2 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
13 # define OPENSSL_CMP_H
15 # include <openssl/opensslconf.h>
16 # ifndef OPENSSL_NO_CMP
18 # include <openssl/crmf.h>
19 # include <openssl/cmperr.h>
20 # include <openssl/cmp_util.h>
21 # include <openssl/http.h>
23 /* explicit #includes not strictly needed since implied by the above: */
24 # include <openssl/types.h>
25 # include <openssl/safestack.h>
26 # include <openssl/x509.h>
27 # include <openssl/x509v3.h>
33 # define OSSL_CMP_PVNO 2
36 * PKIFailureInfo ::= BIT STRING {
37 * -- since we can fail in more than one way!
38 * -- More codes may be added in the future if/when required.
40 * -- unrecognized or unsupported Algorithm Identifier
41 * badMessageCheck (1),
42 * -- integrity check failed (e.g., signature did not verify)
44 * -- transaction not permitted or supported
46 * -- messageTime was not sufficiently close to the system time,
47 * -- as defined by local policy
49 * -- no certificate could be found matching the provided criteria
51 * -- the data submitted has the wrong format
53 * -- the authority indicated in the request is different from the
54 * -- one creating the response token
56 * -- the requester's data is incorrect (for notary services)
57 * missingTimeStamp (8),
58 * -- when the timestamp is missing but should be there
61 * -- the proof-of-possession failed
63 * -- the certificate has already been revoked
65 * -- the certificate has already been confirmed
66 * wrongIntegrity (12),
67 * -- invalid integrity, password based instead of signature or
69 * badRecipientNonce (13),
70 * -- invalid recipient nonce, either missing or wrong value
71 * timeNotAvailable (14),
72 * -- the TSA's time source is not available
73 * unacceptedPolicy (15),
74 * -- the requested TSA policy is not supported by the TSA.
75 * unacceptedExtension (16),
76 * -- the requested extension is not supported by the TSA.
77 * addInfoNotAvailable (17),
78 * -- the additional information requested could not be
79 * -- understood or is not available
80 * badSenderNonce (18),
81 * -- invalid sender nonce, either missing or wrong size
82 * badCertTemplate (19),
83 * -- invalid cert. template or missing mandatory information
84 * signerNotTrusted (20),
85 * -- signer of the message unknown or not trusted
86 * transactionIdInUse (21),
87 * -- the transaction identifier is already in use
88 * unsupportedVersion (22),
89 * -- the version of the message is not supported
91 * -- the sender was not authorized to make the preceding
92 * -- request or perform the preceding action
94 * -- the request cannot be handled due to system unavailability
96 * -- the request cannot be handled due to system failure
97 * duplicateCertReq (26)
98 * -- certificate cannot be issued because a duplicate
99 * -- certificate already exists
102 # define OSSL_CMP_PKIFAILUREINFO_badAlg 0
103 # define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1
104 # define OSSL_CMP_PKIFAILUREINFO_badRequest 2
105 # define OSSL_CMP_PKIFAILUREINFO_badTime 3
106 # define OSSL_CMP_PKIFAILUREINFO_badCertId 4
107 # define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5
108 # define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6
109 # define OSSL_CMP_PKIFAILUREINFO_incorrectData 7
110 # define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8
111 # define OSSL_CMP_PKIFAILUREINFO_badPOP 9
112 # define OSSL_CMP_PKIFAILUREINFO_certRevoked 10
113 # define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11
114 # define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12
115 # define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13
116 # define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14
117 # define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15
118 # define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16
119 # define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17
120 # define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18
121 # define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19
122 # define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20
123 # define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21
124 # define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22
125 # define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23
126 # define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24
127 # define OSSL_CMP_PKIFAILUREINFO_systemFailure 25
128 # define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
129 # define OSSL_CMP_PKIFAILUREINFO_MAX 26
130 # define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \
131 ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1)
132 # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
133 # error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
136 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO
;
138 # define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
139 # define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1)
140 # define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2)
141 # define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3)
142 # define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4)
143 # define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5)
144 # define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6)
145 # define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7)
146 # define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8)
147 # define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9)
148 # define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10)
149 # define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11)
150 # define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12)
151 # define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13)
152 # define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14)
153 # define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15)
154 # define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16)
155 # define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17)
156 # define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18)
157 # define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19)
158 # define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20)
159 # define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21)
160 # define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22)
161 # define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23)
162 # define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24)
163 # define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25)
164 # define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26)
167 * PKIStatus ::= INTEGER {
169 * -- you got exactly what you asked for
170 * grantedWithMods (1),
171 * -- you got something like what you asked for; the
172 * -- requester is responsible for ascertaining the differences
174 * -- you don't get it, more information elsewhere in the message
176 * -- the request body part has not yet been processed; expect to
177 * -- hear more later (note: proper handling of this status
178 * -- response MAY use the polling req/rep PKIMessages specified
179 * -- in Section 5.3.22; alternatively, polling in the underlying
180 * -- transport layer MAY have some utility in this regard)
181 * revocationWarning (4),
182 * -- this message contains a warning that a revocation is
184 * revocationNotification (5),
185 * -- notification that a revocation has occurred
186 * keyUpdateWarning (6)
187 * -- update already done for the oldCertId specified in
191 # define OSSL_CMP_PKISTATUS_accepted 0
192 # define OSSL_CMP_PKISTATUS_grantedWithMods 1
193 # define OSSL_CMP_PKISTATUS_rejection 2
194 # define OSSL_CMP_PKISTATUS_waiting 3
195 # define OSSL_CMP_PKISTATUS_revocationWarning 4
196 # define OSSL_CMP_PKISTATUS_revocationNotification 5
197 # define OSSL_CMP_PKISTATUS_keyUpdateWarning 6
199 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS
;
200 DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS
)
202 # define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
203 # define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1
205 /* data type declarations */
206 typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX
;
207 typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER
;
208 DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER
)
209 typedef struct ossl_cmp_msg_st OSSL_CMP_MSG
;
210 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG
)
211 DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG
, OSSL_CMP_MSG
, OSSL_CMP_MSG
)
212 typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS
;
213 DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTSTATUS
)
214 typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV
;
215 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV
)
216 DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_ITAV
)
217 typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT
;
218 typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI
;
219 DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI
)
220 DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI
)
221 DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_PKISI
)
222 typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE
;
223 DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTREPMESSAGE
)
224 typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP
;
225 typedef STACK_OF(OSSL_CMP_POLLREP
) OSSL_CMP_POLLREPCONTENT
;
226 typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE
;
227 DEFINE_OR_DECLARE_STACK_OF(OSSL_CMP_CERTRESPONSE
)
228 typedef STACK_OF(ASN1_UTF8STRING
) OSSL_CMP_PKIFREETEXT
;
231 * function DECLARATIONS
235 OSSL_CMP_ITAV
*OSSL_CMP_ITAV_create(ASN1_OBJECT
*type
, ASN1_TYPE
*value
);
236 void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV
*itav
, ASN1_OBJECT
*type
,
238 ASN1_OBJECT
*OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV
*itav
);
239 ASN1_TYPE
*OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV
*itav
);
240 int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV
) **itav_sk_p
,
241 OSSL_CMP_ITAV
*itav
);
242 void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV
*itav
);
243 void OSSL_CMP_MSG_free(OSSL_CMP_MSG
*msg
);
246 OSSL_CMP_CTX
*OSSL_CMP_CTX_new(void);
247 void OSSL_CMP_CTX_free(OSSL_CMP_CTX
*ctx
);
248 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX
*ctx
);
249 /* various CMP options: */
250 # define OSSL_CMP_OPT_LOG_VERBOSITY 0
251 # define OSSL_CMP_OPT_MSG_TIMEOUT 1
252 # define OSSL_CMP_OPT_TOTAL_TIMEOUT 2
253 # define OSSL_CMP_OPT_VALIDITY_DAYS 3
254 # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 4
255 # define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 5
256 # define OSSL_CMP_OPT_POLICIES_CRITICAL 6
257 # define OSSL_CMP_OPT_POPO_METHOD 7
258 # define OSSL_CMP_OPT_DIGEST_ALGNID 8
259 # define OSSL_CMP_OPT_OWF_ALGNID 9
260 # define OSSL_CMP_OPT_MAC_ALGNID 10
261 # define OSSL_CMP_OPT_REVOCATION_REASON 11
262 # define OSSL_CMP_OPT_IMPLICIT_CONFIRM 12
263 # define OSSL_CMP_OPT_DISABLE_CONFIRM 13
264 # define OSSL_CMP_OPT_UNPROTECTED_SEND 14
265 # define OSSL_CMP_OPT_UNPROTECTED_ERRORS 15
266 # define OSSL_CMP_OPT_IGNORE_KEYUSAGE 16
267 # define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 17
268 int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX
*ctx
, int opt
, int val
);
269 int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX
*ctx
, int opt
);
270 /* CMP-specific callback for logging and outputting the error queue: */
271 int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX
*ctx
, OSSL_CMP_log_cb_t cb
);
272 # define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \
273 OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level)
274 void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX
*ctx
);
275 /* message transfer: */
276 int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX
*ctx
, const char *path
);
277 int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX
*ctx
, const char *address
);
278 int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX
*ctx
, int port
);
279 int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX
*ctx
, const char *name
);
280 int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX
*ctx
, const char *names
);
281 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX
*ctx
, OSSL_HTTP_bio_cb_t cb
);
282 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX
*ctx
, void *arg
);
283 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX
*ctx
);
284 typedef OSSL_CMP_MSG
*(*OSSL_CMP_transfer_cb_t
) (OSSL_CMP_CTX
*ctx
,
285 const OSSL_CMP_MSG
*req
);
286 int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX
*ctx
, OSSL_CMP_transfer_cb_t cb
);
287 int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX
*ctx
, void *arg
);
288 void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX
*ctx
);
289 /* server authentication: */
290 int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX
*ctx
, X509
*cert
);
291 int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX
*ctx
, const X509_NAME
*name
);
292 int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX
*ctx
, X509_STORE
*store
);
293 X509_STORE
*OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX
*ctx
);
294 int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX
*ctx
, STACK_OF(X509
) *certs
);
295 STACK_OF(X509
) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX
*ctx
);
296 /* client authentication: */
297 int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX
*ctx
, X509
*cert
);
298 int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX
*ctx
, EVP_PKEY
*pkey
);
299 int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX
*ctx
,
300 const unsigned char *ref
, int len
);
301 int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX
*ctx
, const unsigned char *sec
,
303 /* CMP message header and extra certificates: */
304 int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX
*ctx
, const X509_NAME
*name
);
305 int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX
*ctx
, OSSL_CMP_ITAV
*itav
);
306 int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX
*ctx
,
307 STACK_OF(X509
) *extraCertsOut
);
308 /* certificate template: */
309 int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX
*ctx
, int priv
, EVP_PKEY
*pkey
);
310 EVP_PKEY
*OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX
*ctx
, int priv
);
311 int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX
*ctx
, const X509_NAME
*name
);
312 int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX
*ctx
, const X509_NAME
*name
);
313 int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX
*ctx
,
314 const GENERAL_NAME
*name
);
315 int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX
*ctx
, X509_EXTENSIONS
*exts
);
316 int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX
*ctx
);
317 int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX
*ctx
, POLICYINFO
*pinfo
);
318 int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX
*ctx
, X509
*cert
);
319 int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX
*ctx
, const X509_REQ
*csr
);
320 /* misc body contents: */
321 int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX
*ctx
, OSSL_CMP_ITAV
*itav
);
322 /* certificate confirmation: */
323 typedef int (*OSSL_CMP_certConf_cb_t
) (OSSL_CMP_CTX
*ctx
, X509
*cert
,
324 int fail_info
, const char **txt
);
325 int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX
*ctx
, OSSL_CMP_certConf_cb_t cb
);
326 int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX
*ctx
, void *arg
);
327 void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX
*ctx
);
328 /* result fetching: */
329 int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX
*ctx
);
330 OSSL_CMP_PKIFREETEXT
*OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX
*ctx
);
331 int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX
*ctx
);
332 # define OSSL_CMP_PKISI_BUFLEN 1024
333 X509
*OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX
*ctx
);
334 STACK_OF(X509
) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX
*ctx
);
335 STACK_OF(X509
) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX
*ctx
);
336 int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX
*ctx
,
337 const ASN1_OCTET_STRING
*id
);
338 int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX
*ctx
,
339 const ASN1_OCTET_STRING
*nonce
);
341 /* from cmp_status.c */
342 char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX
*ctx
, char *buf
,
344 char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI
*statusInfo
,
345 char *buf
, size_t bufsize
);
347 OSSL_CMP_STATUSINFO_new(int status
, int fail_info
, const char *text
);
350 ASN1_OCTET_STRING
*OSSL_CMP_HDR_get0_transactionID(const
351 OSSL_CMP_PKIHEADER
*hdr
);
352 ASN1_OCTET_STRING
*OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER
*hdr
);
355 OSSL_CMP_PKIHEADER
*OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG
*msg
);
356 int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX
*ctx
, OSSL_CMP_MSG
*msg
);
357 OSSL_CMP_MSG
*d2i_OSSL_CMP_MSG_bio(BIO
*bio
, OSSL_CMP_MSG
**msg
);
358 int i2d_OSSL_CMP_MSG_bio(BIO
*bio
, const OSSL_CMP_MSG
*msg
);
361 int OSSL_CMP_validate_msg(OSSL_CMP_CTX
*ctx
, const OSSL_CMP_MSG
*msg
);
362 int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX
*ctx
,
363 X509_STORE
*trusted_store
, X509
*cert
);
365 /* from cmp_http.c */
366 OSSL_CMP_MSG
*OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX
*ctx
,
367 const OSSL_CMP_MSG
*req
);
369 /* from cmp_server.c */
370 typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX
;
371 OSSL_CMP_MSG
*OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX
*srv_ctx
,
372 const OSSL_CMP_MSG
*req
);
373 OSSL_CMP_MSG
* OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX
*client_ctx
,
374 const OSSL_CMP_MSG
*req
);
375 OSSL_CMP_SRV_CTX
*OSSL_CMP_SRV_CTX_new(void);
376 void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX
*srv_ctx
);
377 typedef OSSL_CMP_PKISI
*(*OSSL_CMP_SRV_cert_request_cb_t
)
378 (OSSL_CMP_SRV_CTX
*srv_ctx
, const OSSL_CMP_MSG
*req
, int certReqId
,
379 const OSSL_CRMF_MSG
*crm
, const X509_REQ
*p10cr
,
380 X509
**certOut
, STACK_OF(X509
) **chainOut
, STACK_OF(X509
) **caPubs
);
381 typedef OSSL_CMP_PKISI
*(*OSSL_CMP_SRV_rr_cb_t
)(OSSL_CMP_SRV_CTX
*srv_ctx
,
382 const OSSL_CMP_MSG
*req
,
383 const X509_NAME
*issuer
,
384 const ASN1_INTEGER
*serial
);
385 typedef int (*OSSL_CMP_SRV_genm_cb_t
)(OSSL_CMP_SRV_CTX
*srv_ctx
,
386 const OSSL_CMP_MSG
*req
,
387 const STACK_OF(OSSL_CMP_ITAV
) *in
,
388 STACK_OF(OSSL_CMP_ITAV
) **out
);
389 typedef void (*OSSL_CMP_SRV_error_cb_t
)(OSSL_CMP_SRV_CTX
*srv_ctx
,
390 const OSSL_CMP_MSG
*req
,
391 const OSSL_CMP_PKISI
*statusInfo
,
392 const ASN1_INTEGER
*errorCode
,
393 const OSSL_CMP_PKIFREETEXT
*errDetails
);
394 typedef int (*OSSL_CMP_SRV_certConf_cb_t
)(OSSL_CMP_SRV_CTX
*srv_ctx
,
395 const OSSL_CMP_MSG
*req
,
397 const ASN1_OCTET_STRING
*certHash
,
398 const OSSL_CMP_PKISI
*si
);
399 typedef int (*OSSL_CMP_SRV_pollReq_cb_t
)(OSSL_CMP_SRV_CTX
*srv_ctx
,
400 const OSSL_CMP_MSG
*req
, int certReqId
,
401 OSSL_CMP_MSG
**certReq
,
402 int64_t *check_after
);
403 int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX
*srv_ctx
, void *custom_ctx
,
404 OSSL_CMP_SRV_cert_request_cb_t process_cert_request
,
405 OSSL_CMP_SRV_rr_cb_t process_rr
,
406 OSSL_CMP_SRV_genm_cb_t process_genm
,
407 OSSL_CMP_SRV_error_cb_t process_error
,
408 OSSL_CMP_SRV_certConf_cb_t process_certConf
,
409 OSSL_CMP_SRV_pollReq_cb_t process_pollReq
);
410 OSSL_CMP_CTX
*OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX
*srv_ctx
);
411 void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX
*srv_ctx
);
412 int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX
*srv_ctx
,
414 int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX
*srv_ctx
, int val
);
415 int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX
*srv_ctx
, int val
);
416 int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX
*srv_ctx
,
419 /* from cmp_client.c */
420 X509
*OSSL_CMP_exec_certreq(OSSL_CMP_CTX
*ctx
, int req_type
,
421 const OSSL_CRMF_MSG
*crm
);
422 # define OSSL_CMP_IR 0
423 # define OSSL_CMP_CR 2
424 # define OSSL_CMP_P10CR 4
425 # define OSSL_CMP_KUR 7
426 # define OSSL_CMP_exec_IR_ses(ctx) \
427 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL)
428 # define OSSL_CMP_exec_CR_ses(ctx) \
429 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL)
430 # define OSSL_CMP_exec_P10CR_ses(ctx) \
431 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL)
432 # define OSSL_CMP_exec_KUR_ses(ctx) \
433 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL)
434 int OSSL_CMP_try_certreq(OSSL_CMP_CTX
*ctx
, int req_type
,
435 const OSSL_CRMF_MSG
*crm
, int *checkAfter
);
436 int OSSL_CMP_certConf_cb(OSSL_CMP_CTX
*ctx
, X509
*cert
, int fail_info
,
438 X509
*OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX
*ctx
);
439 STACK_OF(OSSL_CMP_ITAV
) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX
*ctx
);
444 # endif /* !defined(OPENSSL_NO_CMP) */
445 #endif /* !defined(OPENSSL_CMP_H) */