1/* 2 * {- join("\n * ", @autowarntext) -} 3 * 4 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. 5 * Copyright Nokia 2007-2019 6 * Copyright Siemens AG 2015-2019 7 * 8 * Licensed under the Apache License 2.0 (the "License"). You may not use 9 * this file except in compliance with the License. You can obtain a copy 10 * in the file LICENSE in the source distribution or at 11 * https://www.openssl.org/source/license.html 12 */ 13 14{- 15use OpenSSL::stackhash qw(generate_stack_macros); 16-} 17 18#ifndef OPENSSL_CMP_H 19# define OPENSSL_CMP_H 20 21# include <openssl/opensslconf.h> 22# ifndef OPENSSL_NO_CMP 23 24# include <openssl/crmf.h> 25# include <openssl/cmperr.h> 26# include <openssl/cmp_util.h> 27# include <openssl/http.h> 28 29/* explicit #includes not strictly needed since implied by the above: */ 30# include <openssl/types.h> 31# include <openssl/safestack.h> 32# include <openssl/x509.h> 33# include <openssl/x509v3.h> 34 35# ifdef __cplusplus 36extern "C" { 37# endif 38 39# define OSSL_CMP_PVNO 2 40 41/*- 42 * PKIFailureInfo ::= BIT STRING { 43 * -- since we can fail in more than one way! 44 * -- More codes may be added in the future if/when required. 45 * badAlg (0), 46 * -- unrecognized or unsupported Algorithm Identifier 47 * badMessageCheck (1), 48 * -- integrity check failed (e.g., signature did not verify) 49 * badRequest (2), 50 * -- transaction not permitted or supported 51 * badTime (3), 52 * -- messageTime was not sufficiently close to the system time, 53 * -- as defined by local policy 54 * badCertId (4), 55 * -- no certificate could be found matching the provided criteria 56 * badDataFormat (5), 57 * -- the data submitted has the wrong format 58 * wrongAuthority (6), 59 * -- the authority indicated in the request is different from the 60 * -- one creating the response token 61 * incorrectData (7), 62 * -- the requester's data is incorrect (for notary services) 63 * missingTimeStamp (8), 64 * -- when the timestamp is missing but should be there 65 * -- (by policy) 66 * badPOP (9), 67 * -- the proof-of-possession failed 68 * certRevoked (10), 69 * -- the certificate has already been revoked 70 * certConfirmed (11), 71 * -- the certificate has already been confirmed 72 * wrongIntegrity (12), 73 * -- invalid integrity, password based instead of signature or 74 * -- vice versa 75 * badRecipientNonce (13), 76 * -- invalid recipient nonce, either missing or wrong value 77 * timeNotAvailable (14), 78 * -- the TSA's time source is not available 79 * unacceptedPolicy (15), 80 * -- the requested TSA policy is not supported by the TSA. 81 * unacceptedExtension (16), 82 * -- the requested extension is not supported by the TSA. 83 * addInfoNotAvailable (17), 84 * -- the additional information requested could not be 85 * -- understood or is not available 86 * badSenderNonce (18), 87 * -- invalid sender nonce, either missing or wrong size 88 * badCertTemplate (19), 89 * -- invalid cert. template or missing mandatory information 90 * signerNotTrusted (20), 91 * -- signer of the message unknown or not trusted 92 * transactionIdInUse (21), 93 * -- the transaction identifier is already in use 94 * unsupportedVersion (22), 95 * -- the version of the message is not supported 96 * notAuthorized (23), 97 * -- the sender was not authorized to make the preceding 98 * -- request or perform the preceding action 99 * systemUnavail (24), 100 * -- the request cannot be handled due to system unavailability 101 * systemFailure (25), 102 * -- the request cannot be handled due to system failure 103 * duplicateCertReq (26) 104 * -- certificate cannot be issued because a duplicate 105 * -- certificate already exists 106 * } 107 */ 108# define OSSL_CMP_PKIFAILUREINFO_badAlg 0 109# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 110# define OSSL_CMP_PKIFAILUREINFO_badRequest 2 111# define OSSL_CMP_PKIFAILUREINFO_badTime 3 112# define OSSL_CMP_PKIFAILUREINFO_badCertId 4 113# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 114# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 115# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 116# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 117# define OSSL_CMP_PKIFAILUREINFO_badPOP 9 118# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 119# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 120# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 121# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 122# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 123# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 124# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 125# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 126# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 127# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 128# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 129# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 130# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 131# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 132# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 133# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 134# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 135# define OSSL_CMP_PKIFAILUREINFO_MAX 26 136# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ 137 ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1) 138# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX 139# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int 140# endif 141 142typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; 143 144# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) 145# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) 146# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) 147# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) 148# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) 149# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) 150# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) 151# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) 152# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) 153# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) 154# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) 155# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) 156# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) 157# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) 158# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) 159# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) 160# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) 161# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) 162# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) 163# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) 164# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) 165# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) 166# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) 167# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) 168# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) 169# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) 170# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) 171 172/*- 173 * PKIStatus ::= INTEGER { 174 * accepted (0), 175 * -- you got exactly what you asked for 176 * grantedWithMods (1), 177 * -- you got something like what you asked for; the 178 * -- requester is responsible for ascertaining the differences 179 * rejection (2), 180 * -- you don't get it, more information elsewhere in the message 181 * waiting (3), 182 * -- the request body part has not yet been processed; expect to 183 * -- hear more later (note: proper handling of this status 184 * -- response MAY use the polling req/rep PKIMessages specified 185 * -- in Section 5.3.22; alternatively, polling in the underlying 186 * -- transport layer MAY have some utility in this regard) 187 * revocationWarning (4), 188 * -- this message contains a warning that a revocation is 189 * -- imminent 190 * revocationNotification (5), 191 * -- notification that a revocation has occurred 192 * keyUpdateWarning (6) 193 * -- update already done for the oldCertId specified in 194 * -- CertReqMsg 195 * } 196 */ 197# define OSSL_CMP_PKISTATUS_request -3 198# define OSSL_CMP_PKISTATUS_trans -2 199# define OSSL_CMP_PKISTATUS_unspecified -1 200# define OSSL_CMP_PKISTATUS_accepted 0 201# define OSSL_CMP_PKISTATUS_grantedWithMods 1 202# define OSSL_CMP_PKISTATUS_rejection 2 203# define OSSL_CMP_PKISTATUS_waiting 3 204# define OSSL_CMP_PKISTATUS_revocationWarning 4 205# define OSSL_CMP_PKISTATUS_revocationNotification 5 206# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 207 208typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; 209DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) 210 211# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 212# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 213 214/* data type declarations */ 215typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX; 216typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER; 217DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) 218typedef struct ossl_cmp_msg_st OSSL_CMP_MSG; 219DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) 220DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) 221typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS; 222{- 223 generate_stack_macros("OSSL_CMP_CERTSTATUS"); 224-} 225typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV; 226DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) 227{- 228 generate_stack_macros("OSSL_CMP_ITAV"); 229-} 230typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; 231typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI; 232DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) 233DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) 234{- 235 generate_stack_macros("OSSL_CMP_PKISI"); 236-} 237typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; 238{- 239 generate_stack_macros("OSSL_CMP_CERTREPMESSAGE"); 240-} 241typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP; 242typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; 243typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; 244{- 245 generate_stack_macros("OSSL_CMP_CERTRESPONSE"); 246-} 247typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; 248 249/* 250 * function DECLARATIONS 251 */ 252 253/* from cmp_asn.c */ 254OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); 255void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, 256 ASN1_TYPE *value); 257ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); 258ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); 259int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, 260 OSSL_CMP_ITAV *itav); 261void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); 262void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); 263 264/* from cmp_ctx.c */ 265OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); 266void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); 267int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); 268/* CMP general options: */ 269# define OSSL_CMP_OPT_LOG_VERBOSITY 0 270/* CMP transfer options: */ 271# define OSSL_CMP_OPT_KEEP_ALIVE 10 272# define OSSL_CMP_OPT_MSG_TIMEOUT 11 273# define OSSL_CMP_OPT_TOTAL_TIMEOUT 12 274/* CMP request options: */ 275# define OSSL_CMP_OPT_VALIDITY_DAYS 20 276# define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21 277# define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22 278# define OSSL_CMP_OPT_POLICIES_CRITICAL 23 279# define OSSL_CMP_OPT_POPO_METHOD 24 280# define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25 281# define OSSL_CMP_OPT_DISABLE_CONFIRM 26 282# define OSSL_CMP_OPT_REVOCATION_REASON 27 283/* CMP protection options: */ 284# define OSSL_CMP_OPT_UNPROTECTED_SEND 30 285# define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31 286# define OSSL_CMP_OPT_OWF_ALGNID 32 287# define OSSL_CMP_OPT_MAC_ALGNID 33 288# define OSSL_CMP_OPT_DIGEST_ALGNID 34 289# define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35 290# define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36 291int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); 292int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt); 293/* CMP-specific callback for logging and outputting the error queue: */ 294int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb); 295# define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \ 296 OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level) 297void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx); 298/* message transfer: */ 299int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path); 300int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address); 301int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port); 302int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name); 303int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names); 304int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb); 305int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg); 306void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx); 307typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx, 308 const OSSL_CMP_MSG *req); 309int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb); 310int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg); 311void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx); 312/* server authentication: */ 313int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert); 314int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name); 315int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store); 316X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx); 317int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs); 318STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx); 319/* client authentication: */ 320int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert); 321int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted, 322 STACK_OF(X509) *candidates); 323int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey); 324int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx, 325 const unsigned char *ref, int len); 326int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, 327 const unsigned char *sec, int len); 328/* CMP message header and extra certificates: */ 329int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); 330int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); 331int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx); 332int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, 333 STACK_OF(X509) *extraCertsOut); 334/* certificate template: */ 335int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey); 336EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv); 337int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name); 338int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name); 339int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx, 340 const GENERAL_NAME *name); 341int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts); 342int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx); 343int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo); 344int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert); 345int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr); 346/* misc body contents: */ 347int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); 348/* certificate confirmation: */ 349typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert, 350 int fail_info, const char **txt); 351int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info, 352 const char **text); 353int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb); 354int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg); 355void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx); 356/* result fetching: */ 357int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx); 358OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx); 359int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx); 360# define OSSL_CMP_PKISI_BUFLEN 1024 361X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx); 362STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx); 363STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx); 364STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx); 365int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx, 366 const ASN1_OCTET_STRING *id); 367int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx, 368 const ASN1_OCTET_STRING *nonce); 369 370/* from cmp_status.c */ 371char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf, 372 size_t bufsize); 373char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo, 374 char *buf, size_t bufsize); 375OSSL_CMP_PKISI * 376OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text); 377 378/* from cmp_hdr.c */ 379ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const 380 OSSL_CMP_PKIHEADER *hdr); 381ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); 382 383/* from cmp_msg.c */ 384OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); 385int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg); 386int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); 387int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); 388OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); 389OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, 390 const char *propq); 391int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); 392OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); 393int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); 394 395/* from cmp_vfy.c */ 396int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg); 397int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx, 398 X509_STORE *trusted_store, X509 *cert); 399 400/* from cmp_http.c */ 401OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx, 402 const OSSL_CMP_MSG *req); 403 404/* from cmp_server.c */ 405typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX; 406OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, 407 const OSSL_CMP_MSG *req); 408OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, 409 const OSSL_CMP_MSG *req); 410OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq); 411void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx); 412typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t) 413 (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, 414 const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr, 415 X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs); 416typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, 417 const OSSL_CMP_MSG *req, 418 const X509_NAME *issuer, 419 const ASN1_INTEGER *serial); 420typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, 421 const OSSL_CMP_MSG *req, 422 const STACK_OF(OSSL_CMP_ITAV) *in, 423 STACK_OF(OSSL_CMP_ITAV) **out); 424typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, 425 const OSSL_CMP_MSG *req, 426 const OSSL_CMP_PKISI *statusInfo, 427 const ASN1_INTEGER *errorCode, 428 const OSSL_CMP_PKIFREETEXT *errDetails); 429typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, 430 const OSSL_CMP_MSG *req, 431 int certReqId, 432 const ASN1_OCTET_STRING *certHash, 433 const OSSL_CMP_PKISI *si); 434typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, 435 const OSSL_CMP_MSG *req, int certReqId, 436 OSSL_CMP_MSG **certReq, 437 int64_t *check_after); 438int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx, 439 OSSL_CMP_SRV_cert_request_cb_t process_cert_request, 440 OSSL_CMP_SRV_rr_cb_t process_rr, 441 OSSL_CMP_SRV_genm_cb_t process_genm, 442 OSSL_CMP_SRV_error_cb_t process_error, 443 OSSL_CMP_SRV_certConf_cb_t process_certConf, 444 OSSL_CMP_SRV_pollReq_cb_t process_pollReq); 445OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); 446void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx); 447int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx, 448 int val); 449int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val); 450int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val); 451int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx, 452 int val); 453 454/* from cmp_client.c */ 455X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type, 456 const OSSL_CRMF_MSG *crm); 457# define OSSL_CMP_IR 0 458# define OSSL_CMP_CR 2 459# define OSSL_CMP_P10CR 4 460# define OSSL_CMP_KUR 7 461# define OSSL_CMP_exec_IR_ses(ctx) \ 462 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL) 463# define OSSL_CMP_exec_CR_ses(ctx) \ 464 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL) 465# define OSSL_CMP_exec_P10CR_ses(ctx) \ 466 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL) 467# define OSSL_CMP_exec_KUR_ses(ctx) \ 468 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL) 469int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, 470 const OSSL_CRMF_MSG *crm, int *checkAfter); 471int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx); 472STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx); 473 474# ifdef __cplusplus 475} 476# endif 477# endif /* !defined(OPENSSL_NO_CMP) */ 478#endif /* !defined(OPENSSL_CMP_H) */ 479