cmp_asn.c 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853
  1. /*
  2. * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. * Copyright Nokia 2007-2019
  4. * Copyright Siemens AG 2015-2019
  5. *
  6. * Licensed under the Apache License 2.0 (the "License"). You may not use
  7. * this file except in compliance with the License. You can obtain a copy
  8. * in the file LICENSE in the source distribution or at
  9. * https://www.openssl.org/source/license.html
  10. */
  11. #include <openssl/asn1t.h>
  12. #include "cmp_local.h"
  13. /* explicit #includes not strictly needed since implied by the above: */
  14. #include <openssl/cmp.h>
  15. #include <openssl/crmf.h>
  16. /* ASN.1 declarations from RFC4210 */
  17. ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
  18. /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */
  19. ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER),
  20. ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID),
  21. ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME),
  22. ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME),
  23. ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS)
  24. } ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT)
  25. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)
  26. ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
  27. ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR),
  28. ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING),
  29. ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING)
  30. } ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE)
  31. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)
  32. ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) =
  33. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
  34. OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE)
  35. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT)
  36. ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) =
  37. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
  38. OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER)
  39. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT)
  40. ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
  41. /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
  42. ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509),
  43. /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
  44. ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509),
  45. /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
  46. ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509)
  47. } ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT)
  48. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)
  49. ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
  50. ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI),
  51. ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER),
  52. /* OSSL_CMP_PKIFREETEXT is a ASN1_UTF8STRING sequence, so used directly */
  53. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails,
  54. ASN1_UTF8STRING)
  55. } ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT)
  56. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT)
  57. ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV,
  58. infoValue.other,
  59. ASN1_ANY);
  60. /* ITAV means InfoTypeAndValue */
  61. ASN1_ADB(OSSL_CMP_ITAV) = {
  62. /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
  63. ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV,
  64. infoValue.caProtEncCert, X509)),
  65. ADB_ENTRY(NID_id_it_signKeyPairTypes,
  66. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
  67. infoValue.signKeyPairTypes, X509_ALGOR)),
  68. ADB_ENTRY(NID_id_it_encKeyPairTypes,
  69. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
  70. infoValue.encKeyPairTypes, X509_ALGOR)),
  71. ADB_ENTRY(NID_id_it_preferredSymmAlg,
  72. ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg,
  73. X509_ALGOR)),
  74. ADB_ENTRY(NID_id_it_caKeyUpdateInfo,
  75. ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo,
  76. OSSL_CMP_CAKEYUPDANNCONTENT)),
  77. ADB_ENTRY(NID_id_it_currentCRL,
  78. ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)),
  79. ADB_ENTRY(NID_id_it_unsupportedOIDs,
  80. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
  81. infoValue.unsupportedOIDs, ASN1_OBJECT)),
  82. ADB_ENTRY(NID_id_it_keyPairParamReq,
  83. ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq,
  84. ASN1_OBJECT)),
  85. ADB_ENTRY(NID_id_it_keyPairParamRep,
  86. ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep,
  87. X509_ALGOR)),
  88. ADB_ENTRY(NID_id_it_revPassphrase,
  89. ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase,
  90. OSSL_CRMF_ENCRYPTEDVALUE)),
  91. ADB_ENTRY(NID_id_it_implicitConfirm,
  92. ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm,
  93. ASN1_NULL)),
  94. ADB_ENTRY(NID_id_it_confirmWaitTime,
  95. ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime,
  96. ASN1_GENERALIZEDTIME)),
  97. ADB_ENTRY(NID_id_it_origPKIMessage,
  98. ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage,
  99. OSSL_CMP_MSGS)),
  100. ADB_ENTRY(NID_id_it_suppLangTags,
  101. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue,
  102. ASN1_UTF8STRING)),
  103. ADB_ENTRY(NID_id_it_caCerts,
  104. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.caCerts, X509)),
  105. ADB_ENTRY(NID_id_it_rootCaCert,
  106. ASN1_OPT(OSSL_CMP_ITAV, infoValue.rootCaCert, X509)),
  107. ADB_ENTRY(NID_id_it_rootCaKeyUpdate,
  108. ASN1_OPT(OSSL_CMP_ITAV, infoValue.rootCaKeyUpdate,
  109. OSSL_CMP_ROOTCAKEYUPDATE)),
  110. ADB_ENTRY(NID_id_it_certProfile,
  111. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.certProfile,
  112. ASN1_UTF8STRING)),
  113. ADB_ENTRY(NID_id_it_crlStatusList,
  114. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.crlStatusList,
  115. OSSL_CMP_CRLSTATUS)),
  116. ADB_ENTRY(NID_id_it_crls,
  117. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.crls, X509_CRL))
  118. } ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0,
  119. &infotypeandvalue_default_tt, NULL);
  120. ASN1_SEQUENCE(OSSL_CMP_ITAV) = {
  121. ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT),
  122. ASN1_ADB_OBJECT(OSSL_CMP_ITAV)
  123. } ASN1_SEQUENCE_END(OSSL_CMP_ITAV)
  124. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV)
  125. IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
  126. ASN1_SEQUENCE(OSSL_CMP_ROOTCAKEYUPDATE) = {
  127. /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
  128. ASN1_SIMPLE(OSSL_CMP_ROOTCAKEYUPDATE, newWithNew, X509),
  129. ASN1_EXP_OPT(OSSL_CMP_ROOTCAKEYUPDATE, newWithOld, X509, 0),
  130. ASN1_EXP_OPT(OSSL_CMP_ROOTCAKEYUPDATE, oldWithNew, X509, 1)
  131. } ASN1_SEQUENCE_END(OSSL_CMP_ROOTCAKEYUPDATE)
  132. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ROOTCAKEYUPDATE)
  133. ASN1_CHOICE(OSSL_CMP_CRLSOURCE) = {
  134. ASN1_EXP(OSSL_CMP_CRLSOURCE, value.dpn, DIST_POINT_NAME, 0),
  135. ASN1_EXP(OSSL_CMP_CRLSOURCE, value.issuer, GENERAL_NAMES, 1),
  136. } ASN1_CHOICE_END(OSSL_CMP_CRLSOURCE)
  137. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CRLSOURCE)
  138. #define OSSL_CMP_CRLSOURCE_DPN 0
  139. #define OSSL_CMP_CRLSOURCE_ISSUER 1
  140. ASN1_SEQUENCE(OSSL_CMP_CRLSTATUS) = {
  141. ASN1_SIMPLE(OSSL_CMP_CRLSTATUS, source, OSSL_CMP_CRLSOURCE),
  142. ASN1_OPT(OSSL_CMP_CRLSTATUS, thisUpdate, ASN1_TIME)
  143. } ASN1_SEQUENCE_END(OSSL_CMP_CRLSTATUS)
  144. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CRLSTATUS)
  145. OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value)
  146. {
  147. OSSL_CMP_ITAV *itav;
  148. if (type == NULL || (itav = OSSL_CMP_ITAV_new()) == NULL)
  149. return NULL;
  150. OSSL_CMP_ITAV_set0(itav, type, value);
  151. return itav;
  152. }
  153. void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
  154. ASN1_TYPE *value)
  155. {
  156. itav->infoType = type;
  157. itav->infoValue.other = value;
  158. }
  159. ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav)
  160. {
  161. if (itav == NULL)
  162. return NULL;
  163. return itav->infoType;
  164. }
  165. ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav)
  166. {
  167. if (itav == NULL)
  168. return NULL;
  169. return itav->infoValue.other;
  170. }
  171. int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
  172. OSSL_CMP_ITAV *itav)
  173. {
  174. int created = 0;
  175. if (itav_sk_p == NULL || itav == NULL) {
  176. ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
  177. goto err;
  178. }
  179. if (*itav_sk_p == NULL) {
  180. if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL)
  181. goto err;
  182. created = 1;
  183. }
  184. if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav))
  185. goto err;
  186. return 1;
  187. err:
  188. if (created) {
  189. sk_OSSL_CMP_ITAV_free(*itav_sk_p);
  190. *itav_sk_p = NULL;
  191. }
  192. return 0;
  193. }
  194. OSSL_CMP_ITAV
  195. *OSSL_CMP_ITAV_new0_certProfile(STACK_OF(ASN1_UTF8STRING) *certProfile)
  196. {
  197. OSSL_CMP_ITAV *itav;
  198. if ((itav = OSSL_CMP_ITAV_new()) == NULL)
  199. return NULL;
  200. itav->infoType = OBJ_nid2obj(NID_id_it_certProfile);
  201. itav->infoValue.certProfile = certProfile;
  202. return itav;
  203. }
  204. int OSSL_CMP_ITAV_get0_certProfile(const OSSL_CMP_ITAV *itav,
  205. STACK_OF(ASN1_UTF8STRING) **out)
  206. {
  207. if (itav == NULL || out == NULL) {
  208. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
  209. return 0;
  210. }
  211. if (OBJ_obj2nid(itav->infoType) != NID_id_it_certProfile) {
  212. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
  213. return 0;
  214. }
  215. *out = itav->infoValue.certProfile;
  216. return 1;
  217. }
  218. OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts)
  219. {
  220. OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new();
  221. if (itav == NULL)
  222. return NULL;
  223. if (sk_X509_num(caCerts) > 0
  224. && (itav->infoValue.caCerts =
  225. sk_X509_deep_copy(caCerts, X509_dup, X509_free)) == NULL) {
  226. OSSL_CMP_ITAV_free(itav);
  227. return NULL;
  228. }
  229. itav->infoType = OBJ_nid2obj(NID_id_it_caCerts);
  230. return itav;
  231. }
  232. int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out)
  233. {
  234. if (itav == NULL || out == NULL) {
  235. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
  236. return 0;
  237. }
  238. if (OBJ_obj2nid(itav->infoType) != NID_id_it_caCerts) {
  239. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
  240. return 0;
  241. }
  242. *out = sk_X509_num(itav->infoValue.caCerts) > 0
  243. ? itav->infoValue.caCerts : NULL;
  244. return 1;
  245. }
  246. OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert)
  247. {
  248. OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new();
  249. if (itav == NULL)
  250. return NULL;
  251. if (rootCaCert != NULL
  252. && (itav->infoValue.rootCaCert = X509_dup(rootCaCert)) == NULL) {
  253. OSSL_CMP_ITAV_free(itav);
  254. return NULL;
  255. }
  256. itav->infoType = OBJ_nid2obj(NID_id_it_rootCaCert);
  257. return itav;
  258. }
  259. int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out)
  260. {
  261. if (itav == NULL || out == NULL) {
  262. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
  263. return 0;
  264. }
  265. if (OBJ_obj2nid(itav->infoType) != NID_id_it_rootCaCert) {
  266. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
  267. return 0;
  268. }
  269. *out = itav->infoValue.rootCaCert;
  270. return 1;
  271. }
  272. OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
  273. const X509 *newWithOld,
  274. const X509 *oldWithNew)
  275. {
  276. OSSL_CMP_ITAV *itav;
  277. OSSL_CMP_ROOTCAKEYUPDATE *upd = NULL;
  278. if (newWithNew != NULL) {
  279. upd = OSSL_CMP_ROOTCAKEYUPDATE_new();
  280. if (upd == NULL)
  281. return NULL;
  282. if ((upd->newWithNew = X509_dup(newWithNew)) == NULL)
  283. goto err;
  284. if (newWithOld != NULL
  285. && (upd->newWithOld = X509_dup(newWithOld)) == NULL)
  286. goto err;
  287. if (oldWithNew != NULL
  288. && (upd->oldWithNew = X509_dup(oldWithNew)) == NULL)
  289. goto err;
  290. }
  291. if ((itav = OSSL_CMP_ITAV_new()) == NULL)
  292. goto err;
  293. itav->infoType = OBJ_nid2obj(NID_id_it_rootCaKeyUpdate);
  294. itav->infoValue.rootCaKeyUpdate = upd;
  295. return itav;
  296. err:
  297. OSSL_CMP_ROOTCAKEYUPDATE_free(upd);
  298. return NULL;
  299. }
  300. int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
  301. X509 **newWithNew,
  302. X509 **newWithOld,
  303. X509 **oldWithNew)
  304. {
  305. OSSL_CMP_ROOTCAKEYUPDATE *upd;
  306. if (itav == NULL || newWithNew == NULL) {
  307. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
  308. return 0;
  309. }
  310. if (OBJ_obj2nid(itav->infoType) != NID_id_it_rootCaKeyUpdate) {
  311. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
  312. return 0;
  313. }
  314. upd = itav->infoValue.rootCaKeyUpdate;
  315. *newWithNew = upd != NULL ? upd->newWithNew : NULL;
  316. if (newWithOld != NULL)
  317. *newWithOld = upd != NULL ? upd->newWithOld : NULL;
  318. if (oldWithNew != NULL)
  319. *oldWithNew = upd != NULL ? upd->oldWithNew : NULL;
  320. return 1;
  321. }
  322. OSSL_CMP_ITAV
  323. *OSSL_CMP_ITAV_new0_crlStatusList(STACK_OF(OSSL_CMP_CRLSTATUS) *crlStatusList)
  324. {
  325. OSSL_CMP_ITAV *itav;
  326. if ((itav = OSSL_CMP_ITAV_new()) == NULL)
  327. return NULL;
  328. itav->infoType = OBJ_nid2obj(NID_id_it_crlStatusList);
  329. itav->infoValue.crlStatusList = crlStatusList;
  330. return itav;
  331. }
  332. int OSSL_CMP_ITAV_get0_crlStatusList(const OSSL_CMP_ITAV *itav,
  333. STACK_OF(OSSL_CMP_CRLSTATUS) **out)
  334. {
  335. if (itav == NULL || out == NULL) {
  336. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
  337. return 0;
  338. }
  339. if (OBJ_obj2nid(itav->infoType) != NID_id_it_crlStatusList) {
  340. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
  341. return 0;
  342. }
  343. *out = itav->infoValue.crlStatusList;
  344. return 1;
  345. }
  346. OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_new1(const DIST_POINT_NAME *dpn,
  347. const GENERAL_NAMES *issuer,
  348. const ASN1_TIME *thisUpdate)
  349. {
  350. OSSL_CMP_CRLSOURCE *crlsource;
  351. OSSL_CMP_CRLSTATUS *crlstatus;
  352. if (dpn == NULL && issuer == NULL) {
  353. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
  354. return NULL;
  355. }
  356. if (dpn != NULL && issuer != NULL) {
  357. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
  358. return NULL;
  359. }
  360. if ((crlstatus = OSSL_CMP_CRLSTATUS_new()) == NULL)
  361. return NULL;
  362. crlsource = crlstatus->source;
  363. if (dpn != NULL) {
  364. crlsource->type = OSSL_CMP_CRLSOURCE_DPN;
  365. if ((crlsource->value.dpn = DIST_POINT_NAME_dup(dpn)) == NULL)
  366. goto err;
  367. } else {
  368. crlsource->type = OSSL_CMP_CRLSOURCE_ISSUER;
  369. if ((crlsource->value.issuer =
  370. sk_GENERAL_NAME_deep_copy(issuer, GENERAL_NAME_dup,
  371. GENERAL_NAME_free)) == NULL)
  372. goto err;
  373. }
  374. if (thisUpdate != NULL
  375. && (crlstatus->thisUpdate = ASN1_TIME_dup(thisUpdate)) == NULL)
  376. goto err;
  377. return crlstatus;
  378. err:
  379. OSSL_CMP_CRLSTATUS_free(crlstatus);
  380. return NULL;
  381. }
  382. static GENERAL_NAMES *gennames_new(const X509_NAME *nm)
  383. {
  384. GENERAL_NAMES *names;
  385. GENERAL_NAME *name = NULL;
  386. if ((names = sk_GENERAL_NAME_new_reserve(NULL, 1)) == NULL)
  387. return NULL;
  388. if (!GENERAL_NAME_set1_X509_NAME(&name, nm)) {
  389. sk_GENERAL_NAME_free(names);
  390. return NULL;
  391. }
  392. (void)sk_GENERAL_NAME_push(names, name); /* cannot fail */
  393. return names;
  394. }
  395. static int gennames_allowed(GENERAL_NAMES *names, int only_DN)
  396. {
  397. if (names == NULL)
  398. return 0;
  399. if (!only_DN)
  400. return 1;
  401. return sk_GENERAL_NAME_num(names) == 1
  402. && sk_GENERAL_NAME_value(names, 0)->type == GEN_DIRNAME;
  403. }
  404. OSSL_CMP_CRLSTATUS *OSSL_CMP_CRLSTATUS_create(const X509_CRL *crl,
  405. const X509 *cert, int only_DN)
  406. {
  407. STACK_OF(DIST_POINT) *crldps = NULL;
  408. ISSUING_DIST_POINT *idp = NULL;
  409. DIST_POINT_NAME *dpn = NULL;
  410. AUTHORITY_KEYID *akid = NULL;
  411. GENERAL_NAMES *issuers = NULL;
  412. const GENERAL_NAMES *CRLissuer = NULL;
  413. const ASN1_TIME *last = crl == NULL ? NULL : X509_CRL_get0_lastUpdate(crl);
  414. OSSL_CMP_CRLSTATUS *status = NULL;
  415. int i, NID_akid = NID_authority_key_identifier;
  416. /*
  417. * Note:
  418. * X509{,_CRL}_get_ext_d2i(..., NID, ..., NULL) return the 1st extension with
  419. * given NID that is available, if any. If there are more, this is an error.
  420. */
  421. if (cert != NULL) {
  422. crldps = X509_get_ext_d2i(cert, NID_crl_distribution_points, NULL, NULL);
  423. /* if available, take the first suitable element */
  424. for (i = 0; i < sk_DIST_POINT_num(crldps); i++) {
  425. DIST_POINT *dp = sk_DIST_POINT_value(crldps, i);
  426. if (dp == NULL)
  427. continue;
  428. if ((dpn = dp->distpoint) != NULL) {
  429. CRLissuer = NULL;
  430. break;
  431. }
  432. if (gennames_allowed(dp->CRLissuer, only_DN) && CRLissuer == NULL)
  433. /* don't break because any dp->distpoint in list is preferred */
  434. CRLissuer = dp->CRLissuer;
  435. }
  436. } else {
  437. if (crl == NULL) {
  438. ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
  439. return NULL;
  440. }
  441. idp = X509_CRL_get_ext_d2i(crl,
  442. NID_issuing_distribution_point, NULL, NULL);
  443. if (idp != NULL && idp->distpoint != NULL)
  444. dpn = idp->distpoint;
  445. }
  446. if (dpn == NULL && CRLissuer == NULL) {
  447. if (cert != NULL) {
  448. akid = X509_get_ext_d2i(cert, NID_akid, NULL, NULL);
  449. if (akid != NULL && gennames_allowed(akid->issuer, only_DN))
  450. CRLissuer = akid->issuer;
  451. else
  452. CRLissuer = issuers = gennames_new(X509_get_issuer_name(cert));
  453. }
  454. if (CRLissuer == NULL && crl != NULL) {
  455. akid = X509_CRL_get_ext_d2i(crl, NID_akid, NULL, NULL);
  456. if (akid != NULL && gennames_allowed(akid->issuer, only_DN))
  457. CRLissuer = akid->issuer;
  458. else
  459. CRLissuer = issuers = gennames_new(X509_CRL_get_issuer(crl));
  460. }
  461. if (CRLissuer == NULL)
  462. goto end;
  463. }
  464. status = OSSL_CMP_CRLSTATUS_new1(dpn, CRLissuer, last);
  465. end:
  466. sk_DIST_POINT_pop_free(crldps, DIST_POINT_free);
  467. ISSUING_DIST_POINT_free(idp);
  468. AUTHORITY_KEYID_free(akid);
  469. sk_GENERAL_NAME_pop_free(issuers, GENERAL_NAME_free);
  470. return status;
  471. }
  472. int OSSL_CMP_CRLSTATUS_get0(const OSSL_CMP_CRLSTATUS *crlstatus,
  473. DIST_POINT_NAME **dpn, GENERAL_NAMES **issuer,
  474. ASN1_TIME **thisUpdate)
  475. {
  476. OSSL_CMP_CRLSOURCE *crlsource;
  477. if (crlstatus == NULL || dpn == NULL || issuer == NULL) {
  478. ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
  479. return 0;
  480. }
  481. if ((crlsource = crlstatus->source) == NULL) {
  482. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
  483. return 0;
  484. }
  485. if (crlsource->type == OSSL_CMP_CRLSOURCE_DPN) {
  486. *dpn = crlsource->value.dpn;
  487. *issuer = NULL;
  488. } else if (crlsource->type == OSSL_CMP_CRLSOURCE_ISSUER) {
  489. *dpn = NULL;
  490. *issuer = crlsource->value.issuer;
  491. } else {
  492. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
  493. return 0;
  494. }
  495. if (thisUpdate != NULL)
  496. *thisUpdate = crlstatus->thisUpdate;
  497. return 1;
  498. }
  499. OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_crls(const X509_CRL *crl)
  500. {
  501. OSSL_CMP_ITAV *itav;
  502. X509_CRL *crl_copy = NULL;
  503. STACK_OF(X509_CRL) *crls = NULL;
  504. if ((itav = OSSL_CMP_ITAV_new()) == NULL)
  505. return NULL;
  506. if (crl != NULL) {
  507. if ((crls = sk_X509_CRL_new_reserve(NULL, 1)) == NULL
  508. || (crl_copy = X509_CRL_dup(crl)) == NULL)
  509. goto err;
  510. (void)sk_X509_CRL_push(crls, crl_copy); /* cannot fail */
  511. }
  512. itav->infoType = OBJ_nid2obj(NID_id_it_crls);
  513. itav->infoValue.crls = crls;
  514. return itav;
  515. err:
  516. sk_X509_CRL_free(crls);
  517. OSSL_CMP_ITAV_free(itav);
  518. return NULL;
  519. }
  520. int OSSL_CMP_ITAV_get0_crls(const OSSL_CMP_ITAV *itav, STACK_OF(X509_CRL) **out)
  521. {
  522. if (itav == NULL || out == NULL) {
  523. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
  524. return 0;
  525. }
  526. if (OBJ_obj2nid(itav->infoType) != NID_id_it_crls) {
  527. ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
  528. return 0;
  529. }
  530. *out = itav->infoValue.crls;
  531. return 1;
  532. }
  533. /* get ASN.1 encoded integer, return -2 on error; -1 is valid for certReqId */
  534. int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a)
  535. {
  536. int64_t res;
  537. if (!ASN1_INTEGER_get_int64(&res, a)) {
  538. ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER);
  539. return -2;
  540. }
  541. if (res < INT_MIN) {
  542. ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL);
  543. return -2;
  544. }
  545. if (res > INT_MAX) {
  546. ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE);
  547. return -2;
  548. }
  549. return (int)res;
  550. }
  551. static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval,
  552. ossl_unused const ASN1_ITEM *it, void *exarg)
  553. {
  554. OSSL_CMP_MSG *msg = (OSSL_CMP_MSG *)*pval;
  555. switch (operation) {
  556. case ASN1_OP_FREE_POST:
  557. OPENSSL_free(msg->propq);
  558. break;
  559. case ASN1_OP_DUP_POST:
  560. {
  561. OSSL_CMP_MSG *old = exarg;
  562. if (!ossl_cmp_msg_set0_libctx(msg, old->libctx, old->propq))
  563. return 0;
  564. }
  565. break;
  566. case ASN1_OP_GET0_LIBCTX:
  567. {
  568. OSSL_LIB_CTX **libctx = exarg;
  569. *libctx = msg->libctx;
  570. }
  571. break;
  572. case ASN1_OP_GET0_PROPQ:
  573. {
  574. const char **propq = exarg;
  575. *propq = msg->propq;
  576. }
  577. break;
  578. default:
  579. break;
  580. }
  581. return 1;
  582. }
  583. ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = {
  584. /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
  585. ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0),
  586. ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert,
  587. OSSL_CRMF_ENCRYPTEDVALUE, 1),
  588. } ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT)
  589. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)
  590. ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
  591. ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert,
  592. OSSL_CMP_CERTORENCCERT),
  593. ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey,
  594. OSSL_CRMF_ENCRYPTEDVALUE, 0),
  595. ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo,
  596. OSSL_CRMF_PKIPUBLICATIONINFO, 1)
  597. } ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR)
  598. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)
  599. ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = {
  600. ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE),
  601. ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS)
  602. } ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS)
  603. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)
  604. ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) =
  605. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT,
  606. OSSL_CMP_REVDETAILS)
  607. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT)
  608. ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
  609. ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI),
  610. ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID,
  611. 0),
  612. ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1)
  613. } ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT)
  614. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)
  615. ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
  616. ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI),
  617. ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0),
  618. ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1),
  619. ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist,
  620. OSSL_CMP_CERTIFIEDKEYPAIR, 2)
  621. } ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT)
  622. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)
  623. ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) =
  624. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER)
  625. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS)
  626. ASN1_SEQUENCE(OSSL_CMP_PKISI) = {
  627. ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS),
  628. /* OSSL_CMP_PKIFREETEXT is a ASN1_UTF8STRING sequence, so used directly */
  629. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING),
  630. /* OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING, used directly */
  631. ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING)
  632. } ASN1_SEQUENCE_END(OSSL_CMP_PKISI)
  633. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
  634. IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
  635. ASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = {
  636. ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING),
  637. ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER),
  638. ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI),
  639. ASN1_EXP_OPT(OSSL_CMP_CERTSTATUS, hashAlg, X509_ALGOR, 0)
  640. } ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS)
  641. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS)
  642. ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) =
  643. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT,
  644. OSSL_CMP_CERTSTATUS)
  645. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT)
  646. ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = {
  647. ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER),
  648. ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI),
  649. ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair,
  650. OSSL_CMP_CERTIFIEDKEYPAIR),
  651. ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING)
  652. } ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE)
  653. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE)
  654. ASN1_SEQUENCE(OSSL_CMP_POLLREQ) = {
  655. ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER)
  656. } ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ)
  657. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ)
  658. ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) =
  659. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT,
  660. OSSL_CMP_POLLREQ)
  661. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT)
  662. ASN1_SEQUENCE(OSSL_CMP_POLLREP) = {
  663. ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER),
  664. ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER),
  665. ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING),
  666. } ASN1_SEQUENCE_END(OSSL_CMP_POLLREP)
  667. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP)
  668. ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) =
  669. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
  670. OSSL_CMP_POLLREPCONTENT,
  671. OSSL_CMP_POLLREP)
  672. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT)
  673. ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = {
  674. /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
  675. ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1),
  676. ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE)
  677. } ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE)
  678. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE)
  679. ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) =
  680. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT,
  681. OSSL_CMP_ITAV)
  682. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT)
  683. ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) =
  684. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT,
  685. OSSL_CMP_ITAV)
  686. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT)
  687. ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) =
  688. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
  689. OSSL_CMP_CRLANNCONTENT, X509_CRL)
  690. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT)
  691. ASN1_CHOICE(OSSL_CMP_PKIBODY) = {
  692. ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0),
  693. ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1),
  694. ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2),
  695. ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3),
  696. ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4),
  697. ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc,
  698. OSSL_CMP_POPODECKEYCHALLCONTENT, 5),
  699. ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr,
  700. OSSL_CMP_POPODECKEYRESPCONTENT, 6),
  701. ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7),
  702. ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8),
  703. ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9),
  704. ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10),
  705. ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11),
  706. ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12),
  707. ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13),
  708. ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14),
  709. ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15),
  710. ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16),
  711. ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17),
  712. ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18),
  713. ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19),
  714. ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20),
  715. ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21),
  716. ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22),
  717. ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23),
  718. ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24),
  719. ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25),
  720. ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26),
  721. } ASN1_CHOICE_END(OSSL_CMP_PKIBODY)
  722. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY)
  723. ASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = {
  724. ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER),
  725. ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME),
  726. ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME),
  727. ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0),
  728. ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1),
  729. ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2),
  730. ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3),
  731. ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4),
  732. ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5),
  733. ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6),
  734. /* OSSL_CMP_PKIFREETEXT is a ASN1_UTF8STRING sequence, so used directly */
  735. ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7),
  736. ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo,
  737. OSSL_CMP_ITAV, 8)
  738. } ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER)
  739. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
  740. ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = {
  741. ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
  742. ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY)
  743. } ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART)
  744. IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART)
  745. ASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = {
  746. ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
  747. ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY),
  748. ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0),
  749. /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
  750. ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1)
  751. } ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG)
  752. IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
  753. ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) =
  754. ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS,
  755. OSSL_CMP_MSG)
  756. ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS)