/src/openssl32/crypto/cmp/cmp_asn.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * Copyright Nokia 2007-2019 |
4 | | * Copyright Siemens AG 2015-2019 |
5 | | * |
6 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
7 | | * this file except in compliance with the License. You can obtain a copy |
8 | | * in the file LICENSE in the source distribution or at |
9 | | * https://www.openssl.org/source/license.html |
10 | | */ |
11 | | |
12 | | #include <openssl/asn1t.h> |
13 | | |
14 | | #include "cmp_local.h" |
15 | | |
16 | | /* explicit #includes not strictly needed since implied by the above: */ |
17 | | #include <openssl/cmp.h> |
18 | | #include <openssl/crmf.h> |
19 | | |
20 | | /* ASN.1 declarations from RFC4210 */ |
21 | | ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = { |
22 | | /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */ |
23 | | ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER), |
24 | | ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID), |
25 | | ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME), |
26 | | ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME), |
27 | | ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS) |
28 | | } ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT) |
29 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT) |
30 | | |
31 | | ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = { |
32 | | ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR), |
33 | | ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING), |
34 | | ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING) |
35 | | } ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE) |
36 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE) |
37 | | |
38 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) = |
39 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, |
40 | | OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE) |
41 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT) |
42 | | |
43 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) = |
44 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, |
45 | | OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER) |
46 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT) |
47 | | |
48 | | ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = { |
49 | | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
50 | | ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509), |
51 | | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
52 | | ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509), |
53 | | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
54 | | ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509) |
55 | | } ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT) |
56 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT) |
57 | | |
58 | | ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = { |
59 | | ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI), |
60 | | ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER), |
61 | | /* |
62 | | * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING |
63 | | * so it is used directly |
64 | | * |
65 | | */ |
66 | | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails, |
67 | | ASN1_UTF8STRING) |
68 | | } ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT) |
69 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) |
70 | | |
71 | | ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV, |
72 | | infoValue.other, |
73 | | ASN1_ANY); |
74 | | /* ITAV means InfoTypeAndValue */ |
75 | | ASN1_ADB(OSSL_CMP_ITAV) = { |
76 | | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
77 | | ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV, |
78 | | infoValue.caProtEncCert, X509)), |
79 | | ADB_ENTRY(NID_id_it_signKeyPairTypes, |
80 | | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, |
81 | | infoValue.signKeyPairTypes, X509_ALGOR)), |
82 | | ADB_ENTRY(NID_id_it_encKeyPairTypes, |
83 | | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, |
84 | | infoValue.encKeyPairTypes, X509_ALGOR)), |
85 | | ADB_ENTRY(NID_id_it_preferredSymmAlg, |
86 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg, |
87 | | X509_ALGOR)), |
88 | | ADB_ENTRY(NID_id_it_caKeyUpdateInfo, |
89 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo, |
90 | | OSSL_CMP_CAKEYUPDANNCONTENT)), |
91 | | ADB_ENTRY(NID_id_it_currentCRL, |
92 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)), |
93 | | ADB_ENTRY(NID_id_it_unsupportedOIDs, |
94 | | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, |
95 | | infoValue.unsupportedOIDs, ASN1_OBJECT)), |
96 | | ADB_ENTRY(NID_id_it_keyPairParamReq, |
97 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq, |
98 | | ASN1_OBJECT)), |
99 | | ADB_ENTRY(NID_id_it_keyPairParamRep, |
100 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep, |
101 | | X509_ALGOR)), |
102 | | ADB_ENTRY(NID_id_it_revPassphrase, |
103 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase, |
104 | | OSSL_CRMF_ENCRYPTEDVALUE)), |
105 | | ADB_ENTRY(NID_id_it_implicitConfirm, |
106 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm, |
107 | | ASN1_NULL)), |
108 | | ADB_ENTRY(NID_id_it_confirmWaitTime, |
109 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime, |
110 | | ASN1_GENERALIZEDTIME)), |
111 | | ADB_ENTRY(NID_id_it_origPKIMessage, |
112 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage, |
113 | | OSSL_CMP_MSGS)), |
114 | | ADB_ENTRY(NID_id_it_suppLangTags, |
115 | | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue, |
116 | | ASN1_UTF8STRING)), |
117 | | ADB_ENTRY(NID_id_it_caCerts, |
118 | | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.caCerts, X509)), |
119 | | ADB_ENTRY(NID_id_it_rootCaCert, |
120 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.rootCaCert, X509)), |
121 | | ADB_ENTRY(NID_id_it_rootCaKeyUpdate, |
122 | | ASN1_OPT(OSSL_CMP_ITAV, infoValue.rootCaKeyUpdate, |
123 | | OSSL_CMP_ROOTCAKEYUPDATE)), |
124 | | } ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0, |
125 | | &infotypeandvalue_default_tt, NULL); |
126 | | |
127 | | ASN1_SEQUENCE(OSSL_CMP_ITAV) = { |
128 | | ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT), |
129 | | ASN1_ADB_OBJECT(OSSL_CMP_ITAV) |
130 | | } ASN1_SEQUENCE_END(OSSL_CMP_ITAV) |
131 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV) |
132 | | IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) |
133 | | |
134 | | ASN1_SEQUENCE(OSSL_CMP_ROOTCAKEYUPDATE) = { |
135 | | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
136 | | ASN1_SIMPLE(OSSL_CMP_ROOTCAKEYUPDATE, newWithNew, X509), |
137 | | ASN1_EXP_OPT(OSSL_CMP_ROOTCAKEYUPDATE, newWithOld, X509, 0), |
138 | | ASN1_EXP_OPT(OSSL_CMP_ROOTCAKEYUPDATE, oldWithNew, X509, 1) |
139 | | } ASN1_SEQUENCE_END(OSSL_CMP_ROOTCAKEYUPDATE) |
140 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ROOTCAKEYUPDATE) |
141 | | |
142 | | OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value) |
143 | 0 | { |
144 | 0 | OSSL_CMP_ITAV *itav; |
145 | |
|
146 | 0 | if (type == NULL || (itav = OSSL_CMP_ITAV_new()) == NULL) |
147 | 0 | return NULL; |
148 | 0 | OSSL_CMP_ITAV_set0(itav, type, value); |
149 | 0 | return itav; |
150 | 0 | } |
151 | | |
152 | | void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, |
153 | | ASN1_TYPE *value) |
154 | 0 | { |
155 | 0 | itav->infoType = type; |
156 | 0 | itav->infoValue.other = value; |
157 | 0 | } |
158 | | |
159 | | ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav) |
160 | 0 | { |
161 | 0 | if (itav == NULL) |
162 | 0 | return NULL; |
163 | 0 | return itav->infoType; |
164 | 0 | } |
165 | | |
166 | | ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav) |
167 | 0 | { |
168 | 0 | if (itav == NULL) |
169 | 0 | return NULL; |
170 | 0 | return itav->infoValue.other; |
171 | 0 | } |
172 | | |
173 | | int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, |
174 | | OSSL_CMP_ITAV *itav) |
175 | 0 | { |
176 | 0 | int created = 0; |
177 | |
|
178 | 0 | if (itav_sk_p == NULL || itav == NULL) { |
179 | 0 | ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); |
180 | 0 | goto err; |
181 | 0 | } |
182 | | |
183 | 0 | if (*itav_sk_p == NULL) { |
184 | 0 | if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL) |
185 | 0 | goto err; |
186 | 0 | created = 1; |
187 | 0 | } |
188 | 0 | if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav)) |
189 | 0 | goto err; |
190 | 0 | return 1; |
191 | | |
192 | 0 | err: |
193 | 0 | if (created != 0) { |
194 | 0 | sk_OSSL_CMP_ITAV_free(*itav_sk_p); |
195 | 0 | *itav_sk_p = NULL; |
196 | 0 | } |
197 | 0 | return 0; |
198 | 0 | } |
199 | | |
200 | | OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts) |
201 | 0 | { |
202 | 0 | OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(); |
203 | |
|
204 | 0 | if (itav == NULL) |
205 | 0 | return NULL; |
206 | 0 | if (sk_X509_num(caCerts) > 0 |
207 | 0 | && (itav->infoValue.caCerts = |
208 | 0 | sk_X509_deep_copy(caCerts, X509_dup, X509_free)) == NULL) { |
209 | 0 | OSSL_CMP_ITAV_free(itav); |
210 | 0 | return NULL; |
211 | 0 | } |
212 | 0 | itav->infoType = OBJ_nid2obj(NID_id_it_caCerts); |
213 | 0 | return itav; |
214 | 0 | } |
215 | | |
216 | | int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out) |
217 | 0 | { |
218 | 0 | if (itav == NULL || out == NULL) { |
219 | 0 | ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER); |
220 | 0 | return 0; |
221 | 0 | } |
222 | 0 | if (OBJ_obj2nid(itav->infoType) != NID_id_it_caCerts) { |
223 | 0 | ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT); |
224 | 0 | return 0; |
225 | 0 | } |
226 | 0 | *out = sk_X509_num(itav->infoValue.caCerts) > 0 |
227 | 0 | ? itav->infoValue.caCerts : NULL; |
228 | 0 | return 1; |
229 | 0 | } |
230 | | |
231 | | OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert) |
232 | 0 | { |
233 | 0 | OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(); |
234 | |
|
235 | 0 | if (itav == NULL) |
236 | 0 | return NULL; |
237 | 0 | if (rootCaCert != NULL |
238 | 0 | && (itav->infoValue.rootCaCert = X509_dup(rootCaCert)) == NULL) { |
239 | 0 | OSSL_CMP_ITAV_free(itav); |
240 | 0 | return NULL; |
241 | 0 | } |
242 | 0 | itav->infoType = OBJ_nid2obj(NID_id_it_rootCaCert); |
243 | 0 | return itav; |
244 | 0 | } |
245 | | |
246 | | int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out) |
247 | 0 | { |
248 | 0 | if (itav == NULL || out == NULL) { |
249 | 0 | ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER); |
250 | 0 | return 0; |
251 | 0 | } |
252 | 0 | if (OBJ_obj2nid(itav->infoType) != NID_id_it_rootCaCert) { |
253 | 0 | ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT); |
254 | 0 | return 0; |
255 | 0 | } |
256 | 0 | *out = itav->infoValue.rootCaCert; |
257 | 0 | return 1; |
258 | 0 | } |
259 | | OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew, |
260 | | const X509 *newWithOld, |
261 | | const X509 *oldWithNew) |
262 | 0 | { |
263 | 0 | OSSL_CMP_ITAV *itav; |
264 | 0 | OSSL_CMP_ROOTCAKEYUPDATE *upd = NULL; |
265 | |
|
266 | 0 | if (newWithNew != NULL) { |
267 | 0 | upd = OSSL_CMP_ROOTCAKEYUPDATE_new(); |
268 | 0 | if (upd == NULL) |
269 | 0 | return NULL; |
270 | | |
271 | 0 | if ((upd->newWithNew = X509_dup(newWithNew)) == NULL) |
272 | 0 | goto err; |
273 | 0 | if (newWithOld != NULL |
274 | 0 | && (upd->newWithOld = X509_dup(newWithOld)) == NULL) |
275 | 0 | goto err; |
276 | 0 | if (oldWithNew != NULL |
277 | 0 | && (upd->oldWithNew = X509_dup(oldWithNew)) == NULL) |
278 | 0 | goto err; |
279 | 0 | } |
280 | | |
281 | 0 | if ((itav = OSSL_CMP_ITAV_new()) == NULL) |
282 | 0 | goto err; |
283 | 0 | itav->infoType = OBJ_nid2obj(NID_id_it_rootCaKeyUpdate); |
284 | 0 | itav->infoValue.rootCaKeyUpdate = upd; |
285 | 0 | return itav; |
286 | | |
287 | 0 | err: |
288 | 0 | OSSL_CMP_ROOTCAKEYUPDATE_free(upd); |
289 | 0 | return NULL; |
290 | 0 | } |
291 | | |
292 | | int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav, |
293 | | X509 **newWithNew, |
294 | | X509 **newWithOld, |
295 | | X509 **oldWithNew) |
296 | 0 | { |
297 | 0 | OSSL_CMP_ROOTCAKEYUPDATE *upd; |
298 | |
|
299 | 0 | if (itav == NULL || newWithNew == NULL) { |
300 | 0 | ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER); |
301 | 0 | return 0; |
302 | 0 | } |
303 | 0 | if (OBJ_obj2nid(itav->infoType) != NID_id_it_rootCaKeyUpdate) { |
304 | 0 | ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT); |
305 | 0 | return 0; |
306 | 0 | } |
307 | 0 | upd = itav->infoValue.rootCaKeyUpdate; |
308 | 0 | *newWithNew = upd != NULL ? upd->newWithNew : NULL; |
309 | 0 | if (newWithOld != NULL) |
310 | 0 | *newWithOld = upd != NULL ? upd->newWithOld : NULL; |
311 | 0 | if (oldWithNew != NULL) |
312 | 0 | *oldWithNew = upd != NULL ? upd->oldWithNew : NULL; |
313 | 0 | return 1; |
314 | 0 | } |
315 | | |
316 | | /* get ASN.1 encoded integer, return -2 on error; -1 is valid for certReqId */ |
317 | | int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a) |
318 | 510 | { |
319 | 510 | int64_t res; |
320 | | |
321 | 510 | if (!ASN1_INTEGER_get_int64(&res, a)) { |
322 | 17 | ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER); |
323 | 17 | return -2; |
324 | 17 | } |
325 | 493 | if (res < INT_MIN) { |
326 | 178 | ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL); |
327 | 178 | return -2; |
328 | 178 | } |
329 | 315 | if (res > INT_MAX) { |
330 | 20 | ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE); |
331 | 20 | return -2; |
332 | 20 | } |
333 | 295 | return (int)res; |
334 | 315 | } |
335 | | |
336 | | static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval, |
337 | | const ASN1_ITEM *it, void *exarg) |
338 | 1.24M | { |
339 | 1.24M | OSSL_CMP_MSG *msg = (OSSL_CMP_MSG *)*pval; |
340 | | |
341 | 1.24M | switch (operation) { |
342 | 125k | case ASN1_OP_FREE_POST: |
343 | 125k | OPENSSL_free(msg->propq); |
344 | 125k | break; |
345 | | |
346 | 0 | case ASN1_OP_DUP_POST: |
347 | 0 | { |
348 | 0 | OSSL_CMP_MSG *old = exarg; |
349 | |
|
350 | 0 | if (!ossl_cmp_msg_set0_libctx(msg, old->libctx, old->propq)) |
351 | 0 | return 0; |
352 | 0 | } |
353 | 0 | break; |
354 | 0 | case ASN1_OP_GET0_LIBCTX: |
355 | 0 | { |
356 | 0 | OSSL_LIB_CTX **libctx = exarg; |
357 | |
|
358 | 0 | *libctx = msg->libctx; |
359 | 0 | } |
360 | 0 | break; |
361 | 0 | case ASN1_OP_GET0_PROPQ: |
362 | 0 | { |
363 | 0 | const char **propq = exarg; |
364 | |
|
365 | 0 | *propq = msg->propq; |
366 | 0 | } |
367 | 0 | break; |
368 | 1.12M | default: |
369 | 1.12M | break; |
370 | 1.24M | } |
371 | | |
372 | 1.24M | return 1; |
373 | 1.24M | } |
374 | | |
375 | | ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = { |
376 | | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
377 | | ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0), |
378 | | ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert, |
379 | | OSSL_CRMF_ENCRYPTEDVALUE, 1), |
380 | | } ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT) |
381 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT) |
382 | | |
383 | | ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = { |
384 | | ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert, |
385 | | OSSL_CMP_CERTORENCCERT), |
386 | | ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey, |
387 | | OSSL_CRMF_ENCRYPTEDVALUE, 0), |
388 | | ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo, |
389 | | OSSL_CRMF_PKIPUBLICATIONINFO, 1) |
390 | | } ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR) |
391 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR) |
392 | | |
393 | | ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = { |
394 | | ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE), |
395 | | ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS) |
396 | | } ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS) |
397 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS) |
398 | | |
399 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) = |
400 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT, |
401 | | OSSL_CMP_REVDETAILS) |
402 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT) |
403 | | |
404 | | ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = { |
405 | | ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI), |
406 | | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID, |
407 | | 0), |
408 | | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1) |
409 | | } ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT) |
410 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT) |
411 | | |
412 | | ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = { |
413 | | ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI), |
414 | | ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0), |
415 | | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1), |
416 | | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist, |
417 | | OSSL_CMP_CERTIFIEDKEYPAIR, 2) |
418 | | } ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT) |
419 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT) |
420 | | |
421 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) = |
422 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER) |
423 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS) |
424 | | |
425 | | ASN1_SEQUENCE(OSSL_CMP_PKISI) = { |
426 | | ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS), |
427 | | /* |
428 | | * CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING |
429 | | * so it is used directly |
430 | | */ |
431 | | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING), |
432 | | /* |
433 | | * OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING so used directly |
434 | | */ |
435 | | ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING) |
436 | | } ASN1_SEQUENCE_END(OSSL_CMP_PKISI) |
437 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI) |
438 | | IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) |
439 | | |
440 | | ASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = { |
441 | | ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING), |
442 | | ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER), |
443 | | ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI), |
444 | | ASN1_EXP_OPT(OSSL_CMP_CERTSTATUS, hashAlg, X509_ALGOR, 0) |
445 | | } ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS) |
446 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS) |
447 | | |
448 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) = |
449 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT, |
450 | | OSSL_CMP_CERTSTATUS) |
451 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT) |
452 | | |
453 | | ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = { |
454 | | ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER), |
455 | | ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI), |
456 | | ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair, |
457 | | OSSL_CMP_CERTIFIEDKEYPAIR), |
458 | | ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING) |
459 | | } ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE) |
460 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE) |
461 | | |
462 | | ASN1_SEQUENCE(OSSL_CMP_POLLREQ) = { |
463 | | ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER) |
464 | | } ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ) |
465 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ) |
466 | | |
467 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) = |
468 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT, |
469 | | OSSL_CMP_POLLREQ) |
470 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT) |
471 | | |
472 | | ASN1_SEQUENCE(OSSL_CMP_POLLREP) = { |
473 | | ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER), |
474 | | ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER), |
475 | | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING), |
476 | | } ASN1_SEQUENCE_END(OSSL_CMP_POLLREP) |
477 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP) |
478 | | |
479 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) = |
480 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, |
481 | | OSSL_CMP_POLLREPCONTENT, |
482 | | OSSL_CMP_POLLREP) |
483 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT) |
484 | | |
485 | | ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = { |
486 | | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
487 | | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1), |
488 | | ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE) |
489 | | } ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE) |
490 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE) |
491 | | |
492 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) = |
493 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT, |
494 | | OSSL_CMP_ITAV) |
495 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT) |
496 | | |
497 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) = |
498 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT, |
499 | | OSSL_CMP_ITAV) |
500 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT) |
501 | | |
502 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) = |
503 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, |
504 | | OSSL_CMP_CRLANNCONTENT, X509_CRL) |
505 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT) |
506 | | |
507 | | ASN1_CHOICE(OSSL_CMP_PKIBODY) = { |
508 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0), |
509 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1), |
510 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2), |
511 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3), |
512 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4), |
513 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc, |
514 | | OSSL_CMP_POPODECKEYCHALLCONTENT, 5), |
515 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr, |
516 | | OSSL_CMP_POPODECKEYRESPCONTENT, 6), |
517 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7), |
518 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8), |
519 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9), |
520 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10), |
521 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11), |
522 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12), |
523 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13), |
524 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14), |
525 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15), |
526 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16), |
527 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17), |
528 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18), |
529 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19), |
530 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20), |
531 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21), |
532 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22), |
533 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23), |
534 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24), |
535 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25), |
536 | | ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26), |
537 | | } ASN1_CHOICE_END(OSSL_CMP_PKIBODY) |
538 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY) |
539 | | |
540 | | ASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = { |
541 | | ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER), |
542 | | ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME), |
543 | | ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME), |
544 | | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0), |
545 | | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1), |
546 | | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2), |
547 | | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3), |
548 | | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4), |
549 | | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5), |
550 | | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6), |
551 | | /* |
552 | | * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING |
553 | | * so it is used directly |
554 | | */ |
555 | | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7), |
556 | | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo, |
557 | | OSSL_CMP_ITAV, 8) |
558 | | } ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER) |
559 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) |
560 | | |
561 | | ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = { |
562 | | ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), |
563 | | ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY) |
564 | | } ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART) |
565 | | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART) |
566 | | |
567 | | ASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = { |
568 | | ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), |
569 | | ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY), |
570 | | ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0), |
571 | | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
572 | | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1) |
573 | | } ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG) |
574 | | IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) |
575 | | |
576 | | ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = |
577 | | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS, |
578 | | OSSL_CMP_MSG) |
579 | | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS) |