VirtualBox

source: vbox/trunk/src/libs/openssl-3.0.7/include/openssl/cmp.h.in@ 97851

最後變更 在這個檔案從97851是 94320,由 vboxsync 提交於 3 年 前

libs/openssl-3.0.1: Export to OSE and fix copyright headers in Makefiles, bugref:10128
檔案大小: 22.1 KB
 
1/*
2 * {- join("\n * ", @autowarntext) -}
3 *
4 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
5 * Copyright Nokia 2007-2019
6 * Copyright Siemens AG 2015-2019
7 *
8 * Licensed under the Apache License 2.0 (the "License"). You may not use
9 * this file except in compliance with the License. You can obtain a copy
10 * in the file LICENSE in the source distribution or at
11 * https://www.openssl.org/source/license.html
12 */
13
14{-
15use OpenSSL::stackhash qw(generate_stack_macros);
16-}
17
18#ifndef OPENSSL_CMP_H
19# define OPENSSL_CMP_H
20
21# include <openssl/opensslconf.h>
22# ifndef OPENSSL_NO_CMP
23
24# include <openssl/crmf.h>
25# include <openssl/cmperr.h>
26# include <openssl/cmp_util.h>
27# include <openssl/http.h>
28
29/* explicit #includes not strictly needed since implied by the above: */
30# include <openssl/types.h>
31# include <openssl/safestack.h>
32# include <openssl/x509.h>
33# include <openssl/x509v3.h>
34
35# ifdef __cplusplus
36extern "C" {
37# endif
38
39# define OSSL_CMP_PVNO 2
40
41/*-
42 * PKIFailureInfo ::= BIT STRING {
43 * -- since we can fail in more than one way!
44 * -- More codes may be added in the future if/when required.
45 * badAlg (0),
46 * -- unrecognized or unsupported Algorithm Identifier
47 * badMessageCheck (1),
48 * -- integrity check failed (e.g., signature did not verify)
49 * badRequest (2),
50 * -- transaction not permitted or supported
51 * badTime (3),
52 * -- messageTime was not sufficiently close to the system time,
53 * -- as defined by local policy
54 * badCertId (4),
55 * -- no certificate could be found matching the provided criteria
56 * badDataFormat (5),
57 * -- the data submitted has the wrong format
58 * wrongAuthority (6),
59 * -- the authority indicated in the request is different from the
60 * -- one creating the response token
61 * incorrectData (7),
62 * -- the requester's data is incorrect (for notary services)
63 * missingTimeStamp (8),
64 * -- when the timestamp is missing but should be there
65 * -- (by policy)
66 * badPOP (9),
67 * -- the proof-of-possession failed
68 * certRevoked (10),
69 * -- the certificate has already been revoked
70 * certConfirmed (11),
71 * -- the certificate has already been confirmed
72 * wrongIntegrity (12),
73 * -- invalid integrity, password based instead of signature or
74 * -- vice versa
75 * badRecipientNonce (13),
76 * -- invalid recipient nonce, either missing or wrong value
77 * timeNotAvailable (14),
78 * -- the TSA's time source is not available
79 * unacceptedPolicy (15),
80 * -- the requested TSA policy is not supported by the TSA.
81 * unacceptedExtension (16),
82 * -- the requested extension is not supported by the TSA.
83 * addInfoNotAvailable (17),
84 * -- the additional information requested could not be
85 * -- understood or is not available
86 * badSenderNonce (18),
87 * -- invalid sender nonce, either missing or wrong size
88 * badCertTemplate (19),
89 * -- invalid cert. template or missing mandatory information
90 * signerNotTrusted (20),
91 * -- signer of the message unknown or not trusted
92 * transactionIdInUse (21),
93 * -- the transaction identifier is already in use
94 * unsupportedVersion (22),
95 * -- the version of the message is not supported
96 * notAuthorized (23),
97 * -- the sender was not authorized to make the preceding
98 * -- request or perform the preceding action
99 * systemUnavail (24),
100 * -- the request cannot be handled due to system unavailability
101 * systemFailure (25),
102 * -- the request cannot be handled due to system failure
103 * duplicateCertReq (26)
104 * -- certificate cannot be issued because a duplicate
105 * -- certificate already exists
106 * }
107 */
108# define OSSL_CMP_PKIFAILUREINFO_badAlg 0
109# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1
110# define OSSL_CMP_PKIFAILUREINFO_badRequest 2
111# define OSSL_CMP_PKIFAILUREINFO_badTime 3
112# define OSSL_CMP_PKIFAILUREINFO_badCertId 4
113# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5
114# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6
115# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7
116# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8
117# define OSSL_CMP_PKIFAILUREINFO_badPOP 9
118# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10
119# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11
120# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12
121# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13
122# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14
123# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15
124# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16
125# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17
126# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18
127# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19
128# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20
129# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21
130# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22
131# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23
132# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24
133# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25
134# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
135# define OSSL_CMP_PKIFAILUREINFO_MAX 26
136# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \
137 ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1)
138# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
139# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
140# endif
141
142typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;
143
144# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0)
145# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1)
146# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2)
147# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3)
148# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4)
149# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5)
150# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6)
151# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7)
152# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8)
153# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9)
154# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10)
155# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11)
156# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12)
157# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13)
158# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14)
159# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15)
160# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16)
161# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17)
162# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18)
163# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19)
164# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20)
165# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21)
166# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22)
167# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23)
168# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24)
169# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25)
170# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26)
171
172/*-
173 * PKIStatus ::= INTEGER {
174 * accepted (0),
175 * -- you got exactly what you asked for
176 * grantedWithMods (1),
177 * -- you got something like what you asked for; the
178 * -- requester is responsible for ascertaining the differences
179 * rejection (2),
180 * -- you don't get it, more information elsewhere in the message
181 * waiting (3),
182 * -- the request body part has not yet been processed; expect to
183 * -- hear more later (note: proper handling of this status
184 * -- response MAY use the polling req/rep PKIMessages specified
185 * -- in Section 5.3.22; alternatively, polling in the underlying
186 * -- transport layer MAY have some utility in this regard)
187 * revocationWarning (4),
188 * -- this message contains a warning that a revocation is
189 * -- imminent
190 * revocationNotification (5),
191 * -- notification that a revocation has occurred
192 * keyUpdateWarning (6)
193 * -- update already done for the oldCertId specified in
194 * -- CertReqMsg
195 * }
196 */
197# define OSSL_CMP_PKISTATUS_accepted 0
198# define OSSL_CMP_PKISTATUS_grantedWithMods 1
199# define OSSL_CMP_PKISTATUS_rejection 2
200# define OSSL_CMP_PKISTATUS_waiting 3
201# define OSSL_CMP_PKISTATUS_revocationWarning 4
202# define OSSL_CMP_PKISTATUS_revocationNotification 5
203# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6
204
205typedef ASN1_INTEGER OSSL_CMP_PKISTATUS;
206DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS)
207
208# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0
209# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1
210
211/* data type declarations */
212typedef struct ossl_cmp_ctx_st OSSL_CMP_CTX;
213typedef struct ossl_cmp_pkiheader_st OSSL_CMP_PKIHEADER;
214DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
215typedef struct ossl_cmp_msg_st OSSL_CMP_MSG;
216DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
217DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG)
218typedef struct ossl_cmp_certstatus_st OSSL_CMP_CERTSTATUS;
219{-
220 generate_stack_macros("OSSL_CMP_CERTSTATUS");
221-}
222typedef struct ossl_cmp_itav_st OSSL_CMP_ITAV;
223DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
224{-
225 generate_stack_macros("OSSL_CMP_ITAV");
226-}
227typedef struct ossl_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT;
228typedef struct ossl_cmp_pkisi_st OSSL_CMP_PKISI;
229DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
230DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
231{-
232 generate_stack_macros("OSSL_CMP_PKISI");
233-}
234typedef struct ossl_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE;
235{-
236 generate_stack_macros("OSSL_CMP_CERTREPMESSAGE");
237-}
238typedef struct ossl_cmp_pollrep_st OSSL_CMP_POLLREP;
239typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT;
240typedef struct ossl_cmp_certresponse_st OSSL_CMP_CERTRESPONSE;
241{-
242 generate_stack_macros("OSSL_CMP_CERTRESPONSE");
243-}
244typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT;
245
246/*
247 * function DECLARATIONS
248 */
249
250/* from cmp_asn.c */
251OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value);
252void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
253 ASN1_TYPE *value);
254ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav);
255ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav);
256int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
257 OSSL_CMP_ITAV *itav);
258void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
259void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
260
261/* from cmp_ctx.c */
262OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
263void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
264int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
265/* CMP general options: */
266# define OSSL_CMP_OPT_LOG_VERBOSITY 0
267/* CMP transfer options: */
268# define OSSL_CMP_OPT_KEEP_ALIVE 10
269# define OSSL_CMP_OPT_MSG_TIMEOUT 11
270# define OSSL_CMP_OPT_TOTAL_TIMEOUT 12
271/* CMP request options: */
272# define OSSL_CMP_OPT_VALIDITY_DAYS 20
273# define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 21
274# define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 22
275# define OSSL_CMP_OPT_POLICIES_CRITICAL 23
276# define OSSL_CMP_OPT_POPO_METHOD 24
277# define OSSL_CMP_OPT_IMPLICIT_CONFIRM 25
278# define OSSL_CMP_OPT_DISABLE_CONFIRM 26
279# define OSSL_CMP_OPT_REVOCATION_REASON 27
280/* CMP protection options: */
281# define OSSL_CMP_OPT_UNPROTECTED_SEND 30
282# define OSSL_CMP_OPT_UNPROTECTED_ERRORS 31
283# define OSSL_CMP_OPT_OWF_ALGNID 32
284# define OSSL_CMP_OPT_MAC_ALGNID 33
285# define OSSL_CMP_OPT_DIGEST_ALGNID 34
286# define OSSL_CMP_OPT_IGNORE_KEYUSAGE 35
287# define OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR 36
288int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
289int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
290/* CMP-specific callback for logging and outputting the error queue: */
291int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb);
292# define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \
293 OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level)
294void OSSL_CMP_CTX_print_errors(const OSSL_CMP_CTX *ctx);
295/* message transfer: */
296int OSSL_CMP_CTX_set1_serverPath(OSSL_CMP_CTX *ctx, const char *path);
297int OSSL_CMP_CTX_set1_server(OSSL_CMP_CTX *ctx, const char *address);
298int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port);
299int OSSL_CMP_CTX_set1_proxy(OSSL_CMP_CTX *ctx, const char *name);
300int OSSL_CMP_CTX_set1_no_proxy(OSSL_CMP_CTX *ctx, const char *names);
301int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
302int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
303void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
304typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
305 const OSSL_CMP_MSG *req);
306int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
307int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
308void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
309/* server authentication: */
310int OSSL_CMP_CTX_set1_srvCert(OSSL_CMP_CTX *ctx, X509 *cert);
311int OSSL_CMP_CTX_set1_expected_sender(OSSL_CMP_CTX *ctx, const X509_NAME *name);
312int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store);
313X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx);
314int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs);
315STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx);
316/* client authentication: */
317int OSSL_CMP_CTX_set1_cert(OSSL_CMP_CTX *ctx, X509 *cert);
318int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
319 STACK_OF(X509) *candidates);
320int OSSL_CMP_CTX_set1_pkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey);
321int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
322 const unsigned char *ref, int len);
323int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
324 const int len);
325/* CMP message header and extra certificates: */
326int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name);
327int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
328int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
329 STACK_OF(X509) *extraCertsOut);
330/* certificate template: */
331int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey);
332EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv);
333int OSSL_CMP_CTX_set1_issuer(OSSL_CMP_CTX *ctx, const X509_NAME *name);
334int OSSL_CMP_CTX_set1_subjectName(OSSL_CMP_CTX *ctx, const X509_NAME *name);
335int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
336 const GENERAL_NAME *name);
337int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts);
338int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx);
339int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo);
340int OSSL_CMP_CTX_set1_oldCert(OSSL_CMP_CTX *ctx, X509 *cert);
341int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr);
342/* misc body contents: */
343int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
344/* certificate confirmation: */
345typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
346 int fail_info, const char **txt);
347int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
348 const char **text);
349int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb);
350int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
351void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
352/* result fetching: */
353int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx);
354OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx);
355int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx);
356# define OSSL_CMP_PKISI_BUFLEN 1024
357X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx);
358STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx);
359STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx);
360STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx);
361int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
362 const ASN1_OCTET_STRING *id);
363int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
364 const ASN1_OCTET_STRING *nonce);
365
366/* from cmp_status.c */
367char *OSSL_CMP_CTX_snprint_PKIStatus(const OSSL_CMP_CTX *ctx, char *buf,
368 size_t bufsize);
369char *OSSL_CMP_snprint_PKIStatusInfo(const OSSL_CMP_PKISI *statusInfo,
370 char *buf, size_t bufsize);
371OSSL_CMP_PKISI *
372OSSL_CMP_STATUSINFO_new(int status, int fail_info, const char *text);
373
374/* from cmp_hdr.c */
375ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_transactionID(const
376 OSSL_CMP_PKIHEADER *hdr);
377ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
378
379/* from cmp_msg.c */
380OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
381int OSSL_CMP_MSG_get_bodytype(const OSSL_CMP_MSG *msg);
382int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
383OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
384OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
385 const char *propq);
386int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
387OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
388int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);
389
390/* from cmp_vfy.c */
391int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg);
392int OSSL_CMP_validate_cert_path(const OSSL_CMP_CTX *ctx,
393 X509_STORE *trusted_store, X509 *cert);
394
395/* from cmp_http.c */
396OSSL_CMP_MSG *OSSL_CMP_MSG_http_perform(OSSL_CMP_CTX *ctx,
397 const OSSL_CMP_MSG *req);
398
399/* from cmp_server.c */
400typedef struct ossl_cmp_srv_ctx_st OSSL_CMP_SRV_CTX;
401OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx,
402 const OSSL_CMP_MSG *req);
403OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
404 const OSSL_CMP_MSG *req);
405OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
406void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx);
407typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)
408 (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId,
409 const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr,
410 X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs);
411typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
412 const OSSL_CMP_MSG *req,
413 const X509_NAME *issuer,
414 const ASN1_INTEGER *serial);
415typedef int (*OSSL_CMP_SRV_genm_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
416 const OSSL_CMP_MSG *req,
417 const STACK_OF(OSSL_CMP_ITAV) *in,
418 STACK_OF(OSSL_CMP_ITAV) **out);
419typedef void (*OSSL_CMP_SRV_error_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
420 const OSSL_CMP_MSG *req,
421 const OSSL_CMP_PKISI *statusInfo,
422 const ASN1_INTEGER *errorCode,
423 const OSSL_CMP_PKIFREETEXT *errDetails);
424typedef int (*OSSL_CMP_SRV_certConf_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
425 const OSSL_CMP_MSG *req,
426 int certReqId,
427 const ASN1_OCTET_STRING *certHash,
428 const OSSL_CMP_PKISI *si);
429typedef int (*OSSL_CMP_SRV_pollReq_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
430 const OSSL_CMP_MSG *req, int certReqId,
431 OSSL_CMP_MSG **certReq,
432 int64_t *check_after);
433int OSSL_CMP_SRV_CTX_init(OSSL_CMP_SRV_CTX *srv_ctx, void *custom_ctx,
434 OSSL_CMP_SRV_cert_request_cb_t process_cert_request,
435 OSSL_CMP_SRV_rr_cb_t process_rr,
436 OSSL_CMP_SRV_genm_cb_t process_genm,
437 OSSL_CMP_SRV_error_cb_t process_error,
438 OSSL_CMP_SRV_certConf_cb_t process_certConf,
439 OSSL_CMP_SRV_pollReq_cb_t process_pollReq);
440OSSL_CMP_CTX *OSSL_CMP_SRV_CTX_get0_cmp_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
441void *OSSL_CMP_SRV_CTX_get0_custom_ctx(const OSSL_CMP_SRV_CTX *srv_ctx);
442int OSSL_CMP_SRV_CTX_set_send_unprotected_errors(OSSL_CMP_SRV_CTX *srv_ctx,
443 int val);
444int OSSL_CMP_SRV_CTX_set_accept_unprotected(OSSL_CMP_SRV_CTX *srv_ctx, int val);
445int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val);
446int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
447 int val);
448
449/* from cmp_client.c */
450X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
451 const OSSL_CRMF_MSG *crm);
452# define OSSL_CMP_IR 0
453# define OSSL_CMP_CR 2
454# define OSSL_CMP_P10CR 4
455# define OSSL_CMP_KUR 7
456# define OSSL_CMP_exec_IR_ses(ctx) \
457 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_IR, NULL)
458# define OSSL_CMP_exec_CR_ses(ctx) \
459 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_CR, NULL)
460# define OSSL_CMP_exec_P10CR_ses(ctx) \
461 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_P10CR, NULL)
462# define OSSL_CMP_exec_KUR_ses(ctx) \
463 OSSL_CMP_exec_certreq(ctx, OSSL_CMP_KUR, NULL)
464int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
465 const OSSL_CRMF_MSG *crm, int *checkAfter);
466int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
467STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
468
469# ifdef __cplusplus
470}
471# endif
472# endif /* !defined(OPENSSL_NO_CMP) */
473#endif /* !defined(OPENSSL_CMP_H) */
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette