VirtualBox

source: vbox/trunk/src/libs/openssl-3.4.1/include/openssl/cmp.h.in

Last change on this file was 109052, checked in by vboxsync, 3 weeks ago

openssl-3.4.1: Applied our changes, regenerated files, added missing files and functions. This time with a three way merge. ​bugref:10890
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 28.2 KB
Line 
1/*
2 * {- join("\n * ", @autowarntext) -}
3 *
4 * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
5 * Copyright Nokia 2007-2019
6 * Copyright Siemens AG 2015-2019
7 *
8 * Licensed under the Apache License 2.0 (the "License"). You may not use
9 * this file except in compliance with the License. You can obtain a copy
10 * in the file LICENSE in the source distribution or at
11 * https://www.openssl.org/source/license.html
12 */
13
14{-
15use OpenSSL::stackhash qw(generate_stack_macros);
16-}
17
18#ifndef OPENSSL_CMP_H
19# define OPENSSL_CMP_H
20
21# include <openssl/opensslconf.h>
22# ifndef OPENSSL_NO_CMP
23
24# include <openssl/crmf.h>
25# include <openssl/cmperr.h>
26# include <openssl/cmp_util.h>
27# include <openssl/http.h>
28
29/* explicit #includes not strictly needed since implied by the above: */
30# include <openssl/types.h>
31# include <openssl/safestack.h>
32# include <openssl/x509.h>
33# include <openssl/x509v3.h>
34
35# ifdef __cplusplus
36extern "C" {
37# endif
38
39# define OSSL_CMP_PVNO_2 2
40# define OSSL_CMP_PVNO_3 3
41# define OSSL_CMP_PVNO OSSL_CMP_PVNO_2 /* v2 is the default */
42
43/*-
44 * PKIFailureInfo ::= BIT STRING {
45 * -- since we can fail in more than one way!
46 * -- More codes may be added in the future if/when required.
47 * badAlg (0),
48 * -- unrecognized or unsupported Algorithm Identifier
49 * badMessageCheck (1),
50 * -- integrity check failed (e.g., signature did not verify)
51 * badRequest (2),
52 * -- transaction not permitted or supported
53 * badTime (3),
54 * -- messageTime was not sufficiently close to the system time,
55 * -- as defined by local policy
56 * badCertId (4),
57 * -- no certificate could be found matching the provided criteria
58 * badDataFormat (5),
59 * -- the data submitted has the wrong format
60 * wrongAuthority (6),
61 * -- the authority indicated in the request is different from the
62 * -- one creating the response token
63 * incorrectData (7),
64 * -- the requester's data is incorrect (for notary services)
65 * missingTimeStamp (8),
66 * -- when the timestamp is missing but should be there
67 * -- (by policy)
68 * badPOP (9),
69 * -- the proof-of-possession failed
70 * certRevoked (10),
71 * -- the certificate has already been revoked
72 * certConfirmed (11),
73 * -- the certificate has already been confirmed
74 * wrongIntegrity (12),
75 * -- invalid integrity, password based instead of signature or
76 * -- vice versa
77 * badRecipientNonce (13),
78 * -- invalid recipient nonce, either missing or wrong value
79 * timeNotAvailable (14),
80 * -- the TSA's time source is not available
81 * unacceptedPolicy (15),
82 * -- the requested TSA policy is not supported by the TSA.
83 * unacceptedExtension (16),
84 * -- the requested extension is not supported by the TSA.
85 * addInfoNotAvailable (17),
86 * -- the additional information requested could not be
87 * -- understood or is not available
88 * badSenderNonce (18),
89 * -- invalid sender nonce, either missing or wrong size
90 * badCertTemplate (19),
91 * -- invalid cert. template or missing mandatory information
92 * signerNotTrusted (20),
93 * -- signer of the message unknown or not trusted
94 * transactionIdInUse (21),
95 * -- the transaction identifier is already in use
96 * unsupportedVersion (22),
97 * -- the version of the message is not supported
98 * notAuthorized (23),
99 * -- the sender was not authorized to make the preceding
100 * -- request or perform the preceding action
101 * systemUnavail (24),
102 * -- the request cannot be handled due to system unavailability
103 * systemFailure (25),
104 * -- the request cannot be handled due to system failure
105 * duplicateCertReq (26)
106 * -- certificate cannot be issued because a duplicate
107 * -- certificate already exists
108 * }
109 */
110# define OSSL_CMP_PKIFAILUREINFO_badAlg 0
111# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1
112# define OSSL_CMP_PKIFAILUREINFO_badRequest 2
113# define OSSL_CMP_PKIFAILUREINFO_badTime 3
114# define OSSL_CMP_PKIFAILUREINFO_badCertId 4
115# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5
116# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6
117# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7
118# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8
119# define OSSL_CMP_PKIFAILUREINFO_badPOP 9
120# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10
121# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11
122# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12
123# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13
124# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14
125# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15
126# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16
127# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17
128# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18
129# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19
130# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20
131# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21
132# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22
133# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23
134# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24
135# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25
136# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
137# define OSSL_CMP_PKIFAILUREINFO_MAX 26
138# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \
139 ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1)
140# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
141# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
142# endif
143typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
144
145# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
146# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1)
147# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2)
148# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3)
149# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4)
150# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5)
151# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6)
152# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7)
153# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8)
154# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9)
155# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10)
156# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11)
157# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12)
158# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13)
159# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14)
160# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15)
161# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16)
162# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17)
163# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18)
164# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19)
165# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20)
166# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21)
167# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22)
168# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23)
169# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24)
170# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25)
171# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26)
172
173/*-
174 * PKIStatus ::= INTEGER {
175 * accepted (0),
176 * -- you got exactly what you asked for
177 * grantedWithMods (1),
178 * -- you got something like what you asked for; the
179 * -- requester is responsible for ascertaining the differences
180 * rejection (2),
181 * -- you don't get it, more information elsewhere in the message
182 * waiting (3),
183 * -- the request body part has not yet been processed; expect to
184 * -- hear more later (note: proper handling of this status
185 * -- response MAY use the polling req/rep PKIMessages specified
186 * -- in Section 5.3.22; alternatively, polling in the underlying
187 * -- transport layer MAY have some utility in this regard)
188 * revocationWarning (4),
189 * -- this message contains a warning that a revocation is
190 * -- imminent
191 * revocationNotification (5),
192 * -- notification that a revocation has occurred
193 * keyUpdateWarning (6)
194 * -- update already done for the oldCertId specified in
195 * -- CertReqMsg
196 * }
197 */
198# define OSSL_CMP_PKISTATUS_request -3
199# define OSSL_CMP_PKISTATUS_trans -2
200# define OSSL_CMP_PKISTATUS_unspecified -1
201# define OSSL_CMP_PKISTATUS_accepted 0
202# define OSSL_CMP_PKISTATUS_grantedWithMods 1
203# define OSSL_CMP_PKISTATUS_rejection 2
204# define OSSL_CMP_PKISTATUS_waiting 3
205# define OSSL_CMP_PKISTATUS_revocationWarning 4
206# define OSSL_CMP_PKISTATUS_revocationNotification 5
207# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6
208typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
209
210DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
211
212# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
213# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1
214
215/* data type declarations */
216typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX;
217typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER;
218DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
219typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
220DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
221DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
222typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
223{-
224 generate_stack_macros("OSSL_CMP_CERTSTATUS");
225-}
226typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
227DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
228{-
229 generate_stack_macros("OSSL_CMP_ITAV");
230-}
231
232typedef struct ossl_cmp_crlstatus_st OSSL_CMP_CRLSTATUS;
233{-
234 generate_stack_macros("OSSL_CMP_CRLSTATUS");
235-}
236
237typedef OSSL_CRMF_ATTRIBUTETYPEANDVALUE OSSL_CMP_ATAV;
238# define OSSL_CMP_ATAV_free OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free
239typedef STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) OSSL_CMP_ATAVS;
240DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ATAVS)
241# define stack_st_OSSL_CMP_ATAV stack_st_OSSL_CRMF_ATTRIBUTETYPEANDVALUE
242# define sk_OSSL_CMP_ATAV_num sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_num
243# define sk_OSSL_CMP_ATAV_value sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_value
244# define sk_OSSL_CMP_ATAV_push sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_push
245# define sk_OSSL_CMP_ATAV_pop_free sk_OSSL_CRMF_ATTRIBUTETYPEANDVALUE_pop_free
246
247typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
248typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
249DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
250DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
251{-
252 generate_stack_macros("OSSL_CMP_PKISI");
253-}
254typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
255{-
256 generate_stack_macros("OSSL_CMP_CERTREPMESSAGE");
257-}
258typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
259typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
260typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
261{-
262 generate_stack_macros("OSSL_CMP_CERTRESPONSE");
263-}
264typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
265
266/*
267 * function DECLARATIONS
268 */
269
270/* from cmp_asn.c */
271OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
272void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
273 ASN1_TYPE *value);
274ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
275ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
276int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **sk_p,
277 OSSL_CMP_ITAV *itav);
278void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
279
280OSSL_CMP_ITAV *OSSL_CMP_ITAV_new0_certProfile(STACK_OF(ASN1_UTF8STRING)
281 *certProfile);
282int OSSL_CMP_ITAV_get0_certProfile(const OSSL_CMP_ITAV *itav,
283 STACK_OF(ASN1_UTF8STRING) **out);
284OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
285int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
286
287OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
288int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
289OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
290 const X509 *newWithOld,
291 const X509 *oldWithNew);
292int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
293 X509 **newWithNew,
294 X509 **newWithOld,
295 X509 **oldWithNew);
296
297OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl,
298 const X509 *cert, int only_DN);
299OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn,
300 const GENERAL_NAMES *issuer,
301 const ASN1_TIME *thisUpdate);
302int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus,
303 DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer,
304 ASN1_TIME **thisUpdate);
305void OSSL_CMP_CRLSTATUS_free(OSSL_CMP_CRLSTATUS *crlstatus);
306OSSL_CMP_ITAV
307*OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList);
308int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav,
309 STACK_OF(OSSL_CMP_CRLSTATUS) **out);
310OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crls);
311int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *it, STACK_OF(X509_CRL) **out);
312OSSL_CMP_ITAV
313*OSSL_CMP_ITAV_new0_certReqTemplate(OSSL_CRMF_CERTTEMPLATE *certTemplate,
314 OSSL_CMP_ATAVS *keySpec);
315int OSSL_CMP_ITAV_get1_certReqTemplate(const OSSL_CMP_ITAV *itav,
316 OSSL_CRMF_CERTTEMPLATE **certTemplate,
317 OSSL_CMP_ATAVS **keySpec);
318
319OSSL_CMP_ATAV *OSSL_CMP_ATAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
320void OSSL_CMP_ATAV_set0(OSSL_CMP_ATAV *itav, ASN1_OBJECT *type,
321 ASN1_TYPE *value);
322ASN1_OBJECT *OSSL_CMP_ATAV_get0_type(const OSSL_CMP_ATAV *itav);
323ASN1_TYPE *OSSL_CMP_ATAV_get0_value(const OSSL_CMP_ATAV *itav);
324OSSL_CMP_ATAV *OSSL_CMP_ATAV_new_algId(const X509_ALGOR *alg);
325X509_ALGOR *OSSL_CMP_ATAV_get0_algId(const OSSL_CMP_ATAV *atav);
326OSSL_CMP_ATAV *OSSL_CMP_ATAV_new_rsaKeyLen(int len);
327int OSSL_CMP_ATAV_get_rsaKeyLen(const OSSL_CMP_ATAV *atav);
328int OSSL_CMP_ATAV_push1(OSSL_CMP_ATAVS **sk_p, const OSSL_CMP_ATAV *atav);
329
330void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
331
332/* from cmp_ctx.c */
333OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
334void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
335int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
336OSSL_LIB_CTX *OSSL_CMP_CTX_get0_libctx(const OSSL_CMP_CTX *ctx);
337const char *OSSL_CMP_CTX_get0_propq(const OSSL_CMP_CTX *ctx);
338/* CMP general options: */
339# define OSSL_CMP_OPT_LOG_VERBOSITY 0
340/* CMP transfer options: */
341# define OSSL_CMP_OPT_KEEP_ALIVE 10
342# define OSSL_CMP_OPT_MSG_TIMEOUT 11
343# define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
344# define OSSL_CMP_OPT_USE_TLS 13
345/* CMP request options: */
346# define OSSL_CMP_OPT_VALIDITY_DAYS 20
347# define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
348# define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22
349# define OSSL_CMP_OPT_POLICIES_CRITICAL 23
350# define OSSL_CMP_OPT_POPO_METHOD 24
351# define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25
352# define OSSL_CMP_OPT_DISABLE_CONFIRM 26
353# define OSSL_CMP_OPT_REVOCATION_REASON 27
354/* CMP protection options: */
355# define OSSL_CMP_OPT_UNPROTECTED_SEND 30
356# define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31
357# define OSSL_CMP_OPT_OWF_ALGNID 32
358# define OSSL_CMP_OPT_MAC_ALGNID 33
359# define OSSL_CMP_OPT_DIGEST_ALGNID 34
360# define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35
361# define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36
362# define OSSL_CMP_OPT_NO_CACHE_EXTRACERTS 37
363int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
364int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
365/* CMP-specific callback for logging and outputting the error queue: */
366int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb);
367# define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \
368 OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level)
369void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx);
370/* message transfer: */
371int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path);
372int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
373int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
374int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
375int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
376# ifndef OPENSSL_NO_HTTP
377int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
378int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
379void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
380# endif
381typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
382 const OSSL_CMP_MSG *req);
383int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
384int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
385void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
386/* server authentication: */
387int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
388int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
389int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
390# define OSSL_CMP_CTX_set0_trusted OSSL_CMP_CTX_set0_trustedStore
391X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
392# define OSSL_CMP_CTX_get0_trusted OSSL_CMP_CTX_get0_trustedStore
393int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
394STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
395/* client authentication: */
396int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
397int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
398 STACK_OF(X509) *candidates);
399int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
400int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
401 const unsigned char *ref, int len);
402int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx,
403 const unsigned char *sec, int len);
404/* CMP message header and extra certificates: */
405int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
406int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
407int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx);
408STACK_OF(OSSL_CMP_ITAV)
409 *OSSL_CMP_CTX_get0_geninfo_ITAVs(const OSSL_CMP_CTX *ctx);
410int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
411 STACK_OF(X509) *extraCertsOut);
412/* certificate template: */
413int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
414EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
415int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
416int OSSL_CMP_CTX_set1_serialNumber(OSSL_CMP_CTX *ctx, const ASN1_INTEGER *sn);
417int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
418int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
419 const GENERAL_NAME *name);
420int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts);
421int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx);
422int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo);
423int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert);
424int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr);
425/* misc body contents: */
426int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
427/* certificate confirmation: */
428typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
429 int fail_info, const char **txt);
430int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
431 const char **text);
432int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb);
433int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
434void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
435/* result fetching: */
436int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
437OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
438int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
439# define OSSL_CMP_PKISI_BUFLEN 1024
440X509 *OSSL_CMP_CTX_get0_validatedSrvCert(const OSSL_CMP_CTX *ctx);
441X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
442STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
443STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
444STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx);
445int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
446 const ASN1_OCTET_STRING *id);
447int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
448 const ASN1_OCTET_STRING *nonce);
449
450/* from cmp_status.c */
451char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf,
452 size_t bufsize);
453char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo,
454 char *buf, size_t bufsize);
455OSSL_CMP_PKISI *
456OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text);
457
458/* from cmp_hdr.c */
459ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
460 OSSL_CMP_PKIHEADER *hdr);
461ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
462STACK_OF(OSSL_CMP_ITAV)
463 *OSSL_CMP_HDR_get0_geninfo_ITAVs(const OSSL_CMP_PKIHEADER *hdr);
464
465/* from cmp_msg.c */
466OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
467int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
468X509_PUBKEY *OSSL_CMP_MSG_get0_certreq_publickey(const OSSL_CMP_MSG *msg);
469int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
470int OSSL_CMP_MSG_update_recipNonce(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
471OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
472OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
473 const char *propq);
474int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
475OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
476int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
477
478/* from cmp_vfy.c */
479int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg);
480int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
481 X509_STORE *trusted_store, X509 *cert);
482
483/* from cmp_http.c */
484# ifndef OPENSSL_NO_HTTP
485OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
486 const OSSL_CMP_MSG *req);
487# endif
488
489/* from cmp_server.c */
490typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
491OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
492 const OSSL_CMP_MSG *req);
493OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
494 const OSSL_CMP_MSG *req);
495OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
496void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx);
497typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)
498 (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId,
499 const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr,
500 X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs);
501typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
502 const OSSL_CMP_MSG *req,
503 const X509_NAME *issuer,
504 const ASN1_INTEGER *serial);
505typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
506 const OSSL_CMP_MSG *req,
507 const STACK_OF(OSSL_CMP_ITAV) *in,
508 STACK_OF(OSSL_CMP_ITAV) **out);
509typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
510 const OSSL_CMP_MSG *req,
511 const OSSL_CMP_PKISI *statusInfo,
512 const ASN1_INTEGER *errorCode,
513 const OSSL_CMP_PKIFREETEXT *errDetails);
514typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
515 const OSSL_CMP_MSG *req,
516 int certReqId,
517 const ASN1_OCTET_STRING *certHash,
518 const OSSL_CMP_PKISI *si);
519typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
520 const OSSL_CMP_MSG *req, int certReqId,
521 OSSL_CMP_MSG **certReq,
522 int64_t *check_after);
523int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx,
524 OSSL_CMP_SRV_cert_request_cb_t process_cert_request,
525 OSSL_CMP_SRV_rr_cb_t process_rr,
526 OSSL_CMP_SRV_genm_cb_t process_genm,
527 OSSL_CMP_SRV_error_cb_t process_error,
528 OSSL_CMP_SRV_certConf_cb_t process_certConf,
529 OSSL_CMP_SRV_pollReq_cb_t process_pollReq);
530typedef int (*OSSL_CMP_SRV_delayed_delivery_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
531 const OSSL_CMP_MSG *req);
532typedef int (*OSSL_CMP_SRV_clean_transaction_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
533 const ASN1_OCTET_STRING *id);
534int OSSL_CMP_SRV_CTX_init_trans(OSSL_CMP_SRV_CTX *srv_ctx,
535 OSSL_CMP_SRV_delayed_delivery_cb_t delay,
536 OSSL_CMP_SRV_clean_transaction_cb_t clean);
537OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
538void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
539int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx,
540 int val);
541int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val);
542int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val);
543int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
544 int val);
545
546/* from cmp_client.c */
547X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
548 const OSSL_CRMF_MSG *crm);
549# define OSSL_CMP_IR 0
550# define OSSL_CMP_CR 2
551# define OSSL_CMP_P10CR 4
552# define OSSL_CMP_KUR 7
553# define OSSL_CMP_GENM 21
554# define OSSL_CMP_ERROR 23
555# define OSSL_CMP_exec_IR_ses(ctx) \
556 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL)
557# define OSSL_CMP_exec_CR_ses(ctx) \
558 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL)
559# define OSSL_CMP_exec_P10CR_ses(ctx) \
560 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL)
561# define OSSL_CMP_exec_KUR_ses(ctx) \
562 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL)
563int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
564 const OSSL_CRMF_MSG *crm, int *checkAfter);
565int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
566STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
567
568/* from cmp_genm.c */
569int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
570int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
571 const X509 *oldWithOld, X509 **newWithNew,
572 X509 **newWithOld, X509 **oldWithNew);
573int OSSL_CMP_get1_crlUpdate(OSSL_CMP_CTX *ctx, const X509 *crlcert,
574 const X509_CRL *last_crl,
575 X509_CRL **crl);
576int OSSL_CMP_get1_certReqTemplate(OSSL_CMP_CTX *ctx,
577 OSSL_CRMF_CERTTEMPLATE **certTemplate,
578 OSSL_CMP_ATAVS **keySpec);
579
580# ifdef __cplusplus
581}
582# endif
583# endif /* !defined(OPENSSL_NO_CMP) */
584#endif /* !defined(OPENSSL_CMP_H) */
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette