]>
Commit | Line | Data |
---|---|---|
7960dbec | 1 | /* |
798f9329 MC |
2 | * {- join("\n * ", @autowarntext) -} |
3 | * | |
b6461792 | 4 | * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. |
8869ad4a AK |
5 | * Copyright Nokia 2007-2019 |
6 | * Copyright Siemens AG 2015-2019 | |
7 | * | |
8 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
9 | * this file except in compliance with the License. You can obtain a copy | |
10 | * in the file LICENSE in the source distribution or at | |
11 | * https://www.openssl.org/source/license.html | |
8869ad4a AK |
12 | */ |
13 | ||
798f9329 MC |
14 | {- |
15 | use OpenSSL::stackhash qw(generate_stack_macros); | |
16 | -} | |
17 | ||
ae4186b0 DMSP |
18 | #ifndef OPENSSL_CMP_H |
19 | # define OPENSSL_CMP_H | |
8869ad4a AK |
20 | |
21 | # include <openssl/opensslconf.h> | |
22 | # ifndef OPENSSL_NO_CMP | |
23 | ||
24 | # include <openssl/crmf.h> | |
25 | # include <openssl/cmperr.h> | |
7960dbec | 26 | # include <openssl/cmp_util.h> |
29f178bd | 27 | # include <openssl/http.h> |
8869ad4a AK |
28 | |
29 | /* explicit #includes not strictly needed since implied by the above: */ | |
50cd4768 | 30 | # include <openssl/types.h> |
8869ad4a AK |
31 | # include <openssl/safestack.h> |
32 | # include <openssl/x509.h> | |
33 | # include <openssl/x509v3.h> | |
34 | ||
235595c4 | 35 | # ifdef __cplusplus |
8869ad4a AK |
36 | extern "C" { |
37 | # endif | |
38 | ||
c4ad4e5b DDO |
39 | # define OSSL_CMP_PVNO_2 2 |
40 | # define OSSL_CMP_PVNO_3 3 | |
41 | # define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */ | |
8869ad4a AK |
42 | |
43 | /*- | |
44 | * PKIFailureInfo ::= BIT STRING { | |
45 | * -- since we can fail in more than one way! | |
46 | * -- More codes may be added in the future if/when required. | |
47 | * badAlg (0), | |
48 | * -- unrecognized or unsupported Algorithm Identifier | |
49 | * badMessageCheck (1), | |
50 | * -- integrity check failed (e.g., signature did not verify) | |
51 | * badRequest (2), | |
52 | * -- transaction not permitted or supported | |
53 | * badTime (3), | |
54 | * -- messageTime was not sufficiently close to the system time, | |
55 | * -- as defined by local policy | |
56 | * badCertId (4), | |
57 | * -- no certificate could be found matching the provided criteria | |
58 | * badDataFormat (5), | |
59 | * -- the data submitted has the wrong format | |
60 | * wrongAuthority (6), | |
61 | * -- the authority indicated in the request is different from the | |
62 | * -- one creating the response token | |
63 | * incorrectData (7), | |
64 | * -- the requester's data is incorrect (for notary services) | |
65 | * missingTimeStamp (8), | |
66 | * -- when the timestamp is missing but should be there | |
67 | * -- (by policy) | |
68 | * badPOP (9), | |
69 | * -- the proof-of-possession failed | |
70 | * certRevoked (10), | |
71 | * -- the certificate has already been revoked | |
72 | * certConfirmed (11), | |
73 | * -- the certificate has already been confirmed | |
74 | * wrongIntegrity (12), | |
75 | * -- invalid integrity, password based instead of signature or | |
76 | * -- vice versa | |
77 | * badRecipientNonce (13), | |
78 | * -- invalid recipient nonce, either missing or wrong value | |
79 | * timeNotAvailable (14), | |
80 | * -- the TSA's time source is not available | |
81 | * unacceptedPolicy (15), | |
82 | * -- the requested TSA policy is not supported by the TSA. | |
83 | * unacceptedExtension (16), | |
84 | * -- the requested extension is not supported by the TSA. | |
85 | * addInfoNotAvailable (17), | |
86 | * -- the additional information requested could not be | |
87 | * -- understood or is not available | |
88 | * badSenderNonce (18), | |
89 | * -- invalid sender nonce, either missing or wrong size | |
90 | * badCertTemplate (19), | |
91 | * -- invalid cert. template or missing mandatory information | |
92 | * signerNotTrusted (20), | |
93 | * -- signer of the message unknown or not trusted | |
94 | * transactionIdInUse (21), | |
95 | * -- the transaction identifier is already in use | |
96 | * unsupportedVersion (22), | |
97 | * -- the version of the message is not supported | |
98 | * notAuthorized (23), | |
99 | * -- the sender was not authorized to make the preceding | |
100 | * -- request or perform the preceding action | |
101 | * systemUnavail (24), | |
102 | * -- the request cannot be handled due to system unavailability | |
103 | * systemFailure (25), | |
104 | * -- the request cannot be handled due to system failure | |
105 | * duplicateCertReq (26) | |
106 | * -- certificate cannot be issued because a duplicate | |
107 | * -- certificate already exists | |
108 | * } | |
109 | */ | |
110 | # define OSSL_CMP_PKIFAILUREINFO_badAlg 0 | |
111 | # define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 | |
112 | # define OSSL_CMP_PKIFAILUREINFO_badRequest 2 | |
113 | # define OSSL_CMP_PKIFAILUREINFO_badTime 3 | |
114 | # define OSSL_CMP_PKIFAILUREINFO_badCertId 4 | |
115 | # define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 | |
116 | # define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 | |
117 | # define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 | |
118 | # define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 | |
119 | # define OSSL_CMP_PKIFAILUREINFO_badPOP 9 | |
120 | # define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 | |
121 | # define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 | |
122 | # define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 | |
123 | # define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 | |
124 | # define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 | |
125 | # define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 | |
126 | # define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 | |
127 | # define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 | |
128 | # define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 | |
129 | # define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 | |
130 | # define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 | |
131 | # define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 | |
132 | # define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 | |
133 | # define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 | |
134 | # define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 | |
135 | # define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 | |
136 | # define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 | |
137 | # define OSSL_CMP_PKIFAILUREINFO_MAX 26 | |
138 | # define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ | |
235595c4 | 139 | ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1) |
8869ad4a | 140 | # if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX |
235595c4 | 141 | # error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int |
8869ad4a | 142 | # endif |
8869ad4a AK |
143 | typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; |
144 | ||
145 | # define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) | |
146 | # define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) | |
147 | # define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) | |
148 | # define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) | |
149 | # define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) | |
150 | # define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) | |
151 | # define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) | |
152 | # define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) | |
153 | # define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) | |
154 | # define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) | |
155 | # define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) | |
156 | # define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) | |
157 | # define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) | |
158 | # define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) | |
159 | # define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) | |
160 | # define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) | |
161 | # define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) | |
162 | # define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) | |
163 | # define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) | |
164 | # define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) | |
165 | # define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) | |
166 | # define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) | |
167 | # define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) | |
168 | # define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) | |
169 | # define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) | |
170 | # define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) | |
171 | # define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) | |
172 | ||
173 | /*- | |
174 | * PKIStatus ::= INTEGER { | |
175 | * accepted (0), | |
176 | * -- you got exactly what you asked for | |
177 | * grantedWithMods (1), | |
178 | * -- you got something like what you asked for; the | |
179 | * -- requester is responsible for ascertaining the differences | |
180 | * rejection (2), | |
181 | * -- you don't get it, more information elsewhere in the message | |
182 | * waiting (3), | |
183 | * -- the request body part has not yet been processed; expect to | |
184 | * -- hear more later (note: proper handling of this status | |
185 | * -- response MAY use the polling req/rep PKIMessages specified | |
186 | * -- in Section 5.3.22; alternatively, polling in the underlying | |
187 | * -- transport layer MAY have some utility in this regard) | |
188 | * revocationWarning (4), | |
189 | * -- this message contains a warning that a revocation is | |
190 | * -- imminent | |
191 | * revocationNotification (5), | |
192 | * -- notification that a revocation has occurred | |
193 | * keyUpdateWarning (6) | |
194 | * -- update already done for the oldCertId specified in | |
195 | * -- CertReqMsg | |
196 | * } | |
197 | */ | |
19ddcc4c DDO |
198 | # define OSSL_CMP_PKISTATUS_request -3 |
199 | # define OSSL_CMP_PKISTATUS_trans -2 | |
200 | # define OSSL_CMP_PKISTATUS_unspecified -1 | |
201 | # define OSSL_CMP_PKISTATUS_accepted 0 | |
202 | # define OSSL_CMP_PKISTATUS_grantedWithMods 1 | |
203 | # define OSSL_CMP_PKISTATUS_rejection 2 | |
204 | # define OSSL_CMP_PKISTATUS_waiting 3 | |
205 | # define OSSL_CMP_PKISTATUS_revocationWarning 4 | |
8869ad4a | 206 | # define OSSL_CMP_PKISTATUS_revocationNotification 5 |
19ddcc4c | 207 | # define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 |
8869ad4a | 208 | typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; |
d477484d | 209 | |
8869ad4a AK |
210 | DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) |
211 | ||
212 | # define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 | |
213 | # define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 | |
214 | ||
215 | /* data type declarations */ | |
7960dbec DDO |
216 | typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX; |
217 | typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER; | |
8869ad4a | 218 | DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) |
7960dbec | 219 | typedef struct ossl_cmp_msg_st OSSL_CMP_MSG; |
62dcd2aa | 220 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) |
8869ad4a | 221 | DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) |
7960dbec | 222 | typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS; |
798f9329 MC |
223 | {- |
224 | generate_stack_macros("OSSL_CMP_CERTSTATUS"); | |
225 | -} | |
7960dbec | 226 | typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV; |
62dcd2aa | 227 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) |
798f9329 MC |
228 | {- |
229 | generate_stack_macros("OSSL_CMP_ITAV"); | |
230 | -} | |
40a200f9 DDO |
231 | |
232 | typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS; | |
233 | {- | |
234 | generate_stack_macros("OSSL_CMP_CRLSTATUS"); | |
235 | -} | |
236 | ||
7960dbec DDO |
237 | typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; |
238 | typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; | |
62dcd2aa DDO |
239 | DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) |
240 | DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) | |
798f9329 MC |
241 | {- |
242 | generate_stack_macros("OSSL_CMP_PKISI"); | |
243 | -} | |
7960dbec | 244 | typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; |
798f9329 MC |
245 | {- |
246 | generate_stack_macros("OSSL_CMP_CERTREPMESSAGE"); | |
247 | -} | |
7960dbec | 248 | typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP; |
8869ad4a | 249 | typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; |
7960dbec | 250 | typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; |
798f9329 MC |
251 | {- |
252 | generate_stack_macros("OSSL_CMP_CERTRESPONSE"); | |
253 | -} | |
8869ad4a AK |
254 | typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; |
255 | ||
7960dbec DDO |
256 | /* |
257 | * function DECLARATIONS | |
258 | */ | |
259 | ||
8869ad4a AK |
260 | /* from cmp_asn.c */ |
261 | OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); | |
262 | void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, | |
263 | ASN1_TYPE *value); | |
264 | ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); | |
265 | ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); | |
40a200f9 | 266 | int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p, |
8869ad4a AK |
267 | OSSL_CMP_ITAV *itav); |
268 | void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); | |
d477484d | 269 | |
7c6577ba DDO |
270 | OSSL_CMP_ITAV *OSSL_CMP_ITAV_new0_certProfile(STACK_OF(ASN1_UTF8STRING) |
271 | *certProfile); | |
272 | int OSSL_CMP_ITAV_get0_certProfile(const OSSL_CMP_ITAV *itav, | |
273 | STACK_OF(ASN1_UTF8STRING) **out); | |
d477484d DDO |
274 | OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts); |
275 | int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out); | |
276 | ||
01b04851 DDO |
277 | OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert); |
278 | int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out); | |
279 | OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew, | |
280 | const X509 *newWithOld, | |
281 | const X509 *oldWithNew); | |
282 | int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, | |
283 | X509 **newWithNew, | |
284 | X509 **newWithOld, | |
285 | X509 **oldWithNew); | |
286 | ||
40a200f9 DDO |
287 | OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl, |
288 | const X509 *cert, int only_DN); | |
289 | OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn, | |
290 | const GENERAL_NAMES *issuer, | |
291 | const ASN1_TIME *thisUpdate); | |
292 | int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus, | |
293 | DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer, | |
294 | ASN1_TIME **thisUpdate); | |
295 | void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus); | |
296 | OSSL_CMP_ITAV | |
297 | *OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList); | |
298 | int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav, | |
299 | STACK_OF(OSSL_CMP_CRLSTATUS) **out); | |
300 | OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls); | |
301 | int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out); | |
302 | ||
8869ad4a | 303 | void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); |
7960dbec DDO |
304 | |
305 | /* from cmp_ctx.c */ | |
b4250010 | 306 | OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); |
7960dbec DDO |
307 | void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); |
308 | int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); | |
2da163cb DDO |
309 | OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx); |
310 | const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx); | |
8f965908 | 311 | /* CMP general options: */ |
7960dbec | 312 | # define OSSL_CMP_OPT_LOG_VERBOSITY 0 |
8f965908 | 313 | /* CMP transfer options: */ |
ac0677bd DDO |
314 | # define OSSL_CMP_OPT_KEEP_ALIVE 10 |
315 | # define OSSL_CMP_OPT_MSG_TIMEOUT 11 | |
8f965908 | 316 | # define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 |
ac0677bd | 317 | # define OSSL_CMP_OPT_USE_TLS 13 |
8f965908 DDO |
318 | /* CMP request options: */ |
319 | # define OSSL_CMP_OPT_VALIDITY_DAYS 20 | |
320 | # define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 | |
321 | # define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22 | |
322 | # define OSSL_CMP_OPT_POLICIES_CRITICAL 23 | |
323 | # define OSSL_CMP_OPT_POPO_METHOD 24 | |
324 | # define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25 | |
325 | # define OSSL_CMP_OPT_DISABLE_CONFIRM 26 | |
326 | # define OSSL_CMP_OPT_REVOCATION_REASON 27 | |
327 | /* CMP protection options: */ | |
328 | # define OSSL_CMP_OPT_UNPROTECTED_SEND 30 | |
329 | # define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31 | |
330 | # define OSSL_CMP_OPT_OWF_ALGNID 32 | |
331 | # define OSSL_CMP_OPT_MAC_ALGNID 33 | |
332 | # define OSSL_CMP_OPT_DIGEST_ALGNID 34 | |
333 | # define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35 | |
334 | # define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36 | |
1caaf073 | 335 | # define OSSL_CMP_OPT_NO_CACHE_EXTRACERTS 37 |
7960dbec DDO |
336 | int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); |
337 | int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); | |
338 | /* CMP-specific callback for logging and outputting the error queue: */ | |
7e765f46 | 339 | int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb); |
3dbc5156 | 340 | # define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ |
7960dbec | 341 | OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) |
c4a9e3eb | 342 | void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx); |
7960dbec DDO |
343 | /* message transfer: */ |
344 | int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); | |
4b1fe471 | 345 | int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); |
7960dbec | 346 | int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); |
afe554c2 DDO |
347 | int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); |
348 | int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); | |
3ca28c9e | 349 | # ifndef OPENSSL_NO_HTTP |
29f178bd | 350 | int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); |
7960dbec DDO |
351 | int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); |
352 | void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); | |
3ca28c9e | 353 | # endif |
7e765f46 | 354 | typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, |
29f178bd | 355 | const OSSL_CMP_MSG *req); |
7e765f46 | 356 | int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); |
7960dbec DDO |
357 | int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); |
358 | void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); | |
359 | /* server authentication: */ | |
360 | int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); | |
361 | int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
362 | int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); | |
d477484d | 363 | # define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore |
7960dbec | 364 | X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); |
d477484d | 365 | # define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore |
0b86eefd DDO |
366 | int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); |
367 | STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); | |
7960dbec | 368 | /* client authentication: */ |
63f1883d | 369 | int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); |
15076c26 DDO |
370 | int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, |
371 | STACK_OF(X509) *candidates); | |
7960dbec DDO |
372 | int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); |
373 | int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, | |
374 | const unsigned char *ref, int len); | |
f42d6b7a | 375 | int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, |
6f792f4d | 376 | const unsigned char *sec, int len); |
7960dbec DDO |
377 | /* CMP message header and extra certificates: */ |
378 | int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
379 | int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); | |
a2ede039 | 380 | int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx); |
7c6577ba DDO |
381 | STACK_OF(OSSL_CMP_ITAV) |
382 | *OSSL_CMP_CTX_get0_geninfo_ITAVs(const OSSL_CMP_CTX *ctx); | |
7960dbec DDO |
383 | int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, |
384 | STACK_OF(X509) *extraCertsOut); | |
385 | /* certificate template: */ | |
386 | int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); | |
387 | EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); | |
388 | int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); | |
1d32ec20 | 389 | int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn); |
7960dbec | 390 | int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); |
143be474 DDO |
391 | int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, |
392 | const GENERAL_NAME *name); | |
7960dbec DDO |
393 | int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); |
394 | int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); | |
395 | int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); | |
396 | int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); | |
397 | int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); | |
398 | /* misc body contents: */ | |
399 | int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); | |
400 | /* certificate confirmation: */ | |
7e765f46 | 401 | typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, |
7960dbec | 402 | int fail_info, const char **txt); |
15076c26 DDO |
403 | int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, |
404 | const char **text); | |
7e765f46 | 405 | int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb); |
7960dbec DDO |
406 | int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); |
407 | void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); | |
408 | /* result fetching: */ | |
409 | int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); | |
410 | OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); | |
411 | int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); | |
412 | # define OSSL_CMP_PKISI_BUFLEN 1024 | |
b6fbef11 | 413 | X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx); |
7960dbec | 414 | X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); |
39082af2 | 415 | STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); |
7960dbec DDO |
416 | STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); |
417 | STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); | |
7960dbec DDO |
418 | int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, |
419 | const ASN1_OCTET_STRING *id); | |
420 | int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, | |
421 | const ASN1_OCTET_STRING *nonce); | |
8869ad4a | 422 | |
4dde554c | 423 | /* from cmp_status.c */ |
62dcd2aa | 424 | char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, |
4dde554c | 425 | size_t bufsize); |
62dcd2aa DDO |
426 | char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo, |
427 | char *buf, size_t bufsize); | |
428 | OSSL_CMP_PKISI * | |
429 | OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text); | |
4dde554c DDO |
430 | |
431 | /* from cmp_hdr.c */ | |
143be474 DDO |
432 | ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const |
433 | OSSL_CMP_PKIHEADER *hdr); | |
4dde554c | 434 | ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); |
7c6577ba DDO |
435 | STACK_OF(OSSL_CMP_ITAV) |
436 | *OSSL_CMP_HDR_get0_geninfo_ITAVs(const OSSL_CMP_PKIHEADER *hdr); | |
4dde554c | 437 | |
3dbc5156 | 438 | /* from cmp_msg.c */ |
3dbc5156 | 439 | OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); |
7df56ada | 440 | int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); |
bcd3707d | 441 | X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg); |
143be474 | 442 | int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); |
4b0c27d4 | 443 | int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); |
593d6554 | 444 | OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); |
c6313780 MC |
445 | OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, |
446 | const char *propq); | |
1202de44 | 447 | int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); |
ae8483d2 DDO |
448 | OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); |
449 | int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); | |
3dbc5156 | 450 | |
31b28ad9 DDO |
451 | /* from cmp_vfy.c */ |
452 | int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); | |
c4a9e3eb | 453 | int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, |
31b28ad9 DDO |
454 | X509_STORE *trusted_store, X509 *cert); |
455 | ||
afe554c2 | 456 | /* from cmp_http.c */ |
3ca28c9e | 457 | # ifndef OPENSSL_NO_HTTP |
afe554c2 DDO |
458 | OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, |
459 | const OSSL_CMP_MSG *req); | |
3ca28c9e | 460 | # endif |
afe554c2 | 461 | |
62dcd2aa DDO |
462 | /* from cmp_server.c */ |
463 | typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; | |
464 | OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, | |
465 | const OSSL_CMP_MSG *req); | |
466 | OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, | |
467 | const OSSL_CMP_MSG *req); | |
b4250010 | 468 | OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); |
62dcd2aa DDO |
469 | void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx); |
470 | typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t) | |
471 | (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, | |
472 | const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr, | |
473 | X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs); | |
474 | typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
475 | const OSSL_CMP_MSG *req, | |
476 | const X509_NAME *issuer, | |
477 | const ASN1_INTEGER *serial); | |
478 | typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
479 | const OSSL_CMP_MSG *req, | |
480 | const STACK_OF(OSSL_CMP_ITAV) *in, | |
481 | STACK_OF(OSSL_CMP_ITAV) **out); | |
482 | typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
483 | const OSSL_CMP_MSG *req, | |
484 | const OSSL_CMP_PKISI *statusInfo, | |
485 | const ASN1_INTEGER *errorCode, | |
143be474 | 486 | const OSSL_CMP_PKIFREETEXT *errDetails); |
62dcd2aa DDO |
487 | typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, |
488 | const OSSL_CMP_MSG *req, | |
489 | int certReqId, | |
490 | const ASN1_OCTET_STRING *certHash, | |
491 | const OSSL_CMP_PKISI *si); | |
492 | typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
493 | const OSSL_CMP_MSG *req, int certReqId, | |
494 | OSSL_CMP_MSG **certReq, | |
495 | int64_t *check_after); | |
496 | int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, | |
497 | OSSL_CMP_SRV_cert_request_cb_t process_cert_request, | |
498 | OSSL_CMP_SRV_rr_cb_t process_rr, | |
499 | OSSL_CMP_SRV_genm_cb_t process_genm, | |
500 | OSSL_CMP_SRV_error_cb_t process_error, | |
501 | OSSL_CMP_SRV_certConf_cb_t process_certConf, | |
502 | OSSL_CMP_SRV_pollReq_cb_t process_pollReq); | |
bedffe17 DDO |
503 | typedef int (*OSSL_CMP_SRV_delayed_delivery_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, |
504 | const OSSL_CMP_MSG *req); | |
505 | typedef int (*OSSL_CMP_SRV_clean_transaction_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, | |
506 | const ASN1_OCTET_STRING *id); | |
507 | int OSSL_CMP_SRV_CTX_init_trans(OSSL_CMP_SRV_CTX *srv_ctx, | |
508 | OSSL_CMP_SRV_delayed_delivery_cb_t delay, | |
509 | OSSL_CMP_SRV_clean_transaction_cb_t clean); | |
62dcd2aa DDO |
510 | OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); |
511 | void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); | |
512 | int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, | |
513 | int val); | |
514 | int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val); | |
515 | int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val); | |
516 | int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, | |
517 | int val); | |
518 | ||
7e765f46 | 519 | /* from cmp_client.c */ |
299e0f1e DDO |
520 | X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, |
521 | const OSSL_CRMF_MSG *crm); | |
522 | # define OSSL_CMP_IR 0 | |
523 | # define OSSL_CMP_CR 2 | |
524 | # define OSSL_CMP_P10CR 4 | |
525 | # define OSSL_CMP_KUR 7 | |
192bfec4 RR |
526 | # define OSSL_CMP_GENM 21 |
527 | # define OSSL_CMP_ERROR 23 | |
299e0f1e DDO |
528 | # define OSSL_CMP_exec_IR_ses(ctx) \ |
529 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL) | |
530 | # define OSSL_CMP_exec_CR_ses(ctx) \ | |
531 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL) | |
532 | # define OSSL_CMP_exec_P10CR_ses(ctx) \ | |
533 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL) | |
534 | # define OSSL_CMP_exec_KUR_ses(ctx) \ | |
535 | OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL) | |
536 | int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, | |
537 | const OSSL_CRMF_MSG *crm, int *checkAfter); | |
3d46c81a | 538 | int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); |
7e765f46 DDO |
539 | STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); |
540 | ||
d477484d | 541 | /* from cmp_genm.c */ |
ec5a9cd1 | 542 | int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out); |
01b04851 DDO |
543 | int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx, |
544 | const X509 *oldWithOld, X509 **newWithNew, | |
545 | X509 **newWithOld, X509 **oldWithNew); | |
40a200f9 DDO |
546 | int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert, |
547 | const X509_CRL *last_crl, | |
548 | X509_CRL **crl); | |
d477484d | 549 | |
3dbc5156 | 550 | # ifdef __cplusplus |
8869ad4a | 551 | } |
3dbc5156 | 552 | # endif |
62dcd2aa DDO |
553 | # endif /* !defined(OPENSSL_NO_CMP) */ |
554 | #endif /* !defined(OPENSSL_CMP_H) */ |