1/*
2 * {- join("\n * ", @autowarntext) -}
3 *
4 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
5 * Copyright Nokia 2007-2019
6 * Copyright Siemens AG 2015-2019
7 *
8 * Licensed under the Apache License 2.0 (the "License").  You may not use
9 * this file except in compliance with the License.  You can obtain a copy
10 * in the file LICENSE in the source distribution or at
11 * https://www.openssl.org/source/license.html
12 */
13
14{-
15use OpenSSL::stackhash qw(generate_stack_macros);
16-}
17
18#ifndef OPENSSL_CMP_H
19# define OPENSSL_CMP_H
20
21# include <openssl/opensslconf.h>
22# ifndef OPENSSL_NO_CMP
23
24#  include <openssl/crmf.h>
25#  include <openssl/cmperr.h>
26#  include <openssl/cmp_util.h>
27#  include <openssl/http.h>
28
29/* explicit #includes not strictly needed since implied by the above: */
30#  include <openssl/types.h>
31#  include <openssl/safestack.h>
32#  include <openssl/x509.h>
33#  include <openssl/x509v3.h>
34
35#  ifdef __cplusplus
36extern "C" {
37#  endif
38
39#  define OSSL_CMP_PVNO 2
40
41/*-
42 *   PKIFailureInfo ::= BIT STRING {
43 *   -- since we can fail in more than one way!
44 *   -- More codes may be added in the future if/when required.
45 *       badAlg              (0),
46 *       -- unrecognized or unsupported Algorithm Identifier
47 *       badMessageCheck     (1),
48 *       -- integrity check failed (e.g., signature did not verify)
49 *       badRequest          (2),
50 *       -- transaction not permitted or supported
51 *       badTime             (3),
52 *       -- messageTime was not sufficiently close to the system time,
53 *       -- as defined by local policy
54 *       badCertId           (4),
55 *       -- no certificate could be found matching the provided criteria
56 *       badDataFormat       (5),
57 *       -- the data submitted has the wrong format
58 *       wrongAuthority      (6),
59 *       -- the authority indicated in the request is different from the
60 *       -- one creating the response token
61 *       incorrectData       (7),
62 *       -- the requester's data is incorrect (for notary services)
63 *       missingTimeStamp    (8),
64 *       -- when the timestamp is missing but should be there
65 *       -- (by policy)
66 *       badPOP              (9),
67 *       -- the proof-of-possession failed
68 *       certRevoked         (10),
69 *          -- the certificate has already been revoked
70 *       certConfirmed       (11),
71 *          -- the certificate has already been confirmed
72 *       wrongIntegrity      (12),
73 *          -- invalid integrity, password based instead of signature or
74 *          -- vice versa
75 *       badRecipientNonce   (13),
76 *          -- invalid recipient nonce, either missing or wrong value
77 *       timeNotAvailable    (14),
78 *          -- the TSA's time source is not available
79 *       unacceptedPolicy    (15),
80 *          -- the requested TSA policy is not supported by the TSA.
81 *       unacceptedExtension (16),
82 *          -- the requested extension is not supported by the TSA.
83 *       addInfoNotAvailable (17),
84 *          -- the additional information requested could not be
85 *          -- understood or is not available
86 *       badSenderNonce      (18),
87 *          -- invalid sender nonce, either missing or wrong size
88 *       badCertTemplate     (19),
89 *          -- invalid cert. template or missing mandatory information
90 *       signerNotTrusted    (20),
91 *          -- signer of the message unknown or not trusted
92 *       transactionIdInUse  (21),
93 *          -- the transaction identifier is already in use
94 *       unsupportedVersion  (22),
95 *          -- the version of the message is not supported
96 *       notAuthorized       (23),
97 *          -- the sender was not authorized to make the preceding
98 *          -- request or perform the preceding action
99 *       systemUnavail       (24),
100 *       -- the request cannot be handled due to system unavailability
101 *       systemFailure       (25),
102 *       -- the request cannot be handled due to system failure
103 *       duplicateCertReq    (26)
104 *       -- certificate cannot be issued because a duplicate
105 *       -- certificate already exists
106 *   }
107 */
108#  define OSSL_CMP_PKIFAILUREINFO_badAlg 0
109#  define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1
110#  define OSSL_CMP_PKIFAILUREINFO_badRequest 2
111#  define OSSL_CMP_PKIFAILUREINFO_badTime 3
112#  define OSSL_CMP_PKIFAILUREINFO_badCertId 4
113#  define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5
114#  define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6
115#  define OSSL_CMP_PKIFAILUREINFO_incorrectData 7
116#  define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8
117#  define OSSL_CMP_PKIFAILUREINFO_badPOP 9
118#  define OSSL_CMP_PKIFAILUREINFO_certRevoked 10
119#  define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11
120#  define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12
121#  define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13
122#  define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14
123#  define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15
124#  define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16
125#  define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17
126#  define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18
127#  define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19
128#  define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20
129#  define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21
130#  define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22
131#  define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23
132#  define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24
133#  define OSSL_CMP_PKIFAILUREINFO_systemFailure 25
134#  define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
135#  define OSSL_CMP_PKIFAILUREINFO_MAX 26
136#  define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \
137    ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1)
138#  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
139#   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
140#  endif
141
142typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
143
144#  define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
145#  define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1)
146#  define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2)
147#  define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3)
148#  define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4)
149#  define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5)
150#  define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6)
151#  define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7)
152#  define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8)
153#  define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9)
154#  define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10)
155#  define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11)
156#  define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12)
157#  define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13)
158#  define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14)
159#  define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15)
160#  define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16)
161#  define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17)
162#  define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18)
163#  define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19)
164#  define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20)
165#  define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21)
166#  define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22)
167#  define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23)
168#  define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24)
169#  define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25)
170#  define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26)
171
172/*-
173 *   PKIStatus ::= INTEGER {
174 *       accepted                (0),
175 *       -- you got exactly what you asked for
176 *       grantedWithMods        (1),
177 *       -- you got something like what you asked for; the
178 *       -- requester is responsible for ascertaining the differences
179 *       rejection              (2),
180 *       -- you don't get it, more information elsewhere in the message
181 *       waiting                (3),
182 *       -- the request body part has not yet been processed; expect to
183 *       -- hear more later (note: proper handling of this status
184 *       -- response MAY use the polling req/rep PKIMessages specified
185 *       -- in Section 5.3.22; alternatively, polling in the underlying
186 *       -- transport layer MAY have some utility in this regard)
187 *       revocationWarning      (4),
188 *       -- this message contains a warning that a revocation is
189 *       -- imminent
190 *       revocationNotification (5),
191 *       -- notification that a revocation has occurred
192 *       keyUpdateWarning       (6)
193 *       -- update already done for the oldCertId specified in
194 *       -- CertReqMsg
195 *   }
196 */
197#  define OSSL_CMP_PKISTATUS_request                -3
198#  define OSSL_CMP_PKISTATUS_trans                  -2
199#  define OSSL_CMP_PKISTATUS_unspecified            -1
200#  define OSSL_CMP_PKISTATUS_accepted               0
201#  define OSSL_CMP_PKISTATUS_grantedWithMods        1
202#  define OSSL_CMP_PKISTATUS_rejection              2
203#  define OSSL_CMP_PKISTATUS_waiting                3
204#  define OSSL_CMP_PKISTATUS_revocationWarning      4
205#  define OSSL_CMP_PKISTATUS_revocationNotification 5
206#  define OSSL_CMP_PKISTATUS_keyUpdateWarning       6
207
208typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
209DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
210
211#  define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
212#  define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1
213
214/* data type declarations */
215typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX;
216typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER;
217DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
218typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
219DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
220DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
221typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
222{-
223    generate_stack_macros("OSSL_CMP_CERTSTATUS");
224-}
225typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
226DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
227{-
228    generate_stack_macros("OSSL_CMP_ITAV");
229-}
230typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
231typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
232DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
233DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
234{-
235    generate_stack_macros("OSSL_CMP_PKISI");
236-}
237typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
238{-
239    generate_stack_macros("OSSL_CMP_CERTREPMESSAGE");
240-}
241typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
242typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
243typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
244{-
245    generate_stack_macros("OSSL_CMP_CERTRESPONSE");
246-}
247typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
248
249/*
250 * function DECLARATIONS
251 */
252
253/* from cmp_asn.c */
254OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
255void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
256                        ASN1_TYPE *value);
257ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
258ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
259int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
260                                   OSSL_CMP_ITAV *itav);
261void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
262void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
263
264/* from cmp_ctx.c */
265OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
266void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
267int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
268/* CMP general options: */
269#  define OSSL_CMP_OPT_LOG_VERBOSITY 0
270/* CMP transfer options: */
271#  define OSSL_CMP_OPT_KEEP_ALIVE 10
272#  define OSSL_CMP_OPT_MSG_TIMEOUT 11
273#  define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
274/* CMP request options: */
275#  define OSSL_CMP_OPT_VALIDITY_DAYS 20
276#  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
277#  define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22
278#  define OSSL_CMP_OPT_POLICIES_CRITICAL 23
279#  define OSSL_CMP_OPT_POPO_METHOD 24
280#  define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25
281#  define OSSL_CMP_OPT_DISABLE_CONFIRM 26
282#  define OSSL_CMP_OPT_REVOCATION_REASON 27
283/* CMP protection options: */
284#  define OSSL_CMP_OPT_UNPROTECTED_SEND 30
285#  define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31
286#  define OSSL_CMP_OPT_OWF_ALGNID 32
287#  define OSSL_CMP_OPT_MAC_ALGNID 33
288#  define OSSL_CMP_OPT_DIGEST_ALGNID 34
289#  define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35
290#  define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36
291int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
292int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
293/* CMP-specific callback for logging and outputting the error queue: */
294int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb);
295#  define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \
296    OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level)
297void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx);
298/* message transfer: */
299int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path);
300int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
301int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
302int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
303int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
304int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
305int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
306void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
307typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
308                                                 const OSSL_CMP_MSG *req);
309int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
310int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
311void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
312/* server authentication: */
313int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
314int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
315int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
316X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
317int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
318STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
319/* client authentication: */
320int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
321int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
322                                  STACK_OF(X509) *candidates);
323int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
324int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
325                                     const unsigned char *ref, int len);
326int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
327                                  const unsigned char *sec, int len);
328/* CMP message header and extra certificates: */
329int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
330int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
331int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx);
332int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
333                                    STACK_OF(X509) *extraCertsOut);
334/* certificate template: */
335int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
336EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
337int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
338int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
339int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
340                                      const GENERAL_NAME *name);
341int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts);
342int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx);
343int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo);
344int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert);
345int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr);
346/* misc body contents: */
347int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
348/* certificate confirmation: */
349typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
350                                       int fail_info, const char **txt);
351int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
352                         const char **text);
353int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb);
354int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
355void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
356/* result fetching: */
357int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
358OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
359int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
360#  define OSSL_CMP_PKISI_BUFLEN 1024
361X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
362STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
363STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
364STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx);
365int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
366                                    const ASN1_OCTET_STRING *id);
367int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
368                                  const ASN1_OCTET_STRING *nonce);
369
370/* from cmp_status.c */
371char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf,
372                                     size_t bufsize);
373char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo,
374                                     char *buf, size_t bufsize);
375OSSL_CMP_PKISI *
376OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text);
377
378/* from cmp_hdr.c */
379ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
380                                                   OSSL_CMP_PKIHEADER *hdr);
381ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
382
383/* from cmp_msg.c */
384OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
385int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
386int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
387int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
388OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
389OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
390                                const char *propq);
391int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
392OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
393int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
394
395/* from cmp_vfy.c */
396int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg);
397int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
398                                X509_STORE *trusted_store, X509 *cert);
399
400/* from cmp_http.c */
401OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
402                                        const OSSL_CMP_MSG *req);
403
404/* from cmp_server.c */
405typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
406OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
407                                           const OSSL_CMP_MSG *req);
408OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
409                                           const OSSL_CMP_MSG *req);
410OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
411void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx);
412typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)
413    (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId,
414     const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr,
415     X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs);
416typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
417                                                const OSSL_CMP_MSG *req,
418                                                const X509_NAME *issuer,
419                                                const ASN1_INTEGER *serial);
420typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
421                                      const OSSL_CMP_MSG *req,
422                                      const STACK_OF(OSSL_CMP_ITAV) *in,
423                                      STACK_OF(OSSL_CMP_ITAV) **out);
424typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
425                                        const OSSL_CMP_MSG *req,
426                                        const OSSL_CMP_PKISI *statusInfo,
427                                        const ASN1_INTEGER *errorCode,
428                                        const OSSL_CMP_PKIFREETEXT *errDetails);
429typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
430                                          const OSSL_CMP_MSG *req,
431                                          int certReqId,
432                                          const ASN1_OCTET_STRING *certHash,
433                                          const OSSL_CMP_PKISI *si);
434typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
435                                         const OSSL_CMP_MSG *req, int certReqId,
436                                         OSSL_CMP_MSG **certReq,
437                                         int64_t *check_after);
438int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx,
439                          OSSL_CMP_SRV_cert_request_cb_t process_cert_request,
440                          OSSL_CMP_SRV_rr_cb_t process_rr,
441                          OSSL_CMP_SRV_genm_cb_t process_genm,
442                          OSSL_CMP_SRV_error_cb_t process_error,
443                          OSSL_CMP_SRV_certConf_cb_t process_certConf,
444                          OSSL_CMP_SRV_pollReq_cb_t process_pollReq);
445OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
446void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
447int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx,
448                                                 int val);
449int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val);
450int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val);
451int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
452                                                int val);
453
454/* from cmp_client.c */
455X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
456                            const OSSL_CRMF_MSG *crm);
457#  define OSSL_CMP_IR    0
458#  define OSSL_CMP_CR    2
459#  define OSSL_CMP_P10CR 4
460#  define OSSL_CMP_KUR   7
461#  define OSSL_CMP_exec_IR_ses(ctx) \
462    OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL)
463#  define OSSL_CMP_exec_CR_ses(ctx) \
464    OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL)
465#  define OSSL_CMP_exec_P10CR_ses(ctx) \
466    OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL)
467#  define OSSL_CMP_exec_KUR_ses(ctx) \
468    OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL)
469int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
470                         const OSSL_CRMF_MSG *crm, int *checkAfter);
471int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
472STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
473
474#  ifdef  __cplusplus
475}
476#  endif
477# endif /* !defined(OPENSSL_NO_CMP) */
478#endif /* !defined(OPENSSL_CMP_H) */
479