]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/cmp/cmp_asn.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix safestack issues in cmp.h
[thirdparty/openssl.git] / crypto / cmp / cmp_asn.c
1 /*
2 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12 #include <openssl/asn1t.h>
13
14 #include "cmp_local.h"
15
16 /* explicit #includes not strictly needed since implied by the above: */
17 #include <openssl/cmp.h>
18 #include <openssl/crmf.h>
19
20 /* ASN.1 declarations from RFC4210 */
21 ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
22 /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */
23 ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER),
24 ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID),
25 ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME),
26 ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME),
27 ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS)
28 } ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT)
29 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)
30
31
32 ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
33 ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR),
34 ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING),
35 ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING)
36 } ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE)
37 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)
38
39
40 ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) =
41 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
42 OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE)
43 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT)
44
45
46 ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) =
47 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
48 OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER)
49 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT)
50
51
52 ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
53 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
54 ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509),
55 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
56 ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509),
57 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
58 ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509)
59 } ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT)
60 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)
61
62
63 ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
64 ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI),
65 ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER),
66 /*
67 * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
68 * so it is used directly
69 *
70 */
71 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails,
72 ASN1_UTF8STRING)
73 } ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT)
74 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT)
75
76 ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV,
77 infoValue.other,
78 ASN1_ANY);
79 /* ITAV means InfoTypeAndValue */
80 ASN1_ADB(OSSL_CMP_ITAV) = {
81 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
82 ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV,
83 infoValue.caProtEncCert, X509)),
84 ADB_ENTRY(NID_id_it_signKeyPairTypes,
85 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
86 infoValue.signKeyPairTypes, X509_ALGOR)),
87 ADB_ENTRY(NID_id_it_encKeyPairTypes,
88 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
89 infoValue.encKeyPairTypes, X509_ALGOR)),
90 ADB_ENTRY(NID_id_it_preferredSymmAlg,
91 ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg,
92 X509_ALGOR)),
93 ADB_ENTRY(NID_id_it_caKeyUpdateInfo,
94 ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo,
95 OSSL_CMP_CAKEYUPDANNCONTENT)),
96 ADB_ENTRY(NID_id_it_currentCRL,
97 ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)),
98 ADB_ENTRY(NID_id_it_unsupportedOIDs,
99 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
100 infoValue.unsupportedOIDs, ASN1_OBJECT)),
101 ADB_ENTRY(NID_id_it_keyPairParamReq,
102 ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq,
103 ASN1_OBJECT)),
104 ADB_ENTRY(NID_id_it_keyPairParamRep,
105 ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep,
106 X509_ALGOR)),
107 ADB_ENTRY(NID_id_it_revPassphrase,
108 ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase,
109 OSSL_CRMF_ENCRYPTEDVALUE)),
110 ADB_ENTRY(NID_id_it_implicitConfirm,
111 ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm,
112 ASN1_NULL)),
113 ADB_ENTRY(NID_id_it_confirmWaitTime,
114 ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime,
115 ASN1_GENERALIZEDTIME)),
116 ADB_ENTRY(NID_id_it_origPKIMessage,
117 ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage,
118 OSSL_CMP_MSGS)),
119 ADB_ENTRY(NID_id_it_suppLangTags,
120 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue,
121 ASN1_UTF8STRING)),
122 } ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0,
123 &infotypeandvalue_default_tt, NULL);
124
125
126 ASN1_SEQUENCE(OSSL_CMP_ITAV) = {
127 ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT),
128 ASN1_ADB_OBJECT(OSSL_CMP_ITAV)
129 } ASN1_SEQUENCE_END(OSSL_CMP_ITAV)
130 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV)
131 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
132
133 OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value)
134 {
135 OSSL_CMP_ITAV *itav;
136
137 if (type == NULL || (itav = OSSL_CMP_ITAV_new()) == NULL)
138 return NULL;
139 OSSL_CMP_ITAV_set0(itav, type, value);
140 return itav;
141 }
142
143 void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
144 ASN1_TYPE *value)
145 {
146 itav->infoType = type;
147 itav->infoValue.other = value;
148 }
149
150 ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav)
151 {
152 if (itav == NULL)
153 return NULL;
154 return itav->infoType;
155 }
156
157 ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav)
158 {
159 if (itav == NULL)
160 return NULL;
161 return itav->infoValue.other;
162 }
163
164 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
165 OSSL_CMP_ITAV *itav)
166 {
167 int created = 0;
168
169 if (itav_sk_p == NULL || itav == NULL) {
170 CMPerr(0, CMP_R_NULL_ARGUMENT);
171 goto err;
172 }
173
174 if (*itav_sk_p == NULL) {
175 if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL)
176 goto err;
177 created = 1;
178 }
179 if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav))
180 goto err;
181 return 1;
182
183 err:
184 if (created != 0) {
185 sk_OSSL_CMP_ITAV_free(*itav_sk_p);
186 *itav_sk_p = NULL;
187 }
188 return 0;
189 }
190
191 /* get ASN.1 encoded integer, return -1 on error */
192 int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a)
193 {
194 int64_t res;
195
196 if (!ASN1_INTEGER_get_int64(&res, a)) {
197 CMPerr(0, ASN1_R_INVALID_NUMBER);
198 return -1;
199 }
200 if (res < INT_MIN) {
201 CMPerr(0, ASN1_R_TOO_SMALL);
202 return -1;
203 }
204 if (res > INT_MAX) {
205 CMPerr(0, ASN1_R_TOO_LARGE);
206 return -1;
207 }
208 return (int)res;
209 }
210
211 ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = {
212 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
213 ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0),
214 ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert,
215 OSSL_CRMF_ENCRYPTEDVALUE, 1),
216 } ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT)
217 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)
218
219
220 ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
221 ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert,
222 OSSL_CMP_CERTORENCCERT),
223 ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey,
224 OSSL_CRMF_ENCRYPTEDVALUE, 0),
225 ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo,
226 OSSL_CRMF_PKIPUBLICATIONINFO, 1)
227 } ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR)
228 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)
229
230
231 ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = {
232 ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE),
233 ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS)
234 } ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS)
235 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)
236
237
238 ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) =
239 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT,
240 OSSL_CMP_REVDETAILS)
241 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT)
242
243
244 ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
245 ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI),
246 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID,
247 0),
248 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1)
249 } ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT)
250 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)
251
252
253 ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
254 ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI),
255 ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0),
256 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1),
257 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist,
258 OSSL_CMP_CERTIFIEDKEYPAIR, 2)
259 } ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT)
260 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)
261
262
263 ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) =
264 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER)
265 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS)
266
267 ASN1_SEQUENCE(OSSL_CMP_PKISI) = {
268 ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS),
269 /*
270 * CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
271 * so it is used directly
272 */
273 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING),
274 /*
275 * OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING so used directly
276 */
277 ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING)
278 } ASN1_SEQUENCE_END(OSSL_CMP_PKISI)
279 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
280 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
281
282 ASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = {
283 ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING),
284 ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER),
285 ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI)
286 } ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS)
287 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS)
288
289 ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) =
290 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT,
291 OSSL_CMP_CERTSTATUS)
292 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT)
293
294 ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = {
295 ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER),
296 ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI),
297 ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair,
298 OSSL_CMP_CERTIFIEDKEYPAIR),
299 ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING)
300 } ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE)
301 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE)
302
303 ASN1_SEQUENCE(OSSL_CMP_POLLREQ) = {
304 ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER)
305 } ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ)
306 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ)
307
308 ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) =
309 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT,
310 OSSL_CMP_POLLREQ)
311 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT)
312
313 ASN1_SEQUENCE(OSSL_CMP_POLLREP) = {
314 ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER),
315 ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER),
316 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING),
317 } ASN1_SEQUENCE_END(OSSL_CMP_POLLREP)
318 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP)
319
320 ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) =
321 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
322 OSSL_CMP_POLLREPCONTENT,
323 OSSL_CMP_POLLREP)
324 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT)
325
326 ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = {
327 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
328 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1),
329 ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE)
330 } ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE)
331 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE)
332
333 ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) =
334 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT,
335 OSSL_CMP_ITAV)
336 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT)
337
338 ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) =
339 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT,
340 OSSL_CMP_ITAV)
341 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT)
342
343 ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) =
344 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
345 OSSL_CMP_CRLANNCONTENT, X509_CRL)
346 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT)
347
348 ASN1_CHOICE(OSSL_CMP_PKIBODY) = {
349 ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0),
350 ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1),
351 ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2),
352 ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3),
353 ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4),
354 ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc,
355 OSSL_CMP_POPODECKEYCHALLCONTENT, 5),
356 ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr,
357 OSSL_CMP_POPODECKEYRESPCONTENT, 6),
358 ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7),
359 ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8),
360 ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9),
361 ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10),
362 ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11),
363 ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12),
364 ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13),
365 ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14),
366 ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15),
367 ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16),
368 ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17),
369 ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18),
370 ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19),
371 ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20),
372 ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21),
373 ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22),
374 ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23),
375 ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24),
376 ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25),
377 ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26),
378 } ASN1_CHOICE_END(OSSL_CMP_PKIBODY)
379 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY)
380
381 ASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = {
382 ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER),
383 ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME),
384 ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME),
385 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0),
386 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1),
387 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2),
388 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3),
389 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4),
390 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5),
391 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6),
392 /*
393 * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
394 * so it is used directly
395 */
396 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7),
397 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo,
398 OSSL_CMP_ITAV, 8)
399 } ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER)
400 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
401
402 ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = {
403 ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
404 ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY)
405 } ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART)
406 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART)
407
408 ASN1_SEQUENCE(OSSL_CMP_MSG) = {
409 ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
410 ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY),
411 ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0),
412 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
413 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1)
414 } ASN1_SEQUENCE_END(OSSL_CMP_MSG)
415 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_MSG)
416 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
417
418 ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) =
419 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS,
420 OSSL_CMP_MSG)
421 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS)
A mirror of the official openssl repository