/src/openssl30/crypto/cmp/cmp_asn.c

Source
/*
 * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright Nokia 2007-2019
 * Copyright Siemens AG 2015-2019
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <openssl/asn1t.h>

#include "cmp_local.h"

/* explicit #includes not strictly needed since implied by the above: */
#include <openssl/cmp.h>
#include <openssl/crmf.h>

/* ASN.1 declarations from RFC4210 */
ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
    /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */
    ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER),
    ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID),
    ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME),
    ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME),
    ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS)
} ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)

ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
    ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR),
    ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING),
    ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)

ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
    OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT)

ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
    OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT)

ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
    /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
    ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509),
    /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
    ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509),
    /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
    ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509)
} ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)

ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
    ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI),
    ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER),
    /*
     * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
     * so it is used directly
     *
     */
    ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails,
        ASN1_UTF8STRING)
} ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT)

ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV,
    infoValue.other,
    ASN1_ANY);
/* ITAV means InfoTypeAndValue */
ASN1_ADB(OSSL_CMP_ITAV) = {
    /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
    ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV, infoValue.caProtEncCert, X509)),
    ADB_ENTRY(NID_id_it_signKeyPairTypes,
        ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
            infoValue.signKeyPairTypes, X509_ALGOR)),
    ADB_ENTRY(NID_id_it_encKeyPairTypes,
        ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
            infoValue.encKeyPairTypes, X509_ALGOR)),
    ADB_ENTRY(NID_id_it_preferredSymmAlg,
        ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg,
            X509_ALGOR)),
    ADB_ENTRY(NID_id_it_caKeyUpdateInfo,
        ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo,
            OSSL_CMP_CAKEYUPDANNCONTENT)),
    ADB_ENTRY(NID_id_it_currentCRL,
        ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)),
    ADB_ENTRY(NID_id_it_unsupportedOIDs,
        ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
            infoValue.unsupportedOIDs, ASN1_OBJECT)),
    ADB_ENTRY(NID_id_it_keyPairParamReq,
        ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq,
            ASN1_OBJECT)),
    ADB_ENTRY(NID_id_it_keyPairParamRep,
        ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep,
            X509_ALGOR)),
    ADB_ENTRY(NID_id_it_revPassphrase,
        ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase,
            OSSL_CRMF_ENCRYPTEDVALUE)),
    ADB_ENTRY(NID_id_it_implicitConfirm,
        ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm,
            ASN1_NULL)),
    ADB_ENTRY(NID_id_it_confirmWaitTime,
        ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime,
            ASN1_GENERALIZEDTIME)),
    ADB_ENTRY(NID_id_it_origPKIMessage,
        ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage,
            OSSL_CMP_MSGS)),
    ADB_ENTRY(NID_id_it_suppLangTags,
        ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue,
            ASN1_UTF8STRING)),
} ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0, &infotypeandvalue_default_tt, NULL);

ASN1_SEQUENCE(OSSL_CMP_ITAV) = {
    ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT),
    ASN1_ADB_OBJECT(OSSL_CMP_ITAV)
} ASN1_SEQUENCE_END(OSSL_CMP_ITAV)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV)
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)

OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value)
{
    OSSL_CMP_ITAV *itav;

    if (type == NULL || (itav = OSSL_CMP_ITAV_new()) == NULL)
        return NULL;
    OSSL_CMP_ITAV_set0(itav, type, value);
    return itav;
}

void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
    ASN1_TYPE *value)
{
    itav->infoType = type;
    itav->infoValue.other = value;
}

ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav)
{
    if (itav == NULL)
        return NULL;
    return itav->infoType;
}

ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav)
{
    if (itav == NULL)
        return NULL;
    return itav->infoValue.other;
}

int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
    OSSL_CMP_ITAV *itav)
{
    int created = 0;

    if (itav_sk_p == NULL || itav == NULL) {
        ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
        goto err;
    }

    if (*itav_sk_p == NULL) {
        if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL)
            goto err;
        created = 1;
    }
    if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav))
        goto err;
    return 1;

err:
    if (created != 0) {
        sk_OSSL_CMP_ITAV_free(*itav_sk_p);
        *itav_sk_p = NULL;
    }
    return 0;
}

/* get ASN.1 encoded integer, return -2 on error; -1 is valid for certReqId */
int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a)
{
    int64_t res;

    if (!ASN1_INTEGER_get_int64(&res, a)) {
        ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER);
        return -2;
    }
    if (res < INT_MIN) {
        ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL);
        return -2;
    }
    if (res > INT_MAX) {
        ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE);
        return -2;
    }
    return (int)res;
}

static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval,
    const ASN1_ITEM *it, void *exarg)
{
    OSSL_CMP_MSG *msg = (OSSL_CMP_MSG *)*pval;

    switch (operation) {
    case ASN1_OP_FREE_POST:
        OPENSSL_free(msg->propq);
        break;

    case ASN1_OP_DUP_POST: {
        OSSL_CMP_MSG *old = exarg;

        if (!ossl_cmp_msg_set0_libctx(msg, old->libctx, old->propq))
            return 0;
    } break;
    case ASN1_OP_GET0_LIBCTX: {
        OSSL_LIB_CTX **libctx = exarg;

        *libctx = msg->libctx;
    } break;
    case ASN1_OP_GET0_PROPQ: {
        const char **propq = exarg;

        *propq = msg->propq;
    } break;
    default:
        break;
    }

    return 1;
}

ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = {
    /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
    ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0),
    ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert,
        OSSL_CRMF_ENCRYPTEDVALUE, 1),
} ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)

ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
    ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert,
        OSSL_CMP_CERTORENCCERT),
    ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey,
        OSSL_CRMF_ENCRYPTEDVALUE, 0),
    ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo,
        OSSL_CRMF_PKIPUBLICATIONINFO, 1)
} ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)

ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = {
    ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE),
    ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS)
} ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)

ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT,
    OSSL_CMP_REVDETAILS)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT)

ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
    ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI),
    ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID,
        0),
    ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1)
} ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)

ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
    ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI),
    ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0),
    ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1),
    ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist,
        OSSL_CMP_CERTIFIEDKEYPAIR, 2)
} ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)

ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS)

ASN1_SEQUENCE(OSSL_CMP_PKISI) = {
    ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS),
    /*
     * CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
     * so it is used directly
     */
    ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING),
    /*
     * OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING so used directly
     */
    ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING)
} ASN1_SEQUENCE_END(OSSL_CMP_PKISI)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)

ASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = {
    ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING),
    ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER),
    ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI)
} ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS)

ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT,
    OSSL_CMP_CERTSTATUS)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT)

ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = {
    ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER),
    ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI),
    ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair,
        OSSL_CMP_CERTIFIEDKEYPAIR),
    ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE)

ASN1_SEQUENCE(OSSL_CMP_POLLREQ) = {
    ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER)
} ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ)

ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT,
    OSSL_CMP_POLLREQ)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT)

ASN1_SEQUENCE(OSSL_CMP_POLLREP) = {
    ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER),
    ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER),
    ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING),
} ASN1_SEQUENCE_END(OSSL_CMP_POLLREP)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP)

ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
    OSSL_CMP_POLLREPCONTENT,
    OSSL_CMP_POLLREP)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT)

ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = {
    /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
    ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1),
    ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE)
} ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE)

ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT,
    OSSL_CMP_ITAV)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT)

ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT,
    OSSL_CMP_ITAV)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT)

ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
    OSSL_CMP_CRLANNCONTENT, X509_CRL)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT)

ASN1_CHOICE(OSSL_CMP_PKIBODY) = {
    ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc,
        OSSL_CMP_POPODECKEYCHALLCONTENT, 5),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr,
        OSSL_CMP_POPODECKEYRESPCONTENT, 6),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25),
    ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26),
} ASN1_CHOICE_END(OSSL_CMP_PKIBODY)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY)

ASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = {
    ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER),
    ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME),
    ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME),
    ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0),
    ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1),
    ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2),
    ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3),
    ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4),
    ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5),
    ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6),
    /*
     * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
     * so it is used directly
     */
    ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7),
    ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo,
        OSSL_CMP_ITAV, 8)
} ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)

ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = {
    ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
    ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY)
} ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART)
IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART)

ASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = {
    ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
    ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY),
    ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0),
    /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
    ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1)
} ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG)
IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)

ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS,
    OSSL_CMP_MSG)
ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS)

Coverage Report

Created: 2025-12-31 06:58

Line	Count	Source
1		/*
2		* Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
3		* Copyright Nokia 2007-2019
4		* Copyright Siemens AG 2015-2019
5		*
6		* Licensed under the Apache License 2.0 (the "License"). You may not use
7		* this file except in compliance with the License. You can obtain a copy
8		* in the file LICENSE in the source distribution or at
9		* https://www.openssl.org/source/license.html
10		*/
11
12		#include <openssl/asn1t.h>
13
14		#include "cmp_local.h"
15
16		/* explicit #includes not strictly needed since implied by the above: */
17		#include <openssl/cmp.h>
18		#include <openssl/crmf.h>
19
20		/* ASN.1 declarations from RFC4210 */
21		ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
22		/* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */
23		ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER),
24		ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID),
25		ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME),
26		ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME),
27		ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS)
28	52	} ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT)
29	52	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)
30	52
31	52	ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
32	52	ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR),
33	52	ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING),
34	52	ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING)
35	4.05k	} ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE)
36	4.05k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)
37	4.05k
38	4.05k	ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
39	4.05k	OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE)
40	12.4k	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT)
41
42		ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
43		OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER)
44	10.7k	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT)
45
46		ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
47		/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
48		ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509),
49		/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
50		ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509),
51		/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
52		ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509)
53	482	} ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT)
54	482	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)
55	482
56	482	ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
57	482	ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI),
58	482	ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER),
59	482	/*
60	482	* OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
61	482	* so it is used directly
62	482	*
63	482	*/
64	482	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails,
65	482	ASN1_UTF8STRING)
66	87.3k	} ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT)
67	87.3k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT)
68	87.3k
69	87.3k	ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV,
70	87.3k	infoValue.other,
71	87.3k	ASN1_ANY);
72	87.3k	/* ITAV means InfoTypeAndValue */
73	87.3k	ASN1_ADB(OSSL_CMP_ITAV) = {
74	87.3k	/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
75	87.3k	ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV, infoValue.caProtEncCert, X509)),
76	87.3k	ADB_ENTRY(NID_id_it_signKeyPairTypes,
77	87.3k	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
78	87.3k	infoValue.signKeyPairTypes, X509_ALGOR)),
79	87.3k	ADB_ENTRY(NID_id_it_encKeyPairTypes,
80	87.3k	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
81	87.3k	infoValue.encKeyPairTypes, X509_ALGOR)),
82	87.3k	ADB_ENTRY(NID_id_it_preferredSymmAlg,
83	87.3k	ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg,
84	87.3k	X509_ALGOR)),
85	87.3k	ADB_ENTRY(NID_id_it_caKeyUpdateInfo,
86	87.3k	ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo,
87	87.3k	OSSL_CMP_CAKEYUPDANNCONTENT)),
88	87.3k	ADB_ENTRY(NID_id_it_currentCRL,
89	87.3k	ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)),
90	87.3k	ADB_ENTRY(NID_id_it_unsupportedOIDs,
91	87.3k	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
92	87.3k	infoValue.unsupportedOIDs, ASN1_OBJECT)),
93	87.3k	ADB_ENTRY(NID_id_it_keyPairParamReq,
94	87.3k	ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq,
95	87.3k	ASN1_OBJECT)),
96	87.3k	ADB_ENTRY(NID_id_it_keyPairParamRep,
97	87.3k	ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep,
98	87.3k	X509_ALGOR)),
99	87.3k	ADB_ENTRY(NID_id_it_revPassphrase,
100	87.3k	ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase,
101	87.3k	OSSL_CRMF_ENCRYPTEDVALUE)),
102	87.3k	ADB_ENTRY(NID_id_it_implicitConfirm,
103	87.3k	ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm,
104	87.3k	ASN1_NULL)),
105	87.3k	ADB_ENTRY(NID_id_it_confirmWaitTime,
106	87.3k	ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime,
107	87.3k	ASN1_GENERALIZEDTIME)),
108	87.3k	ADB_ENTRY(NID_id_it_origPKIMessage,
109	87.3k	ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage,
110	87.3k	OSSL_CMP_MSGS)),
111	87.3k	ADB_ENTRY(NID_id_it_suppLangTags,
112	87.3k	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue,
113	87.3k	ASN1_UTF8STRING)),
114	827k	} ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0, &infotypeandvalue_default_tt, NULL);
115
116		ASN1_SEQUENCE(OSSL_CMP_ITAV) = {
117		ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT),
118		ASN1_ADB_OBJECT(OSSL_CMP_ITAV)
119	664k	} ASN1_SEQUENCE_END(OSSL_CMP_ITAV)
120	664k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV)
121	664k	IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
122	664k
123	664k	OSSL_CMP_ITAV OSSL_CMP_ITAV_create(ASN1_OBJECT type, ASN1_TYPE *value)
124	664k	{
125	0	OSSL_CMP_ITAV *itav;
126
127	0	if (type == NULL \|\| (itav = OSSL_CMP_ITAV_new()) == NULL)
128	0	return NULL;
129	0	OSSL_CMP_ITAV_set0(itav, type, value);
130	0	return itav;
131	0	}
132
133		void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV itav, ASN1_OBJECT type,
134		ASN1_TYPE *value)
135	0	{
136	0	itav->infoType = type;
137	0	itav->infoValue.other = value;
138	0	}
139
140		ASN1_OBJECT OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV itav)
141	0	{
142	0	if (itav == NULL)
143	0	return NULL;
144	0	return itav->infoType;
145	0	}
146
147		ASN1_TYPE OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV itav)
148	0	{
149	0	if (itav == NULL)
150	0	return NULL;
151	0	return itav->infoValue.other;
152	0	}
153
154		int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
155		OSSL_CMP_ITAV *itav)
156	0	{
157	0	int created = 0;
158
159	0	if (itav_sk_p == NULL \|\| itav == NULL) {
160	0	ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
161	0	goto err;
162	0	}
163
164	0	if (*itav_sk_p == NULL) {
165	0	if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL)
166	0	goto err;
167	0	created = 1;
168	0	}
169	0	if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav))
170	0	goto err;
171	0	return 1;
172
173	0	err:
174	0	if (created != 0) {
175	0	sk_OSSL_CMP_ITAV_free(*itav_sk_p);
176	0	*itav_sk_p = NULL;
177	0	}
178	0	return 0;
179	0	}
180
181		/* get ASN.1 encoded integer, return -2 on error; -1 is valid for certReqId */
182		int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a)
183	151	{
184	151	int64_t res;
185
186	151	if (!ASN1_INTEGER_get_int64(&res, a)) {
187	11	ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER);
188	11	return -2;
189	11	}
190	140	if (res < INT_MIN) {
191	45	ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL);
192	45	return -2;
193	45	}
194	95	if (res > INT_MAX) {
195	3	ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE);
196	3	return -2;
197	3	}
198	92	return (int)res;
199	95	}
200
201		static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval,
202		const ASN1_ITEM it, void exarg)
203	1.27M	{
204	1.27M	OSSL_CMP_MSG msg = (OSSL_CMP_MSG )*pval;
205
206	1.27M	switch (operation) {
207	139k	case ASN1_OP_FREE_POST:
208	139k	OPENSSL_free(msg->propq);
209	139k	break;
210
211	0	case ASN1_OP_DUP_POST: {
212	0	OSSL_CMP_MSG *old = exarg;
213
214	0	if (!ossl_cmp_msg_set0_libctx(msg, old->libctx, old->propq))
215	0	return 0;
216	0	} break;
217	0	case ASN1_OP_GET0_LIBCTX: {
218	0	OSSL_LIB_CTX **libctx = exarg;
219
220	0	*libctx = msg->libctx;
221	0	} break;
222	0	case ASN1_OP_GET0_PROPQ: {
223	0	const char **propq = exarg;
224
225	0	*propq = msg->propq;
226	0	} break;
227	1.13M	default:
228	1.13M	break;
229	1.27M	}
230
231	1.27M	return 1;
232	1.27M	}
233
234		ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = {
235		/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
236		ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0),
237		ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert,
238		OSSL_CRMF_ENCRYPTEDVALUE, 1),
239	2.69k	} ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT)
240	2.69k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)
241	2.69k
242	2.69k	ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
243	2.69k	ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert,
244	2.69k	OSSL_CMP_CERTORENCCERT),
245	2.69k	ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey,
246	2.69k	OSSL_CRMF_ENCRYPTEDVALUE, 0),
247	2.69k	ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo,
248	2.69k	OSSL_CRMF_PKIPUBLICATIONINFO, 1)
249	42.6k	} ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR)
250	42.6k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)
251	42.6k
252	42.6k	ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = {
253	42.6k	ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE),
254	42.6k	ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS)
255	1.98M	} ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS)
256	1.98M	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)
257	1.98M
258	1.98M	ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT,
259	1.98M	OSSL_CMP_REVDETAILS)
260	1.98M	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT)
261
262		ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
263		ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI),
264		ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID,
265		0),
266		ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1)
267	16.7k	} ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT)
268	16.7k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)
269	16.7k
270	16.7k	ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
271	16.7k	ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI),
272	16.7k	ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0),
273	16.7k	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1),
274	16.7k	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist,
275	16.7k	OSSL_CMP_CERTIFIEDKEYPAIR, 2)
276	16.7k	} ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT)
277	3.44k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)
278	3.44k
279	3.44k	ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER)
280	489k	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS)
281
282		ASN1_SEQUENCE(OSSL_CMP_PKISI) = {
283		ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS),
284		/*
285		* CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
286		* so it is used directly
287		*/
288		ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING),
289		/*
290		* OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING so used directly
291		*/
292		ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING)
293	330k	} ASN1_SEQUENCE_END(OSSL_CMP_PKISI)
294	330k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
295	330k	IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
296	330k
297	330k	ASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = {
298	330k	ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING),
299	330k	ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER),
300	330k	ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI)
301	330k	} ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS)
302	1.97k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS)
303	1.97k
304	1.97k	ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT,
305	1.97k	OSSL_CMP_CERTSTATUS)
306	15.7k	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT)
307
308		ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = {
309		ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER),
310		ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI),
311		ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair,
312		OSSL_CMP_CERTIFIEDKEYPAIR),
313		ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING)
314	37.7k	} ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE)
315	37.7k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE)
316	37.7k
317	37.7k	ASN1_SEQUENCE(OSSL_CMP_POLLREQ) = {
318	37.7k	ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER)
319	37.7k	} ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ)
320	4.32k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ)
321	4.32k
322	4.32k	ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT,
323	4.32k	OSSL_CMP_POLLREQ)
324	5.27k	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT)
325
326		ASN1_SEQUENCE(OSSL_CMP_POLLREP) = {
327		ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER),
328		ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER),
329		ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING),
330	4.49k	} ASN1_SEQUENCE_END(OSSL_CMP_POLLREP)
331	4.49k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP)
332	4.49k
333	4.49k	ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
334	4.49k	OSSL_CMP_POLLREPCONTENT,
335	4.49k	OSSL_CMP_POLLREP)
336	38.7k	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT)
337
338		ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = {
339		/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
340		ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1),
341		ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE)
342	33.3k	} ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE)
343	33.3k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE)
344	33.3k
345	33.3k	ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT,
346	33.3k	OSSL_CMP_ITAV)
347	33.3k	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT)
348
349		ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT,
350		OSSL_CMP_ITAV)
351	12.3k	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT)
352
353		ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
354		OSSL_CMP_CRLANNCONTENT, X509_CRL)
355	14.0k	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT)
356
357		ASN1_CHOICE(OSSL_CMP_PKIBODY) = {
358		ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0),
359		ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1),
360		ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2),
361		ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3),
362		ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4),
363		ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc,
364		OSSL_CMP_POPODECKEYCHALLCONTENT, 5),
365		ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr,
366		OSSL_CMP_POPODECKEYRESPCONTENT, 6),
367		ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7),
368		ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8),
369		ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9),
370		ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10),
371		ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11),
372		ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12),
373		ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13),
374		ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14),
375		ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15),
376		ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16),
377		ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17),
378		ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18),
379		ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19),
380		ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20),
381		ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21),
382		ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22),
383		ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23),
384		ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24),
385		ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25),
386		ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26),
387	1.75M	} ASN1_CHOICE_END(OSSL_CMP_PKIBODY)
388	1.75M	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY)
389	1.75M
390	1.75M	ASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = {
391	1.75M	ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER),
392	1.75M	ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME),
393	1.75M	ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME),
394	1.75M	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0),
395	1.75M	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1),
396	1.75M	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2),
397	1.75M	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3),
398	1.75M	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4),
399	1.75M	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5),
400	1.75M	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6),
401	1.75M	/*
402	1.75M	* OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
403	1.75M	* so it is used directly
404	1.75M	*/
405	1.75M	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7),
406	1.75M	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo,
407	1.75M	OSSL_CMP_ITAV, 8)
408	1.75M	} ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER)
409	893k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
410	893k
411	893k	ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = {
412	893k	ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
413	893k	ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY)
414	893k	} ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART)
415	4.21k	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART)
416	4.21k
417	4.21k	ASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = {
418	4.21k	ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
419	4.21k	ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY),
420	4.21k	ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0),
421	4.21k	/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
422	4.21k	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1)
423	4.21k	} ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG)
424	4.21k	IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
425	4.21k
426	4.21k	ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS,
427	4.21k	OSSL_CMP_MSG)
428		ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS)