADER_CMP_H | |
13 | # define OSSL_HEADER_CMP_H | |
14 | ||
15 | # include <openssl/opensslconf.h> | |
16 | # ifndef OPENSSL_NO_CMP | |
17 | ||
18 | # include <openssl/crmf.h> | |
19 | # include <openssl/cmperr.h> | |
7960dbec | 20 | # include <openssl/cmp_util.h> |
8869ad4a AK |
21 | |
22 | /* explicit #includes not strictly needed since implied by the above: */ | |
23 | # include <openssl/ossl_typ.h> | |
24 | # include <openssl/safestack.h> | |
25 | # include <openssl/x509.h> | |
26 | # include <openssl/x509v3.h> | |
27 | ||
28 | # ifdef __cplusplus | |
29 | extern "C" { | |
30 | # endif | |
31 | ||
32 | # define OSSL_CMP_PVNO 2 | |
33 | ||
34 | /*- | |
35 | * PKIFailureInfo ::= BIT STRING { | |
36 | * -- since we can fail in more than one way! | |
37 | * -- More codes may be added in the future if/when required. | |
38 | * badAlg (0), | |
39 | * -- unrecognized or unsupported Algorithm Identifier | |
40 | * badMessageCheck (1), | |
41 | * -- integrity check failed (e.g., signature did not verify) | |
42 | * badRequest (2), | |
43 | * -- transaction not permitted or supported | |
44 | * badTime (3), | |
45 | * -- messageTime was not sufficiently close to the system time, | |
46 | * -- as defined by local policy | |
47 | * badCertId (4), | |
48 | * -- no certificate could be found matching the provided criteria | |
49 | * badDataFormat (5), | |
50 | * -- the data submitted has the wrong format | |
51 | * wrongAuthority (6), | |
52 | * -- the authority indicated in the request is different from the | |
53 | * -- one creating the response token | |
54 | * incorrectData (7), | |
55 | * -- the requester's data is incorrect (for notary services) | |
56 | * missingTimeStamp (8), | |
57 | * -- when the timestamp is missing but should be there | |
58 | * -- (by policy) | |
59 | * badPOP (9), | |
60 | * -- the proof-of-possession failed | |
61 | * certRevoked (10), | |
62 | * -- the certificate has already been revoked | |
63 | * certConfirmed (11), | |
64 | * -- the certificate has already been confirmed | |
65 | * wrongIntegrity (12), | |
66 | * -- invalid integrity, password based instead of signature or | |
67 | * -- vice versa | |
68 | * badRecipientNonce (13), | |
69 | * -- invalid recipient nonce, either missing or wrong value | |
70 | * timeNotAvailable (14), | |
71 | * -- the TSA's time source is not available | |
72 | * unacceptedPolicy (15), | |
73 | * -- the requested TSA policy is not supported by the TSA. | |
74 | * unacceptedExtension (16), | |
75 | * -- the requested extension is not supported by the TSA. | |
76 | * addInfoNotAvailable (17), | |
77 | * -- the additional information requested could not be | |
78 | * -- understood or is not available | |
79 | * badSenderNonce (18), | |
80 | * -- invalid sender nonce, either missing or wrong size | |
81 | * badCertTemplate (19), | |
82 | * -- invalid cert. template or missing mandatory information | |
83 | * signerNotTrusted (20), | |
84 | * -- signer of the message unknown or not trusted | |
85 | * transactionIdInUse (21), | |
86 | * -- the transaction identifier is already in use | |
87 | * unsupportedVersion (22), | |
88 | * -- the version of the message is not supported | |
89 | * notAuthorized (23), | |
90 | * -- the sender was not authorized to make the preceding | |
91 | * -- request or perform the preceding action | |
92 | * systemUnavail (24), | |
93 | * -- the request cannot be handled due to system unavailability | |
94 | * systemFailure (25), | |
95 | * -- the request cannot be handled due to system failure | |
96 | * duplicateCertReq (26) | |
97 | * -- certificate cannot be issued because a duplicate | |
98 | * -- certificate already exists | |
99 | * } | |
100 | */ | |
101 | # define OSSL_CMP_PKIFAILUREINFO_badAlg 0 | |
102 | # define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 | |
103 | # define OSSL_CMP_PKIFAILUREINFO_badRequest 2 | |
104 | # define OSSL_CMP_PKIFAILUREINFO_badTime 3 | |
105 | # define OSSL_CMP_PKIFAILUREINFO_badCertId 4 | |
106 | # define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 | |
107 | # define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 | |
108 | # define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 | |
109 | # define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 | |
110 | # define OSSL_CMP_PKIFAILUREINFO_badPOP 9 | |
111 | # define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 | |
112 | # define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 | |
113 | # define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 | |
114 | # define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 | |
115 | # define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 | |
116 | # define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 | |
117 | # define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 | |
118 | # define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 | |
119 | # define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 | |
120 | # define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 | |
121 | # define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 | |
122 | # define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 | |
123 | # define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 | |
124 | # define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 | |
125 | # define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 | |
126 | # define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 | |
127 | # define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 | |
128 | # define OSSL_CMP_PKIFAILUREINFO_MAX 26 | |
129 | # define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ | |
130 | ( (1<<(OSSL_CMP_PKIFAILUREINFO_MAX+1)) - 1) | |
131 | # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX | |
132 | # error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int | |
133 | # endif | |
134 | ||
135 | typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; | |
136 | ||
137 | # define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) | |
138 | # define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) | |
139 | # define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) | |
140 | # define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) | |
141 | # define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) | |
142 | # define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) | |
143 | # define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) | |
144 | # define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) | |
145 | # define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) | |
146 | # define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) | |
147 | # define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) | |
148 | # define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) | |
149 | # define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) | |
150 | # define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) | |
151 | # define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) | |
152 | # define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) | |
153 | # define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) | |
154 | # define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) | |
155 | # define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) | |
156 | # define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) | |
157 | # define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) | |
158 | # define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) | |
159 | # define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) | |
160 | # define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) | |
161 | # define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) | |
162 | # define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) | |
163 | # define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) | |
164 | ||
165 | /*- | |
166 | * PKIStatus ::= INTEGER { | |
167 | * accepted (0), | |
168 | * -- you got exactly what you asked for | |
169 | * grantedWithMods (1), | |
170 | * -- you got something like what you asked for; the | |
171 | * -- requester is responsible for ascertaining the differences | |
172 | * rejection (2), | |
173 | * -- you don't get it, more information elsewhere in the message | |
174 | * waiting (3), | |
175 | * -- the request body part has not yet been processed; expect to | |
176 | * -- hear more later (note: proper handling of this status | |
177 | * -- response MAY use the polling req/rep PKIMessages specified | |
178 | * -- in Section 5.3.22; alternatively, polling in the underlying | |
179 | * -- transport layer MAY have some utility in this regard) | |
180 | * revocationWarning (4), | |
181 | * -- this message contains a warning that a revocation is | |
182 | * -- imminent | |
183 | * revocationNotification (5), | |
184 | * -- notification that a revocation has occurred | |
185 | * keyUpdateWarning (6) | |
186 | * -- update already done for the oldCertId specified in | |
187 | * -- CertReqMsg | |
188 | * } | |
189 | */ | |
190 | # define OSSL_CMP_PKISTATUS_accepted 0 | |
191 | # define OSSL_CMP_PKISTATUS_grantedWithMods 1 | |
192 | # define OSSL_CMP_PKISTATUS_rejection 2 | |
193 | # define OSSL_CMP_PKISTATUS_waiting 3 | |
194 | # define OSSL_CMP_PKISTATUS_revocationWarning 4 | |
195 | # define OSSL_CMP_PKISTATUS_revocationNotification 5 | |
196 | # define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 | |
197 | ||
198 | typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; | |
199 | DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) | |
200 | ||
201 | # define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 | |
202 | # define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 | |
203 | ||
204 | /* data type declarations */ | |
7960dbec DDO |
205 | typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX; |
206 | typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER; | |
8869ad4a | 207 | DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) |
7960dbec | 208 | typedef struct ossl_cmp_msg_st OSSL_CMP_MSG; |
8869ad4a | 209 | DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) |
7960dbec | 210 | typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS; |
8869ad4a | 211 | DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS) |
7960dbec | 212 | typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV; |
8869ad4a | 213 | DEFINE_STACK_OF(OSSL_CMP_ITAV) |
7960dbec DDO |
214 | typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; |
215 | typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; | |
8869ad4a | 216 | DEFINE_STACK_OF(OSSL_CMP_PKISI) |
7960dbec | 217 | typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; |
8869ad4a | 218 | DEFINE_STACK_OF(OSSL_CMP_CERTREPMESSAGE) |
7960dbec | 219 | typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP; |
8869ad4a | 220 | typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; |
7960dbec | 221 | typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; |
8869ad4a AK |
222 | DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE) |
223 | typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; | |
224 | ||
7960dbec DDO |
225 | /* |
226 | * function DECLARATIONS | |
227 | */ | |
228 | ||
8869ad4a AK |
229 | /* from cmp_asn.c */ |
230 | OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); | |
231 | void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, | |
232 | ASN1_TYPE *value); | |
233 | ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); | |
234 | ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); | |
235 | int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, | |
236 | OSSL_CMP_ITAV *itav); | |
237 | void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); | |
238 | void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); | |
7960dbec DDO |
239 | |
240 | /* from cmp_ctx.c */ | |
241 | OSSL_CMP_CTX *OSSL_CMP_CTX_new(void); | |
242 | void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); | |
243 | int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); | |
244 | /* various CMP options: */ | |
245 | # define OSSL_CMP_OPT_LOG_VERBOSITY 0 | |
246 | # define OSSL_CMP_OPT_MSGTIMEOUT 1 | |
247 | # define OSSL_CMP_OPT_TOTALTIMEOUT 2 | |
248 | # define OSSL_CMP_OPT_VALIDITYDAYS 3 | |
249 | # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 4 | |
250 | # define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 5 | |
251 | # define OSSL_CMP_OPT_POLICIES_CRITICAL 6 | |
252 | # define OSSL_CMP_OPT_POPOMETHOD 7 | |
253 | # define OSSL_CMP_OPT_DIGEST_ALGNID 8 | |
254 | # define OSSL_CMP_OPT_OWF_ALGNID 9 | |
255 | # define OSSL_CMP_OPT_MAC_ALGNID 10 | |
256 | # define OSSL_CMP_OPT_REVOCATION_REASON 11 | |
257 | # define OSSL_CMP_OPT_IMPLICITCONFIRM 12 | |
258 | # define OSSL_CMP_OPT_DISABLECONFIRM 13 | |
259 | # define OSSL_CMP_OPT_UNPROTECTED_SEND 14 | |
260 | # define OSSL_CMP_OPT_UNPROTECTED_ERRORS 15 | |
261 | # define OSSL_CMP_OPT_IGNORE_KEYUSAGE 16 | |
262 | # define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 17 | |
263 | int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); | |
264 | int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); | |
265 | /* CMP-specific callback for logging and outputting the error queue: */ | |
266 | int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_log_cb_t cb); | |
267 | #define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ | |
268 | OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) | |
269 | void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx); | |
270 | /* message transfer: */ | |
271 | int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); | |
272 | int OSSL_CMP_CTX_set1_serverName(OSSL_CMP_CTX *ctx, const char *name); | |
273 | int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); | |
274 | int OSSL_CMP_CTX_set1_proxyName(OSSL_CMP_CTX *ctx, const char *name); | |
275 | int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port); | |
276 | # define OSSL_CMP_DEFAULT_PORT 80 | |
277 | typedef BIO *(*OSSL_cmp_http_cb_t) (OSSL_CMP_CTX *ctx, BIO *hbio, | |
278 | unsigned long detail); | |
279 | int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_http_cb_t cb); | |
280 | int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); | |
281 | void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); | |
282 | typedef int (*OSSL_cmp_transfer_cb_t) (OSSL_CMP_CTX *ctx, | |
283 | const OSSL_CMP_MSG *req, | |
284 | OSSL_CMP_MSG **res); | |
285 | int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_transfer_cb_t cb); | |
286 | int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); | |
287 | void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); | |
288 | /* server authentication: */ | |
289 | int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); | |
290 | int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
291 | int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); | |
292 | X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); | |
293 | int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); | |
294 | STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx); | |
295 | /* client authentication: */ | |
296 | int OSSL_CMP_CTX_set1_clCert(OSSL_CMP_CTX *ctx, X509 *cert); | |
297 | int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); | |
298 | int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, | |
299 | const unsigned char *ref, int len); | |
300 | int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec, | |
301 | const int len); | |
302 | /* CMP message header and extra certificates: */ | |
303 | int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
304 | int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); | |
305 | int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, | |
306 | STACK_OF(X509) *extraCertsOut); | |
307 | /* certificate template: */ | |
308 | int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); | |
309 | EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); | |
310 | int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
311 | int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
312 | int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, const GENERAL_NAME *name); | |
313 | int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); | |
314 | int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); | |
315 | int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); | |
316 | int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); | |
317 | int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); | |
318 | /* misc body contents: */ | |
319 | int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); | |
320 | /* certificate confirmation: */ | |
321 | typedef int (*OSSL_cmp_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, | |
322 | int fail_info, const char **txt); | |
323 | int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_certConf_cb_t cb); | |
324 | int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); | |
325 | void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); | |
326 | /* result fetching: */ | |
327 | int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); | |
328 | OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); | |
329 | int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); | |
330 | # define OSSL_CMP_PKISI_BUFLEN 1024 | |
331 | X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); | |
332 | STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); | |
333 | STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); | |
334 | /* support application-level CMP debugging in cmp.c: */ | |
335 | int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, | |
336 | const ASN1_OCTET_STRING *id); | |
337 | int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, | |
338 | const ASN1_OCTET_STRING *nonce); | |
8869ad4a AK |
339 | |
340 | # ifdef __cplusplus | |
341 | } | |
342 | # endif | |
343 | # endif /* !defined OPENSSL_NO_CMP */ | |
344 | #endif /* !defined OSSL_HEADER_CMP_H */ |