From 8869ad4a39f13307ab710c1c53d97a46e144aef0 Mon Sep 17 00:00:00 2001 From: Andreas Kretschmer Date: Tue, 2 Apr 2019 11:16:53 +0200 Subject: [PATCH] Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712) CMP and CRMF API is added to libcrypto, and the "cmp" app to the openssl CLI. Adds extensive man pages and tests. Integration into build scripts. Incremental pull request based on OpenSSL commit 1362190b1b78 of 2018-09-26 3rd chunk: CMP ASN.1 structures (in crypto/cmp/cmp_asn.c) and related files Reviewed-by: Bernd Edlinger Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/8669) --- INSTALL | 3 + crypto/build.info | 2 +- crypto/cmp/build.info | 2 + crypto/cmp/cmp_asn.c | 398 ++++++++++++ crypto/cmp/cmp_err.c | 35 ++ crypto/cmp/cmp_int.h | 589 ++++++++++++++++++ crypto/crmf/crmf_asn.c | 6 +- crypto/crmf/crmf_int.h | 6 +- crypto/crmf/crmf_lib.c | 4 +- crypto/crmf/crmf_pbm.c | 6 +- crypto/err/err.c | 1 + crypto/err/err_all.c | 2 + crypto/err/openssl.ec | 1 + doc/man3/OSSL_CMP_ITAV_set0.pod | 105 ++++ doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod | 2 +- .../OSSL_CRMF_MSG_set1_regCtrl_regToken.pod | 2 +- .../OSSL_CRMF_MSG_set1_regInfo_certReq.pod | 2 +- doc/man3/OSSL_CRMF_MSG_set_validity.pod | 2 +- doc/man3/OSSL_CRMF_pbmp_new.pod | 2 +- doc/man3/X509_dup.pod | 23 +- doc/man3/d2i_X509.pod | 20 + include/openssl/cmp.h | 243 ++++++++ include/openssl/cmperr.h | 32 + include/openssl/crmf.h | 6 +- include/openssl/err.h | 2 + util/libcrypto.num | 302 ++++----- 26 files changed, 1632 insertions(+), 166 deletions(-) create mode 100644 crypto/cmp/build.info create mode 100644 crypto/cmp/cmp_asn.c create mode 100644 crypto/cmp/cmp_err.c create mode 100644 crypto/cmp/cmp_int.h create mode 100644 doc/man3/OSSL_CMP_ITAV_set0.pod create mode 100644 include/openssl/cmp.h create mode 100644 include/openssl/cmperr.h diff --git a/INSTALL b/INSTALL index 605f1d4cdb..e980f50e1d 100644 --- a/INSTALL +++ b/INSTALL @@ -314,6 +314,9 @@ Don't build the CAPI engine. This option will be forced if on a platform that does not support CAPI. + no-cmp + Don't build support for CMP features + no-cms Don't build support for CMS features diff --git a/crypto/build.info b/crypto/build.info index 629e819b8a..7798bcbe18 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -5,7 +5,7 @@ SUBDIRS=objects buffer bio stack lhash rand evp asn1 pem x509 conf \ md2 md4 md5 sha mdc2 gmac hmac ripemd whrlpool poly1305 blake2 \ siphash sm3 des aes rc2 rc4 rc5 idea aria bf cast camellia \ seed sm4 chacha modes bn ec rsa dsa dh sm2 dso engine \ - err comp ocsp cms ts srp cmac ct async kmac ess crmf + err comp ocsp cms ts srp cmac ct async kmac ess crmf cmp LIBS=../libcrypto # The Core diff --git a/crypto/cmp/build.info b/crypto/cmp/build.info new file mode 100644 index 0000000000..6b6ccaaf49 --- /dev/null +++ b/crypto/cmp/build.info @@ -0,0 +1,2 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]= cmp_asn.c cmp_err.c diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c new file mode 100644 index 0000000000..8555586dfd --- /dev/null +++ b/crypto/cmp/cmp_asn.c @@ -0,0 +1,398 @@ +/* + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * CMP implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. + */ + +#include + +#include "cmp_int.h" + +/* explicit #includes not strictly needed since implied by the above: */ +#include +#include + +/* ASN.1 declarations from RFC4210 */ +ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = { + /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */ + ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER), + ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID), + ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME), + ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME), + ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS) +} ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT) + + +ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = { + ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR), + ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING), + ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE) + + +ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT) + + +ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT) + + +ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = { + /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509), + /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509), + /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509) +} ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT) + + +ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = { + ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI), + ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER), + /* + * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING + * so it is used directly + * + */ + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails, ASN1_UTF8STRING) +} ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) + +ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV, + infoValue.other, ASN1_ANY); +/* ITAV means InfoTypeAndValue */ +ASN1_ADB(OSSL_CMP_ITAV) = { + /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV, + infoValue.caProtEncCert, X509)), + ADB_ENTRY(NID_id_it_signKeyPairTypes, + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, + infoValue.signKeyPairTypes, X509_ALGOR)), + ADB_ENTRY(NID_id_it_encKeyPairTypes, + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, + infoValue.encKeyPairTypes, X509_ALGOR)), + ADB_ENTRY(NID_id_it_preferredSymmAlg, + ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg, + X509_ALGOR)), + ADB_ENTRY(NID_id_it_caKeyUpdateInfo, + ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo, + OSSL_CMP_CAKEYUPDANNCONTENT)), + ADB_ENTRY(NID_id_it_currentCRL, + ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)), + ADB_ENTRY(NID_id_it_unsupportedOIDs, + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, + infoValue.unsupportedOIDs, ASN1_OBJECT)), + ADB_ENTRY(NID_id_it_keyPairParamReq, + ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq, + ASN1_OBJECT)), + ADB_ENTRY(NID_id_it_keyPairParamRep, + ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep, + X509_ALGOR)), + ADB_ENTRY(NID_id_it_revPassphrase, + ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase, + OSSL_CRMF_ENCRYPTEDVALUE)), + ADB_ENTRY(NID_id_it_implicitConfirm, + ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm, + ASN1_NULL)), + ADB_ENTRY(NID_id_it_confirmWaitTime, + ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime, + ASN1_GENERALIZEDTIME)), + ADB_ENTRY(NID_id_it_origPKIMessage, + ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage, + OSSL_CMP_MSGS)), + ADB_ENTRY(NID_id_it_suppLangTags, + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue, + ASN1_UTF8STRING)), +} ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0, + &infotypeandvalue_default_tt, NULL); + + +ASN1_SEQUENCE(OSSL_CMP_ITAV) = { + ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT), + ASN1_ADB_OBJECT(OSSL_CMP_ITAV) +} ASN1_SEQUENCE_END(OSSL_CMP_ITAV) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV) +IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) + +OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value) +{ + OSSL_CMP_ITAV *itav; + + if (type == NULL || (itav = OSSL_CMP_ITAV_new()) == NULL) + return NULL; + OSSL_CMP_ITAV_set0(itav, type, value); + return itav; +} + +void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, + ASN1_TYPE *value) +{ + itav->infoType = type; + itav->infoValue.other = value; +} + +ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav) +{ + if (itav == NULL) + return NULL; + return itav->infoType; +} + +ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav) +{ + if (itav == NULL) + return NULL; + return itav->infoValue.other; +} + +int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, + OSSL_CMP_ITAV *itav) +{ + int created = 0; + + if (itav_sk_p == NULL) + goto err; + + if (*itav_sk_p == NULL) { + if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL) + goto err; + created = 1; + } + if (itav != NULL) { + if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav)) + goto err; + } + return 1; + err: + if (created != 0) { + sk_OSSL_CMP_ITAV_free(*itav_sk_p); + *itav_sk_p = NULL; + } + return 0; +} + +ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = { + /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0), + ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert, + OSSL_CRMF_ENCRYPTEDVALUE, 1), +} ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT) + + +ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = { + ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert, + OSSL_CMP_CERTORENCCERT), + ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey, + OSSL_CRMF_ENCRYPTEDVALUE, 0), + ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo, + OSSL_CRMF_PKIPUBLICATIONINFO, 1) +} ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR) + + +ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = { + ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE), + ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS) +} ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS) + + +ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT, + OSSL_CMP_REVDETAILS) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT) + + +ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = { + ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI), + ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID, + 0), + ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1) +} ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT) + + +ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = { + ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI), + ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0), + ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1), + ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist, + OSSL_CMP_CERTIFIEDKEYPAIR, 2) +} ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT) + + +ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS) + +ASN1_SEQUENCE(OSSL_CMP_PKISI) = { + ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS), + /* + * CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING + * so it is used directly + */ + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING), + /* + * OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING so used directly + */ + ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(OSSL_CMP_PKISI) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI) +IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) + +ASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = { + ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING), + ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER), + ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI) +} ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS) + +ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT, + OSSL_CMP_CERTSTATUS) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT) + +ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = { + ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER), + ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI), + ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair, + OSSL_CMP_CERTIFIEDKEYPAIR), + ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE) + +ASN1_SEQUENCE(OSSL_CMP_POLLREQ) = { + ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER) +} ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ) + +ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT, + OSSL_CMP_POLLREQ) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT) + +ASN1_SEQUENCE(OSSL_CMP_POLLREP) = { + ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER), + ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER), + ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING), +} ASN1_SEQUENCE_END(OSSL_CMP_POLLREP) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP) + +ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + OSSL_CMP_POLLREPCONTENT, + OSSL_CMP_POLLREP) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT) + +ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = { + /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1), + ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE) +} ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE) + +ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT, + OSSL_CMP_ITAV) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT) + +ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT, + OSSL_CMP_ITAV) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT) + +ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, + OSSL_CMP_CRLANNCONTENT, X509_CRL) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT) + +ASN1_CHOICE(OSSL_CMP_PKIBODY) = { + ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0), + ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1), + ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2), + ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3), + ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4), + ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc, OSSL_CMP_POPODECKEYCHALLCONTENT, 5), + ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr, OSSL_CMP_POPODECKEYRESPCONTENT, 6), + ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7), + ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8), + ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9), + ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10), + ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11), + ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12), + ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13), + ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14), + ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15), + ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16), + ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17), + ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18), + ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19), + ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20), + ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21), + ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22), + ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23), + ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24), + ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25), + ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26), +} ASN1_CHOICE_END(OSSL_CMP_PKIBODY) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY) + +ASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = { + ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER), + ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME), + ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME), + ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0), + ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1), + ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2), + ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3), + ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4), + ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5), + ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6), + /* + * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING + * so it is used directly + */ + ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7), + ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo, + OSSL_CMP_ITAV, 8) +} ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) + +ASN1_SEQUENCE(CMP_PROTECTEDPART) = { + ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), + ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY) +} ASN1_SEQUENCE_END(CMP_PROTECTEDPART) +IMPLEMENT_ASN1_FUNCTIONS(CMP_PROTECTEDPART) + +ASN1_SEQUENCE(OSSL_CMP_MSG) = { + ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), + ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY), + ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0), + /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1) +} ASN1_SEQUENCE_END(OSSL_CMP_MSG) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_MSG) +IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) + +ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS, + OSSL_CMP_MSG) +ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS) diff --git a/crypto/cmp/cmp_err.c b/crypto/cmp/cmp_err.c new file mode 100644 index 0000000000..b85b8bac82 --- /dev/null +++ b/crypto/cmp/cmp_err.c @@ -0,0 +1,35 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#ifndef OPENSSL_NO_ERR + +static const ERR_STRING_DATA CMP_str_functs[] = { + {0, NULL} +}; + +static const ERR_STRING_DATA CMP_str_reasons[] = { + {0, NULL} +}; + +#endif + +int ERR_load_CMP_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(CMP_str_functs[0].error) == NULL) { + ERR_load_strings_const(CMP_str_functs); + ERR_load_strings_const(CMP_str_reasons); + } +#endif + return 1; +} diff --git a/crypto/cmp/cmp_int.h b/crypto/cmp/cmp_int.h new file mode 100644 index 0000000000..e78968aaa1 --- /dev/null +++ b/crypto/cmp/cmp_int.h @@ -0,0 +1,589 @@ +/* + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * CMP implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. + */ + +#ifndef OSSL_HEADER_CMP_INT_H +# define OSSL_HEADER_CMP_INT_H + +# include "internal/cryptlib.h" + +# include +# include + +/* explicit #includes not strictly needed since implied by the above: */ +# include +# include +# include +# include +# include + +/* + * ########################################################################## + * ASN.1 DECLARATIONS + * ########################################################################## + */ + +/*- + * RevAnnContent ::= SEQUENCE { + * status PKIStatus, + * certId CertId, + * willBeRevokedAt GeneralizedTime, + * badSinceDate GeneralizedTime, + * crlDetails Extensions OPTIONAL + * -- extra CRL details (e.g., crl number, reason, location, etc.) + * } + */ +typedef struct OSSL_cmp_revanncontent_st { + ASN1_INTEGER *status; + OSSL_CRMF_CERTID *certId; + ASN1_GENERALIZEDTIME *willBeRevokedAt; + ASN1_GENERALIZEDTIME *badSinceDate; + X509_EXTENSIONS *crlDetails; +} OSSL_CMP_REVANNCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT) + +/*- + * Challenge ::= SEQUENCE { + * owf AlgorithmIdentifier OPTIONAL, + * + * -- MUST be present in the first Challenge; MAY be omitted in + * -- any subsequent Challenge in POPODecKeyChallContent (if + * -- omitted, then the owf used in the immediately preceding + * -- Challenge is to be used). + * + * witness OCTET STRING, + * -- the result of applying the one-way function (owf) to a + * -- randomly-generated INTEGER, A. [Note that a different + * -- INTEGER MUST be used for each Challenge.] + * challenge OCTET STRING + * -- the encryption (under the public key for which the cert. + * -- request is being made) of Rand, where Rand is specified as + * -- Rand ::= SEQUENCE { + * -- int INTEGER, + * -- - the randomly-generated INTEGER A (above) + * -- sender GeneralName + * -- - the sender's name (as included in PKIHeader) + * -- } + * } + */ +typedef struct OSSL_cmp_challenge_st { + X509_ALGOR *owf; + ASN1_OCTET_STRING *witness; + ASN1_OCTET_STRING *challenge; +} OSSL_CMP_CHALLENGE; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE) + +/*- + * CAKeyUpdAnnContent ::= SEQUENCE { + * oldWithNew Certificate, + * newWithOld Certificate, + * newWithNew Certificate + * } + */ +typedef struct OSSL_cmp_cakeyupdanncontent_st { + X509 *oldWithNew; + X509 *newWithOld; + X509 *newWithNew; +} OSSL_CMP_CAKEYUPDANNCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT) + +/*- + * declared already here as it will be used in OSSL_CMP_MSG (nested) and + * infoType and infoValue + */ +typedef STACK_OF(OSSL_CMP_MSG) OSSL_CMP_MSGS; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_MSGS) + +/*- + * InfoTypeAndValue ::= SEQUENCE { + * infoType OBJECT IDENTIFIER, + * infoValue ANY DEFINED BY infoType OPTIONAL + * } + */ +struct OSSL_cmp_itav_st { + ASN1_OBJECT *infoType; + union { + char *ptr; + /* NID_id_it_caProtEncCert - CA Protocol Encryption Certificate */ + X509 *caProtEncCert; + /* NID_id_it_signKeyPairTypes - Signing Key Pair Types */ + STACK_OF(X509_ALGOR) *signKeyPairTypes; + /* NID_id_it_encKeyPairTypes - Encryption/Key Agreement Key Pair Types */ + STACK_OF(X509_ALGOR) *encKeyPairTypes; + /* NID_id_it_preferredSymmAlg - Preferred Symmetric Algorithm */ + X509_ALGOR *preferredSymmAlg; + /* NID_id_it_caKeyUpdateInfo - Updated CA Key Pair */ + OSSL_CMP_CAKEYUPDANNCONTENT *caKeyUpdateInfo; + /* NID_id_it_currentCRL - CRL */ + X509_CRL *currentCRL; + /* NID_id_it_unsupportedOIDs - Unsupported Object Identifiers */ + STACK_OF(ASN1_OBJECT) *unsupportedOIDs; + /* NID_id_it_keyPairParamReq - Key Pair Parameters Request */ + ASN1_OBJECT *keyPairParamReq; + /* NID_id_it_keyPairParamRep - Key Pair Parameters Response */ + X509_ALGOR *keyPairParamRep; + /* NID_id_it_revPassphrase - Revocation Passphrase */ + OSSL_CRMF_ENCRYPTEDVALUE *revPassphrase; + /* NID_id_it_implicitConfirm - ImplicitConfirm */ + ASN1_NULL *implicitConfirm; + /* NID_id_it_confirmWaitTime - ConfirmWaitTime */ + ASN1_GENERALIZEDTIME *confirmWaitTime; + /* NID_id_it_origPKIMessage - origPKIMessage */ + OSSL_CMP_MSGS *origPKIMessage; + /* NID_id_it_suppLangTags - Supported Language Tags */ + STACK_OF(ASN1_UTF8STRING) *suppLangTagsValue; + /* this is to be used for so far undeclared objects */ + ASN1_TYPE *other; + } infoValue; +} /* OSSL_CMP_ITAV */; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ITAV) +DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) + + +typedef struct OSSL_cmp_certorenccert_st { + int type; + union { + X509 *certificate; + OSSL_CRMF_ENCRYPTEDVALUE *encryptedCert; + } value; +} OSSL_CMP_CERTORENCCERT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT) + +/*- + * CertifiedKeyPair ::= SEQUENCE { + * certOrEncCert CertOrEncCert, + * privateKey [0] EncryptedValue OPTIONAL, + * -- see [CRMF] for comment on encoding + * publicationInfo [1] PKIPublicationInfo OPTIONAL + * } + */ +typedef struct OSSL_cmp_certifiedkeypair_st { + OSSL_CMP_CERTORENCCERT *certOrEncCert; + OSSL_CRMF_ENCRYPTEDVALUE *privateKey; + OSSL_CRMF_PKIPUBLICATIONINFO *publicationInfo; +} OSSL_CMP_CERTIFIEDKEYPAIR; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR) + +/*- + * PKIStatusInfo ::= SEQUENCE { + * status PKIStatus, + * statusString PKIFreeText OPTIONAL, + * failInfo PKIFailureInfo OPTIONAL + * } + */ +struct OSSL_cmp_pkisi_st { + OSSL_CMP_PKISTATUS *status; + OSSL_CMP_PKIFREETEXT *statusString; + OSSL_CMP_PKIFAILUREINFO *failInfo; +} /* OSSL_CMP_PKISI */; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKISI) +DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) + +/*- + * RevReqContent ::= SEQUENCE OF RevDetails + * + * RevDetails ::= SEQUENCE { + * certDetails CertTemplate, + * crlEntryDetails Extensions OPTIONAL + * } + */ +typedef struct OSSL_cmp_revdetails_st { + OSSL_CRMF_CERTTEMPLATE *certDetails; + X509_EXTENSIONS *crlEntryDetails; +} OSSL_CMP_REVDETAILS; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS) +DEFINE_STACK_OF(OSSL_CMP_REVDETAILS) + +/*- + * RevRepContent ::= SEQUENCE { + * status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, + * -- in same order as was sent in RevReqContent + * revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId + * OPTIONAL, + * -- IDs for which revocation was requested + * -- (same order as status) + * crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList + * OPTIONAL + * -- the resulting CRLs (there may be more than one) + * } + */ +struct OSSL_cmp_revrepcontent_st { + STACK_OF(OSSL_CMP_PKISI) *status; + STACK_OF(OSSL_CRMF_CERTID) *revCerts; + STACK_OF(X509_CRL) *crls; +} /* OSSL_CMP_REVREPCONTENT */; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT) + +/*- + * KeyRecRepContent ::= SEQUENCE { + * status PKIStatusInfo, + * newSigCert [0] Certificate OPTIONAL, + * caCerts [1] SEQUENCE SIZE (1..MAX) OF + * Certificate OPTIONAL, + * keyPairHist [2] SEQUENCE SIZE (1..MAX) OF + * CertifiedKeyPair OPTIONAL + * } + */ +typedef struct OSSL_cmp_keyrecrepcontent_st { + OSSL_CMP_PKISI *status; + X509 *newSigCert; + STACK_OF(X509) *caCerts; + STACK_OF(OSSL_CMP_CERTIFIEDKEYPAIR) *keyPairHist; +} OSSL_CMP_KEYRECREPCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT) + +/*- + * ErrorMsgContent ::= SEQUENCE { + * pKIStatusInfo PKIStatusInfo, + * errorCode INTEGER OPTIONAL, + * -- implementation-specific error codes + * errorDetails PKIFreeText OPTIONAL + * -- implementation-specific error details + * } + */ +typedef struct OSSL_cmp_errormsgcontent_st { + OSSL_CMP_PKISI *pKIStatusInfo; + ASN1_INTEGER *errorCode; + OSSL_CMP_PKIFREETEXT *errorDetails; +} OSSL_CMP_ERRORMSGCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) + +/*- + * CertConfirmContent ::= SEQUENCE OF CertStatus + * + * CertStatus ::= SEQUENCE { + * certHash OCTET STRING, + * -- the hash of the certificate, using the same hash algorithm + * -- as is used to create and verify the certificate signature + * certReqId INTEGER, + * -- to match this confirmation with the corresponding req/rep + * statusInfo PKIStatusInfo OPTIONAL + * } + */ +struct OSSL_cmp_certstatus_st { + ASN1_OCTET_STRING *certHash; + ASN1_INTEGER *certReqId; + OSSL_CMP_PKISI *statusInfo; +} /* OSSL_CMP_CERTSTATUS */; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS) + +typedef STACK_OF(OSSL_CMP_CERTSTATUS) OSSL_CMP_CERTCONFIRMCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTCONFIRMCONTENT) + +/*- + * CertResponse ::= SEQUENCE { + * certReqId INTEGER, + * -- to match this response with corresponding request (a value + * -- of -1 is to be used if certReqId is not specified in the + * -- corresponding request) + * status PKIStatusInfo, + * certifiedKeyPair CertifiedKeyPair OPTIONAL, + * rspInfo OCTET STRING OPTIONAL + * -- analogous to the id-regInfo-utf8Pairs string defined + * -- for regInfo in CertReqMsg [CRMF] + * } + */ +struct OSSL_cmp_certresponse_st { + ASN1_INTEGER *certReqId; + OSSL_CMP_PKISI *status; + OSSL_CMP_CERTIFIEDKEYPAIR *certifiedKeyPair; + ASN1_OCTET_STRING *rspInfo; +} /* OSSL_CMP_CERTRESPONSE */; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE) + +/*- + * CertRepMessage ::= SEQUENCE { + * caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate + * OPTIONAL, + * response SEQUENCE OF CertResponse + * } + */ +struct OSSL_cmp_certrepmessage_st { + STACK_OF(X509) *caPubs; + STACK_OF(OSSL_CMP_CERTRESPONSE) *response; +} /* OSSL_CMP_CERTREPMESSAGE */; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE) + +/*- + * PollReqContent ::= SEQUENCE OF SEQUENCE { + * certReqId INTEGER + * } + */ +typedef struct OSSL_cmp_pollreq_st { + ASN1_INTEGER *certReqId; +} OSSL_CMP_POLLREQ; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ) +DEFINE_STACK_OF(OSSL_CMP_POLLREQ) +typedef STACK_OF(OSSL_CMP_POLLREQ) OSSL_CMP_POLLREQCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREQCONTENT) + +/*- + * PollRepContent ::= SEQUENCE OF SEQUENCE { + * certReqId INTEGER, + * checkAfter INTEGER, -- time in seconds + * reason PKIFreeText OPTIONAL + * } + */ +struct OSSL_cmp_pollrep_st { + ASN1_INTEGER *certReqId; + ASN1_INTEGER *checkAfter; + OSSL_CMP_PKIFREETEXT *reason; +} /* OSSL_CMP_POLLREP */; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREP) +DEFINE_STACK_OF(OSSL_CMP_POLLREP) +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POLLREPCONTENT) + +/*- + * PKIHeader ::= SEQUENCE { + * pvno INTEGER { cmp1999(1), cmp2000(2) }, + * sender GeneralName, + * -- identifies the sender + * recipient GeneralName, + * -- identifies the intended recipient + * messageTime [0] GeneralizedTime OPTIONAL, + * -- time of production of this message (used when sender + * -- believes that the transport will be "suitable"; i.e., + * -- that the time will still be meaningful upon receipt) + * protectionAlg [1] AlgorithmIdentifier OPTIONAL, + * -- algorithm used for calculation of protection bits + * senderKID [2] KeyIdentifier OPTIONAL, + * recipKID [3] KeyIdentifier OPTIONAL, + * -- to identify specific keys used for protection + * transactionID [4] OCTET STRING OPTIONAL, + * -- identifies the transaction; i.e., this will be the same in + * -- corresponding request, response, certConf, and PKIConf + * -- messages + * senderNonce [5] OCTET STRING OPTIONAL, + * recipNonce [6] OCTET STRING OPTIONAL, + * -- nonces used to provide replay protection, senderNonce + * -- is inserted by the creator of this message; recipNonce + * -- is a nonce previously inserted in a related message by + * -- the intended recipient of this message + * freeText [7] PKIFreeText OPTIONAL, + * -- this may be used to indicate context-specific instructions + * -- (this field is intended for human consumption) + * generalInfo [8] SEQUENCE SIZE (1..MAX) OF + * InfoTypeAndValue OPTIONAL + * -- this may be used to convey context-specific information + * -- (this field not primarily intended for human consumption) + * } + */ +struct OSSL_cmp_pkiheader_st { + ASN1_INTEGER *pvno; + GENERAL_NAME *sender; + GENERAL_NAME *recipient; + ASN1_GENERALIZEDTIME *messageTime; /* 0 */ + X509_ALGOR *protectionAlg; /* 1 */ + ASN1_OCTET_STRING *senderKID; /* 2 */ + ASN1_OCTET_STRING *recipKID; /* 3 */ + ASN1_OCTET_STRING *transactionID; /* 4 */ + ASN1_OCTET_STRING *senderNonce; /* 5 */ + ASN1_OCTET_STRING *recipNonce; /* 6 */ + OSSL_CMP_PKIFREETEXT *freeText; /* 7 */ + STACK_OF(OSSL_CMP_ITAV) *generalInfo; /* 8 */ +} /* OSSL_CMP_PKIHEADER */; + +typedef STACK_OF(OSSL_CMP_CHALLENGE) OSSL_CMP_POPODECKEYCHALLCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POPODECKEYCHALLCONTENT) +typedef STACK_OF(ASN1_INTEGER) OSSL_CMP_POPODECKEYRESPCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_POPODECKEYRESPCONTENT) +typedef STACK_OF(OSSL_CMP_REVDETAILS) OSSL_CMP_REVREQCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_REVREQCONTENT) +typedef STACK_OF(X509_CRL) OSSL_CMP_CRLANNCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_CRLANNCONTENT) +typedef STACK_OF(OSSL_CMP_ITAV) OSSL_CMP_GENMSGCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_GENMSGCONTENT) +typedef STACK_OF(OSSL_CMP_ITAV) OSSL_CMP_GENREPCONTENT; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_GENREPCONTENT) + +/*- + * PKIBody ::= CHOICE { -- message-specific body elements + * ir [0] CertReqMessages, --Initialization Request + * ip [1] CertRepMessage, --Initialization Response + * cr [2] CertReqMessages, --Certification Request + * cp [3] CertRepMessage, --Certification Response + * p10cr [4] CertificationRequest, --imported from [PKCS10] + * popdecc [5] POPODecKeyChallContent, --pop Challenge + * popdecr [6] POPODecKeyRespContent, --pop Response + * kur [7] CertReqMessages, --Key Update Request + * kup [8] CertRepMessage, --Key Update Response + * krr [9] CertReqMessages, --Key Recovery Request + * krp [10] KeyRecRepContent, --Key Recovery Response + * rr [11] RevReqContent, --Revocation Request + * rp [12] RevRepContent, --Revocation Response + * ccr [13] CertReqMessages, --Cross-Cert. Request + * ccp [14] CertRepMessage, --Cross-Cert. Response + * ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. + * cann [16] CertAnnContent, --Certificate Ann. + * rann [17] RevAnnContent, --Revocation Ann. + * crlann [18] CRLAnnContent, --CRL Announcement + * pkiconf [19] PKIConfirmContent, --Confirmation + * nested [20] NestedMessageContent, --Nested Message + * genm [21] GenMsgContent, --General Message + * genp [22] GenRepContent, --General Response + * error [23] ErrorMsgContent, --Error Message + * certConf [24] CertConfirmContent, --Certificate confirm + * pollReq [25] PollReqContent, --Polling request + * pollRep [26] PollRepContent --Polling response + */ +typedef struct OSSL_cmp_pkibody_st { + int type; + union { + OSSL_CRMF_MSGS *ir; /* 0 */ + OSSL_CMP_CERTREPMESSAGE *ip; /* 1 */ + OSSL_CRMF_MSGS *cr; /* 2 */ + OSSL_CMP_CERTREPMESSAGE *cp; /* 3 */ + /* p10cr [4] CertificationRequest, --imported from [PKCS10] */ + /* + * PKCS10_CERTIFICATIONREQUEST is effectively X509_REQ + * so it is used directly + */ + X509_REQ *p10cr; /* 4 */ + /* popdecc [5] POPODecKeyChallContent, --pop Challenge */ + /* POPODecKeyChallContent ::= SEQUENCE OF Challenge */ + OSSL_CMP_POPODECKEYCHALLCONTENT *popdecc; /* 5 */ + /* popdecr [6] POPODecKeyRespContent, --pop Response */ + /* POPODecKeyRespContent ::= SEQUENCE OF INTEGER */ + OSSL_CMP_POPODECKEYRESPCONTENT *popdecr; /* 6 */ + OSSL_CRMF_MSGS *kur; /* 7 */ + OSSL_CMP_CERTREPMESSAGE *kup; /* 8 */ + OSSL_CRMF_MSGS *krr; /* 9 */ + + /* krp [10] KeyRecRepContent, --Key Recovery Response */ + OSSL_CMP_KEYRECREPCONTENT *krp; /* 10 */ + /* rr [11] RevReqContent, --Revocation Request */ + OSSL_CMP_REVREQCONTENT *rr; /* 11 */ + /* rp [12] RevRepContent, --Revocation Response */ + OSSL_CMP_REVREPCONTENT *rp; /* 12 */ + /* ccr [13] CertReqMessages, --Cross-Cert. Request */ + OSSL_CRMF_MSGS *ccr; /* 13 */ + /* ccp [14] CertRepMessage, --Cross-Cert. Response */ + OSSL_CMP_CERTREPMESSAGE *ccp; /* 14 */ + /* ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. */ + OSSL_CMP_CAKEYUPDANNCONTENT *ckuann; /* 15 */ + /* cann [16] CertAnnContent, --Certificate Ann. */ + /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + X509 *cann; /* 16 */ + /* rann [17] RevAnnContent, --Revocation Ann. */ + OSSL_CMP_REVANNCONTENT *rann; /* 17 */ + /* crlann [18] CRLAnnContent, --CRL Announcement */ + /* CRLAnnContent ::= SEQUENCE OF CertificateList */ + OSSL_CMP_CRLANNCONTENT *crlann; + /* PKIConfirmContent ::= NULL */ + /* pkiconf [19] PKIConfirmContent, --Confirmation */ + /* OSSL_CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL */ + /* OSSL_CMP_CONFIRMCONTENT *pkiconf; */ + /* + * NOTE: this should ASN1_NULL according to the RFC + * but there might be a struct in it when sent from faulty servers... + */ + ASN1_TYPE *pkiconf; /* 19 */ + /* nested [20] NestedMessageContent, --Nested Message */ + /* NestedMessageContent ::= PKIMessages */ + OSSL_CMP_MSGS *nested; /* 20 */ + /* genm [21] GenMsgContent, --General Message */ + /* GenMsgContent ::= SEQUENCE OF InfoTypeAndValue */ + OSSL_CMP_GENMSGCONTENT *genm; /* 21 */ + /* genp [22] GenRepContent, --General Response */ + /* GenRepContent ::= SEQUENCE OF InfoTypeAndValue */ + OSSL_CMP_GENREPCONTENT *genp; /* 22 */ + /* error [23] ErrorMsgContent, --Error Message */ + OSSL_CMP_ERRORMSGCONTENT *error; /* 23 */ + /* certConf [24] CertConfirmContent, --Certificate confirm */ + OSSL_CMP_CERTCONFIRMCONTENT *certConf; /* 24 */ + /* pollReq [25] PollReqContent, --Polling request */ + OSSL_CMP_POLLREQCONTENT *pollReq; + /* pollRep [26] PollRepContent --Polling response */ + OSSL_CMP_POLLREPCONTENT *pollRep; + } value; +} OSSL_CMP_PKIBODY; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY) + +/*- + * PKIProtection ::= BIT STRING + * + * PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage + * + * PKIMessage ::= SEQUENCE { + * header PKIHeader, + * body PKIBody, + * protection [0] PKIProtection OPTIONAL, + * extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate + * OPTIONAL + * } + */ +struct OSSL_cmp_msg_st { + OSSL_CMP_PKIHEADER *header; + OSSL_CMP_PKIBODY *body; + ASN1_BIT_STRING *protection; /* 0 */ + /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ + STACK_OF(X509) *extraCerts; /* 1 */ +} /* OSSL_CMP_MSG */; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_MSG) + +/*- + * ProtectedPart ::= SEQUENCE { + * header PKIHeader, + * body PKIBody + * } + */ +typedef struct cmp_protectedpart_st { + OSSL_CMP_PKIHEADER *header; + OSSL_CMP_PKIBODY *body; +} CMP_PROTECTEDPART; +DECLARE_ASN1_FUNCTIONS(CMP_PROTECTEDPART) + +/*- + * this is not defined here as it is already in CRMF: + * id-PasswordBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 13} + * PBMParameter ::= SEQUENCE { + * salt OCTET STRING, + * -- note: implementations MAY wish to limit acceptable sizes + * -- of this string to values appropriate for their environment + * -- in order to reduce the risk of denial-of-service attacks + * owf AlgorithmIdentifier, + * -- AlgId for a One-Way Function (SHA-1 recommended) + * iterationCount INTEGER, + * -- number of times the OWF is applied + * -- note: implementations MAY wish to limit acceptable sizes + * -- of this integer to values appropriate for their environment + * -- in order to reduce the risk of denial-of-service attacks + * mac AlgorithmIdentifier + * -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], + * } -- or HMAC [RFC2104, RFC2202]) + */ +/*- + * TODO: this is not yet defined here - but DH is anyway not used yet + * + * id-DHBasedMac OBJECT IDENTIFIER ::= {1 2 840 113533 7 66 30} + * DHBMParameter ::= SEQUENCE { + * owf AlgorithmIdentifier, + * -- AlgId for a One-Way Function (SHA-1 recommended) + * mac AlgorithmIdentifier + * -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], + * } -- or HMAC [RFC2104, RFC2202]) + */ +/*- + * The following is not cared for, because it is described in section 5.2.5 + * that this is beyond the scope of CMP + * OOBCert ::= CMPCertificate + * + * OOBCertHash ::= SEQUENCE { + * hashAlg [0] AlgorithmIdentifier OPTIONAL, + * certId [1] CertId OPTIONAL, + * hashVal BIT STRING + * -- hashVal is calculated over the DER encoding of the + * -- self-signed certificate with the identifier certID. + * } + */ + +#endif /* !defined OSSL_HEADER_CMP_INT_H */ diff --git a/crypto/crmf/crmf_asn.c b/crypto/crmf/crmf_asn.c index 8810cb4358..05442c2c12 100644 --- a/crypto/crmf/crmf_asn.c +++ b/crypto/crmf/crmf_asn.c @@ -1,7 +1,7 @@ /*- - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2018 - * Copyright Siemens AG 2015-2018 + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/crmf/crmf_int.h b/crypto/crmf/crmf_int.h index f908eac8bf..b76205784b 100644 --- a/crypto/crmf/crmf_int.h +++ b/crypto/crmf/crmf_int.h @@ -1,7 +1,7 @@ /*- - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2018 - * Copyright Siemens AG 2015-2018 + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c index 6a259f96a8..55f1f38af8 100644 --- a/crypto/crmf/crmf_lib.c +++ b/crypto/crmf/crmf_lib.c @@ -1,7 +1,7 @@ /*- - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2018 - * Copyright Siemens AG 2015-2018 + * Copyright Siemens AG 2015-2019 * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/crmf/crmf_pbm.c b/crypto/crmf/crmf_pbm.c index 09e4ffada1..7b29166610 100644 --- a/crypto/crmf/crmf_pbm.c +++ b/crypto/crmf/crmf_pbm.c @@ -1,7 +1,7 @@ /*- - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2018 - * Copyright Siemens AG 2015-2018 + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/err/err.c b/crypto/err/err.c index 345d230206..57399f82ad 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -59,6 +59,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = { {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"}, {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"}, {ERR_PACK(ERR_LIB_CRMF, 0, 0), "CRMF routines"}, + {ERR_PACK(ERR_LIB_CMP, 0, 0), "CMP routines"}, {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"}, {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"}, {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"}, diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index a56cf9c47a..8962fe5cb2 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include @@ -94,6 +95,7 @@ int err_load_crypto_strings_int(void) # endif # ifndef OPENSSL_NO_CRMF ERR_load_CRMF_strings() == 0 || + ERR_load_CMP_strings() == 0 || # endif # ifndef OPENSSL_NO_CT ERR_load_CT_strings() == 0 || diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 0c362b2c6c..04e76df6f7 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -30,6 +30,7 @@ L COMP include/openssl/comp.h crypto/comp/comp_err.c L TS include/openssl/ts.h crypto/ts/ts_err.c L CMS include/openssl/cms.h crypto/cms/cms_err.c L CRMF include/openssl/crmf.h crypto/crmf/crmf_err.c +L CMP include/openssl/cmp.h crypto/cmp/cmp_err.c L CT include/openssl/ct.h crypto/ct/ct_err.c L ASYNC include/openssl/async.h crypto/async/async_err.c L KDF include/openssl/kdf.h crypto/kdf/kdf_err.c diff --git a/doc/man3/OSSL_CMP_ITAV_set0.pod b/doc/man3/OSSL_CMP_ITAV_set0.pod new file mode 100644 index 0000000000..082b0bfe76 --- /dev/null +++ b/doc/man3/OSSL_CMP_ITAV_set0.pod @@ -0,0 +1,105 @@ +=pod + +=head1 NAME + +OSSL_CMP_ITAV_create, +OSSL_CMP_ITAV_set0, +OSSL_CMP_ITAV_get0_type, +OSSL_CMP_ITAV_get0_value, +OSSL_CMP_ITAV_push0_stack_item +- OSSL_CMP_ITAV utility functions + +=head1 SYNOPSIS + + #include + OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); + void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, + ASN1_TYPE *value); + ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); + ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); + + int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, + OSSL_CMP_ITAV *itav); + +=head1 DESCRIPTION + +ITAV is short for InfoTypeAndValue. This type is defined in RFC 4210 +section 5.3.19 and Appendix F. It is used at various places in CMP messages, +e.g., in the generalInfo PKIHeader field, to hold a key-value pair. + +OSSL_CMP_ITAV_create() creates a new OSSL_CMP_ITAV structure and fills it in. +It combines B and B. + +OSSL_CMP_ITAV_set0() sets the B with an infoType of B and an +infoValue of B. This function uses the pointers B and B +internally, so they must B be freed up after the call. + +OSSL_CMP_ITAV_get0_type() returns a direct pointer to the infoType in the +B. + +OSSL_CMP_ITAV_get0_value() returns a direct pointer to the infoValue in +the B as generic ASN1_TYPE*. + +OSSL_CMP_ITAV_push0_stack_item() pushes B to the stack pointed to +by B<*itav_sk_p>. It creates a new stack if B<*itav_sk_p> points to NULL. + +=head1 NOTES + +CMP is defined in RFC 4210 (and CRMF in RFC 4211). + +=head1 RETURN VALUES + +OSSL_CMP_ITAV_create() returns a pointer to the ITAV structure on success, +or NULL on error. + +OSSL_CMP_ITAV_set0() does not return a value. + +OSSL_CMP_ITAV_get0_type() and OSSL_CMP_ITAV_get0_value() +return the respective pointer or NULL if their input is NULL. + +OSSL_CMP_ITAV_push0_stack_item() returns 1 on success, 0 on error. + +=head1 EXAMPLE + +The following code creates and sets a structure representing a generic +InfoTypeAndValue sequence, using an OID created from text as type, and an +integer as value. Afterwards, it is pushed to the OSSL_CMP_CTX to be later +included in the requests' PKIHeader's genInfo field. + + ASN1_OBJECT *type = OBJ_txt2obj("1.2.3.4.5", 1); + if (type == NULL) ... + + ASN1_INTEGER *asn1int = ASN1_INTEGER_new(); + if (asn1int == NULL || !ASN1_INTEGER_set(asn1int, 12345)) ... + + ASN1_TYPE *val = ASN1_TYPE_new(); + if (val == NULL) ... + ASN1_TYPE_set(val, V_ASN1_INTEGER, asn1int); + + OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, val); + if (itav == NULL) ... + + OSSL_CMP_CTX *ctx = OSSL_CMP_CTX_new(); + if (ctx == NULL || !OSSL_CMP_CTX_geninfo_push0_ITAV(ctx, itav)) { + OSSL_CMP_ITAV_free(itav); /* also frees type and val */ + goto err; + } + + ... + + OSSL_CMP_CTX_free(ctx); /* also frees itav */ + +=head1 SEE ALSO + +L, L, L + +=head1 COPYRIGHT + +Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff --git a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod index 0ddfc719d2..1ca79bc944 100644 --- a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod +++ b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod @@ -56,7 +56,7 @@ B =head1 COPYRIGHT -Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod b/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod index 5709b178b6..e73a490583 100644 --- a/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod +++ b/doc/man3/OSSL_CRMF_MSG_set1_regCtrl_regToken.pod @@ -96,7 +96,7 @@ RFC 4211 =head1 COPYRIGHT -Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod b/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod index cad175c04b..3d895a41d6 100644 --- a/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod +++ b/doc/man3/OSSL_CRMF_MSG_set1_regInfo_certReq.pod @@ -39,7 +39,7 @@ RFC 4211 =head1 COPYRIGHT -Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CRMF_MSG_set_validity.pod b/doc/man3/OSSL_CRMF_MSG_set_validity.pod index 588c8b7b76..80f2366148 100644 --- a/doc/man3/OSSL_CRMF_MSG_set_validity.pod +++ b/doc/man3/OSSL_CRMF_MSG_set_validity.pod @@ -95,7 +95,7 @@ RFC 4211 =head1 COPYRIGHT -Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/OSSL_CRMF_pbmp_new.pod b/doc/man3/OSSL_CRMF_pbmp_new.pod index 651c4307be..877fee65c2 100644 --- a/doc/man3/OSSL_CRMF_pbmp_new.pod +++ b/doc/man3/OSSL_CRMF_pbmp_new.pod @@ -68,7 +68,7 @@ RFC 4211 section 4.4 =head1 COPYRIGHT -Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 2f51e4552c..526a6d68bf 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -116,20 +116,39 @@ OCSP_SIGNATURE_free, OCSP_SIGNATURE_new, OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, +OSSL_CMP_ITAV_free, +OSSL_CMP_MSG_dup, +OSSL_CMP_MSG_it, +OSSL_CMP_MSG_free, +OSSL_CMP_PKIHEADER_free, +OSSL_CMP_PKIHEADER_it, +OSSL_CMP_PKIHEADER_new, +OSSL_CMP_PKISI_free, +OSSL_CMP_PKISTATUS_it, OSSL_CRMF_CERTID_free, +OSSL_CRMF_CERTID_it, OSSL_CRMF_CERTID_new, OSSL_CRMF_CERTTEMPLATE_free, +OSSL_CRMF_CERTTEMPLATE_it, OSSL_CRMF_CERTTEMPLATE_new, OSSL_CRMF_ENCRYPTEDVALUE_free, +OSSL_CRMF_ENCRYPTEDVALUE_it, OSSL_CRMF_ENCRYPTEDVALUE_new, +OSSL_CRMF_MSGS_free, +OSSL_CRMF_MSGS_it, +OSSL_CRMF_MSGS_new, OSSL_CRMF_MSG_free, +OSSL_CRMF_MSG_it, OSSL_CRMF_MSG_new, OSSL_CRMF_PBMPARAMETER_free, +OSSL_CRMF_PBMPARAMETER_it, OSSL_CRMF_PBMPARAMETER_new, OSSL_CRMF_PKIPUBLICATIONINFO_free, +OSSL_CRMF_PKIPUBLICATIONINFO_it, OSSL_CRMF_PKIPUBLICATIONINFO_new, -OSSL_CRMF_MSGS_free, -OSSL_CRMF_MSGS_new, +OSSL_CRMF_SINGLEPUBINFO_free, +OSSL_CRMF_SINGLEPUBINFO_it, +OSSL_CRMF_SINGLEPUBINFO_new, OTHERNAME_free, OTHERNAME_new, PBE2PARAM_free, diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index cad7877396..30e6ad0d8f 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -93,6 +93,16 @@ d2i_OCSP_REVOKEDINFO, d2i_OCSP_SERVICELOC, d2i_OCSP_SIGNATURE, d2i_OCSP_SINGLERESP, +d2i_OSSL_CMP_MSG, +d2i_OSSL_CMP_PKIHEADER, +d2i_OSSL_CRMF_CERTID, +d2i_OSSL_CRMF_CERTTEMPLATE, +d2i_OSSL_CRMF_ENCRYPTEDVALUE, +d2i_OSSL_CRMF_MSG, +d2i_OSSL_CRMF_MSGS, +d2i_OSSL_CRMF_PBMPARAMETER, +d2i_OSSL_CRMF_PKIPUBLICATIONINFO, +d2i_OSSL_CRMF_SINGLEPUBINFO, d2i_OTHERNAME, d2i_PBE2PARAM, d2i_PBEPARAM, @@ -269,6 +279,16 @@ i2d_OCSP_REVOKEDINFO, i2d_OCSP_SERVICELOC, i2d_OCSP_SIGNATURE, i2d_OCSP_SINGLERESP, +i2d_OSSL_CMP_MSG, +i2d_OSSL_CMP_PKIHEADER, +i2d_OSSL_CRMF_CERTID, +i2d_OSSL_CRMF_CERTTEMPLATE, +i2d_OSSL_CRMF_ENCRYPTEDVALUE, +i2d_OSSL_CRMF_MSG, +i2d_OSSL_CRMF_MSGS, +i2d_OSSL_CRMF_PBMPARAMETER, +i2d_OSSL_CRMF_PKIPUBLICATIONINFO, +i2d_OSSL_CRMF_SINGLEPUBINFO, i2d_OTHERNAME, i2d_PBE2PARAM, i2d_PBEPARAM, diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h new file mode 100644 index 0000000000..3d9c3d4d37 --- /dev/null +++ b/include/openssl/cmp.h @@ -0,0 +1,243 @@ +/*- + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + * + * CMP (RFC 4210) implementation by M. Peylo, M. Viljanen, and D. von Oheimb. + */ + +#ifndef OSSL_HEADER_CMP_H +# define OSSL_HEADER_CMP_H + +# include +# ifndef OPENSSL_NO_CMP + +# include +# include + +/* explicit #includes not strictly needed since implied by the above: */ +# include +# include +# include +# include + +# ifdef __cplusplus +extern "C" { +# endif + +# define OSSL_CMP_PVNO 2 + +/*- + * PKIFailureInfo ::= BIT STRING { + * -- since we can fail in more than one way! + * -- More codes may be added in the future if/when required. + * badAlg (0), + * -- unrecognized or unsupported Algorithm Identifier + * badMessageCheck (1), + * -- integrity check failed (e.g., signature did not verify) + * badRequest (2), + * -- transaction not permitted or supported + * badTime (3), + * -- messageTime was not sufficiently close to the system time, + * -- as defined by local policy + * badCertId (4), + * -- no certificate could be found matching the provided criteria + * badDataFormat (5), + * -- the data submitted has the wrong format + * wrongAuthority (6), + * -- the authority indicated in the request is different from the + * -- one creating the response token + * incorrectData (7), + * -- the requester's data is incorrect (for notary services) + * missingTimeStamp (8), + * -- when the timestamp is missing but should be there + * -- (by policy) + * badPOP (9), + * -- the proof-of-possession failed + * certRevoked (10), + * -- the certificate has already been revoked + * certConfirmed (11), + * -- the certificate has already been confirmed + * wrongIntegrity (12), + * -- invalid integrity, password based instead of signature or + * -- vice versa + * badRecipientNonce (13), + * -- invalid recipient nonce, either missing or wrong value + * timeNotAvailable (14), + * -- the TSA's time source is not available + * unacceptedPolicy (15), + * -- the requested TSA policy is not supported by the TSA. + * unacceptedExtension (16), + * -- the requested extension is not supported by the TSA. + * addInfoNotAvailable (17), + * -- the additional information requested could not be + * -- understood or is not available + * badSenderNonce (18), + * -- invalid sender nonce, either missing or wrong size + * badCertTemplate (19), + * -- invalid cert. template or missing mandatory information + * signerNotTrusted (20), + * -- signer of the message unknown or not trusted + * transactionIdInUse (21), + * -- the transaction identifier is already in use + * unsupportedVersion (22), + * -- the version of the message is not supported + * notAuthorized (23), + * -- the sender was not authorized to make the preceding + * -- request or perform the preceding action + * systemUnavail (24), + * -- the request cannot be handled due to system unavailability + * systemFailure (25), + * -- the request cannot be handled due to system failure + * duplicateCertReq (26) + * -- certificate cannot be issued because a duplicate + * -- certificate already exists + * } + */ +# define OSSL_CMP_PKIFAILUREINFO_badAlg 0 +# define OSSL_CMP_PKIFAILUREINFO_badMessageCheck 1 +# define OSSL_CMP_PKIFAILUREINFO_badRequest 2 +# define OSSL_CMP_PKIFAILUREINFO_badTime 3 +# define OSSL_CMP_PKIFAILUREINFO_badCertId 4 +# define OSSL_CMP_PKIFAILUREINFO_badDataFormat 5 +# define OSSL_CMP_PKIFAILUREINFO_wrongAuthority 6 +# define OSSL_CMP_PKIFAILUREINFO_incorrectData 7 +# define OSSL_CMP_PKIFAILUREINFO_missingTimeStamp 8 +# define OSSL_CMP_PKIFAILUREINFO_badPOP 9 +# define OSSL_CMP_PKIFAILUREINFO_certRevoked 10 +# define OSSL_CMP_PKIFAILUREINFO_certConfirmed 11 +# define OSSL_CMP_PKIFAILUREINFO_wrongIntegrity 12 +# define OSSL_CMP_PKIFAILUREINFO_badRecipientNonce 13 +# define OSSL_CMP_PKIFAILUREINFO_timeNotAvailable 14 +# define OSSL_CMP_PKIFAILUREINFO_unacceptedPolicy 15 +# define OSSL_CMP_PKIFAILUREINFO_unacceptedExtension 16 +# define OSSL_CMP_PKIFAILUREINFO_addInfoNotAvailable 17 +# define OSSL_CMP_PKIFAILUREINFO_badSenderNonce 18 +# define OSSL_CMP_PKIFAILUREINFO_badCertTemplate 19 +# define OSSL_CMP_PKIFAILUREINFO_signerNotTrusted 20 +# define OSSL_CMP_PKIFAILUREINFO_transactionIdInUse 21 +# define OSSL_CMP_PKIFAILUREINFO_unsupportedVersion 22 +# define OSSL_CMP_PKIFAILUREINFO_notAuthorized 23 +# define OSSL_CMP_PKIFAILUREINFO_systemUnavail 24 +# define OSSL_CMP_PKIFAILUREINFO_systemFailure 25 +# define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26 +# define OSSL_CMP_PKIFAILUREINFO_MAX 26 +# define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \ + ( (1<<(OSSL_CMP_PKIFAILUREINFO_MAX+1)) - 1) +# if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX +# error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int +# endif + +typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO; + +# define OSSL_CMP_CTX_FAILINFO_badAlg (1 << 0) +# define OSSL_CMP_CTX_FAILINFO_badMessageCheck (1 << 1) +# define OSSL_CMP_CTX_FAILINFO_badRequest (1 << 2) +# define OSSL_CMP_CTX_FAILINFO_badTime (1 << 3) +# define OSSL_CMP_CTX_FAILINFO_badCertId (1 << 4) +# define OSSL_CMP_CTX_FAILINFO_badDataFormat (1 << 5) +# define OSSL_CMP_CTX_FAILINFO_wrongAuthority (1 << 6) +# define OSSL_CMP_CTX_FAILINFO_incorrectData (1 << 7) +# define OSSL_CMP_CTX_FAILINFO_missingTimeStamp (1 << 8) +# define OSSL_CMP_CTX_FAILINFO_badPOP (1 << 9) +# define OSSL_CMP_CTX_FAILINFO_certRevoked (1 << 10) +# define OSSL_CMP_CTX_FAILINFO_certConfirmed (1 << 11) +# define OSSL_CMP_CTX_FAILINFO_wrongIntegrity (1 << 12) +# define OSSL_CMP_CTX_FAILINFO_badRecipientNonce (1 << 13) +# define OSSL_CMP_CTX_FAILINFO_timeNotAvailable (1 << 14) +# define OSSL_CMP_CTX_FAILINFO_unacceptedPolicy (1 << 15) +# define OSSL_CMP_CTX_FAILINFO_unacceptedExtension (1 << 16) +# define OSSL_CMP_CTX_FAILINFO_addInfoNotAvailable (1 << 17) +# define OSSL_CMP_CTX_FAILINFO_badSenderNonce (1 << 18) +# define OSSL_CMP_CTX_FAILINFO_badCertTemplate (1 << 19) +# define OSSL_CMP_CTX_FAILINFO_signerNotTrusted (1 << 20) +# define OSSL_CMP_CTX_FAILINFO_transactionIdInUse (1 << 21) +# define OSSL_CMP_CTX_FAILINFO_unsupportedVersion (1 << 22) +# define OSSL_CMP_CTX_FAILINFO_notAuthorized (1 << 23) +# define OSSL_CMP_CTX_FAILINFO_systemUnavail (1 << 24) +# define OSSL_CMP_CTX_FAILINFO_systemFailure (1 << 25) +# define OSSL_CMP_CTX_FAILINFO_duplicateCertReq (1 << 26) + +/*- + * PKIStatus ::= INTEGER { + * accepted (0), + * -- you got exactly what you asked for + * grantedWithMods (1), + * -- you got something like what you asked for; the + * -- requester is responsible for ascertaining the differences + * rejection (2), + * -- you don't get it, more information elsewhere in the message + * waiting (3), + * -- the request body part has not yet been processed; expect to + * -- hear more later (note: proper handling of this status + * -- response MAY use the polling req/rep PKIMessages specified + * -- in Section 5.3.22; alternatively, polling in the underlying + * -- transport layer MAY have some utility in this regard) + * revocationWarning (4), + * -- this message contains a warning that a revocation is + * -- imminent + * revocationNotification (5), + * -- notification that a revocation has occurred + * keyUpdateWarning (6) + * -- update already done for the oldCertId specified in + * -- CertReqMsg + * } + */ +# define OSSL_CMP_PKISTATUS_accepted 0 +# define OSSL_CMP_PKISTATUS_grantedWithMods 1 +# define OSSL_CMP_PKISTATUS_rejection 2 +# define OSSL_CMP_PKISTATUS_waiting 3 +# define OSSL_CMP_PKISTATUS_revocationWarning 4 +# define OSSL_CMP_PKISTATUS_revocationNotification 5 +# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 + +typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; +DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) + +# define OSSL_CMP_CERTORENCCERT_CERTIFICATE 0 +# define OSSL_CMP_CERTORENCCERT_ENCRYPTEDCERT 1 + +/* data type declarations */ +typedef struct OSSL_cmp_ctx_st OSSL_CMP_CTX; +typedef struct OSSL_cmp_pkiheader_st OSSL_CMP_PKIHEADER; +DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) +typedef struct OSSL_cmp_msg_st OSSL_CMP_MSG; +DECLARE_ASN1_ENCODE_FUNCTIONS(OSSL_CMP_MSG, OSSL_CMP_MSG, OSSL_CMP_MSG) +typedef struct OSSL_cmp_certstatus_st OSSL_CMP_CERTSTATUS; +DEFINE_STACK_OF(OSSL_CMP_CERTSTATUS) +typedef struct OSSL_cmp_itav_st OSSL_CMP_ITAV; +DEFINE_STACK_OF(OSSL_CMP_ITAV) +typedef struct OSSL_cmp_revrepcontent_st OSSL_CMP_REVREPCONTENT; +typedef struct OSSL_cmp_pkisi_st OSSL_CMP_PKISI; +DEFINE_STACK_OF(OSSL_CMP_PKISI) +typedef struct OSSL_cmp_certrepmessage_st OSSL_CMP_CERTREPMESSAGE; +DEFINE_STACK_OF(OSSL_CMP_CERTREPMESSAGE) +typedef struct OSSL_cmp_pollrep_st OSSL_CMP_POLLREP; +typedef STACK_OF(OSSL_CMP_POLLREP) OSSL_CMP_POLLREPCONTENT; +typedef struct OSSL_cmp_certresponse_st OSSL_CMP_CERTRESPONSE; +DEFINE_STACK_OF(OSSL_CMP_CERTRESPONSE) +typedef STACK_OF(ASN1_UTF8STRING) OSSL_CMP_PKIFREETEXT; + +/* from cmp_asn.c */ +OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value); +void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, + ASN1_TYPE *value); +ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav); +ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav); +int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, + OSSL_CMP_ITAV *itav); +void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); +void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); +void OSSL_CMP_PKISI_free(OSSL_CMP_PKISI *si); +DECLARE_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) + +# ifdef __cplusplus +} +# endif +# endif /* !defined OPENSSL_NO_CMP */ +#endif /* !defined OSSL_HEADER_CMP_H */ diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h new file mode 100644 index 0000000000..7c1402cb95 --- /dev/null +++ b/include/openssl/cmperr.h @@ -0,0 +1,32 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_CMPERR_H +# define HEADER_CMPERR_H + +# include + +# ifndef OPENSSL_NO_CMP + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_CMP_strings(void); + +/* + * CMP function codes. + */ + +/* + * CMP reason codes. + */ + +# endif +#endif diff --git a/include/openssl/crmf.h b/include/openssl/crmf.h index 737a49d2a6..bc0c891cd6 100644 --- a/include/openssl/crmf.h +++ b/include/openssl/crmf.h @@ -1,7 +1,7 @@ /*- - * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2018 - * Copyright Siemens AG 2015-2018 + * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Nokia 2007-2019 + * Copyright Siemens AG 2015-2019 * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/err.h b/include/openssl/err.h index 7398029bee..f601eaf2d5 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -99,6 +99,7 @@ typedef struct err_state_st { # define ERR_LIB_PROP 55 # define ERR_LIB_CRMF 56 # define ERR_LIB_PROV 57 +# define ERR_LIB_CMP 58 # define ERR_LIB_USER 128 @@ -133,6 +134,7 @@ typedef struct err_state_st { # define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define CRMFerr(f,r) ERR_PUT_error(ERR_LIB_CRMF,(f),(r),OPENSSL_FILE,OPENSSL_LINE) +# define CMPerr(f,r) ERR_PUT_error(ERR_LIB_CMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE) # define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE) diff --git a/util/libcrypto.num b/util/libcrypto.num index 8af98dff3c..e5799d2f32 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4664,147 +4664,161 @@ d2i_OSSL_CRMF_ENCRYPTEDVALUE 4619 3_0_0 EXIST::FUNCTION:CRMF i2d_OSSL_CRMF_ENCRYPTEDVALUE 4620 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_ENCRYPTEDVALUE_free 4621 3_0_0 EXIST::FUNCTION:CRMF OSSL_CRMF_ENCRYPTEDVALUE_new 4622 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_ENCRYPTEDVALUE_it 4623 3_0_0 NOEXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CRMF_ENCRYPTEDVALUE_it 4624 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_ENCRYPTEDVALUE_it 4624 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF -d2i_OSSL_CRMF_MSG 4625 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_MSG 4626 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_free 4627 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_new 4628 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_it 4629 3_0_0 NOEXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CRMF_MSG_it 4630 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_MSG_it 4630 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF -d2i_OSSL_CRMF_PBMPARAMETER 4631 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_PBMPARAMETER 4632 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PBMPARAMETER_free 4633 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PBMPARAMETER_new 4634 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PBMPARAMETER_it 4635 3_0_0 NOEXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CRMF_PBMPARAMETER_it 4636 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_PBMPARAMETER_it 4636 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF -d2i_OSSL_CRMF_CERTID 4637 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_CERTID 4638 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_free 4639 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_new 4640 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_it 4641 3_0_0 NOEXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CRMF_CERTID_it 4642 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_CERTID_it 4642 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF -d2i_OSSL_CRMF_PKIPUBLICATIONINFO 4643 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_PKIPUBLICATIONINFO 4644 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PKIPUBLICATIONINFO_free 4645 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PKIPUBLICATIONINFO_new 4646 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_PKIPUBLICATIONINFO_it 4647 3_0_0 NOEXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CRMF_PKIPUBLICATIONINFO_it 4648 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_PKIPUBLICATIONINFO_it 4648 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF -d2i_OSSL_CRMF_SINGLEPUBINFO 4649 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_SINGLEPUBINFO 4650 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_SINGLEPUBINFO_free 4651 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_SINGLEPUBINFO_new 4652 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_SINGLEPUBINFO_it 4653 3_0_0 NOEXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CRMF_SINGLEPUBINFO_it 4654 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_SINGLEPUBINFO_it 4654 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF -d2i_OSSL_CRMF_CERTTEMPLATE 4655 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_CERTTEMPLATE 4656 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_free 4657 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_new 4658 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_it 4659 3_0_0 NOEXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CRMF_CERTTEMPLATE_it 4660 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_CERTTEMPLATE_it 4660 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF -d2i_OSSL_CRMF_MSGS 4661 3_0_0 EXIST::FUNCTION:CRMF -i2d_OSSL_CRMF_MSGS 4662 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSGS_free 4663 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSGS_new 4664 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSGS_it 4665 3_0_0 NOEXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP -OSSL_CRMF_MSGS_it 4666 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF -OSSL_CRMF_MSGS_it 4666 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF -OSSL_CRMF_pbmp_new 4667 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_pbm_new 4668 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regCtrl_regToken 4669 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regCtrl_authenticator 4670 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo 4671 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set0_SinglePubInfo 4672 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set_PKIPublicationInfo_action 4673 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo 4674 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey 4675 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regCtrl_oldCertID 4676 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTID_gen 4677 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regInfo_utf8Pairs 4678 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set1_regInfo_certReq 4679 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set_validity 4680 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set_certReqId 4681 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_get_certReqId 4682 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_set0_extensions 4683 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_push0_extension 4684 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_create_popo 4685 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSGS_verify_popo 4686 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_MSG_get0_tmpl 4687 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_get0_serialNumber 4688 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_get0_issuer 4689 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_CERTTEMPLATE_fill 4690 3_0_0 EXIST::FUNCTION:CRMF -OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert 4691 3_0_0 EXIST::FUNCTION:CRMF -ERR_load_CRMF_strings 4692 3_0_0 EXIST::FUNCTION:CRMF -OSSL_PARAM_locate 4693 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_int 4694 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_uint 4695 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_long 4696 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_ulong 4697 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_int32 4698 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_uint32 4699 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_int64 4700 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_uint64 4701 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_size_t 4702 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_BN 4703 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_double 4704 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_utf8_string 4705 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_utf8_ptr 4706 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_octet_string 4707 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_octet_ptr 4708 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_int 4709 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_uint 4710 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_long 4711 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_ulong 4712 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_int32 4713 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_uint32 4714 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_int64 4715 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_uint64 4716 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_size_t 4717 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_int 4718 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_uint 4719 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_long 4720 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_ulong 4721 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_int32 4722 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_uint32 4723 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_int64 4724 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_uint64 4725 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_size_t 4726 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_double 4727 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_double 4728 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_BN 4729 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_BN 4730 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_utf8_string 4731 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_utf8_string 4732 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_octet_string 4733 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_octet_string 4734 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_utf8_ptr 4735 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_utf8_ptr 4736 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_get_octet_ptr 4737 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_set_octet_ptr 4738 3_0_0 EXIST::FUNCTION: -X509_set0_sm2_id 4739 3_0_0 EXIST::FUNCTION:SM2 -X509_get0_sm2_id 4740 3_0_0 EXIST::FUNCTION:SM2 -EVP_PKEY_get0_engine 4741 3_0_0 EXIST::FUNCTION:ENGINE -EVP_MD_upref 4742 3_0_0 EXIST::FUNCTION: -EVP_MD_fetch 4743 3_0_0 EXIST::FUNCTION: -EVP_set_default_properties 4744 3_0_0 EXIST::FUNCTION: -OSSL_PARAM_construct_end 4745 3_0_0 EXIST::FUNCTION: -EC_GROUP_check_named_curve 4746 3_0_0 EXIST::FUNCTION:EC -EVP_CIPHER_upref 4747 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_fetch 4748 3_0_0 EXIST::FUNCTION: -EVP_CIPHER_mode 4749 3_0_0 EXIST::FUNCTION: -OPENSSL_info 4750 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_new 4751 3_0_0 EXIST::FUNCTION: -EVP_KDF_CTX_kdf 4752 3_0_0 EXIST::FUNCTION: -EVP_KDF_nid 4753 3_0_0 EXIST::FUNCTION: -EVP_get_kdfbyname 4754 3_0_0 EXIST::FUNCTION: -i2d_KeyParams 4755 3_0_0 EXIST::FUNCTION: -d2i_KeyParams 4756 3_0_0 EXIST::FUNCTION: -i2d_KeyParams_bio 4757 3_0_0 EXIST::FUNCTION: -d2i_KeyParams_bio 4758 3_0_0 EXIST::FUNCTION: +OSSL_CRMF_ENCRYPTEDVALUE_it 4623 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF +OSSL_CRMF_ENCRYPTEDVALUE_it 4623 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +d2i_OSSL_CRMF_MSG 4624 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_MSG 4625 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_free 4626 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_new 4627 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_it 4628 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF +OSSL_CRMF_MSG_it 4628 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +d2i_OSSL_CRMF_PBMPARAMETER 4629 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_PBMPARAMETER 4630 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PBMPARAMETER_free 4631 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PBMPARAMETER_new 4632 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PBMPARAMETER_it 4633 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF +OSSL_CRMF_PBMPARAMETER_it 4633 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +d2i_OSSL_CRMF_CERTID 4634 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_CERTID 4635 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_free 4636 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_new 4637 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_it 4638 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF +OSSL_CRMF_CERTID_it 4638 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +d2i_OSSL_CRMF_PKIPUBLICATIONINFO 4639 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_PKIPUBLICATIONINFO 4640 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PKIPUBLICATIONINFO_free 4641 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PKIPUBLICATIONINFO_new 4642 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_PKIPUBLICATIONINFO_it 4643 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF +OSSL_CRMF_PKIPUBLICATIONINFO_it 4643 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +d2i_OSSL_CRMF_SINGLEPUBINFO 4644 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_SINGLEPUBINFO 4645 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_SINGLEPUBINFO_free 4646 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_SINGLEPUBINFO_new 4647 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_SINGLEPUBINFO_it 4648 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF +OSSL_CRMF_SINGLEPUBINFO_it 4648 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +d2i_OSSL_CRMF_CERTTEMPLATE 4649 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_CERTTEMPLATE 4650 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_free 4651 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_new 4652 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_it 4653 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF +OSSL_CRMF_CERTTEMPLATE_it 4653 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +d2i_OSSL_CRMF_MSGS 4654 3_0_0 EXIST::FUNCTION:CRMF +i2d_OSSL_CRMF_MSGS 4655 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSGS_free 4656 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSGS_new 4657 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSGS_it 4658 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CRMF +OSSL_CRMF_MSGS_it 4658 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CRMF +OSSL_CRMF_pbmp_new 4659 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_pbm_new 4660 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regCtrl_regToken 4661 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regCtrl_authenticator 4662 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo 4663 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set0_SinglePubInfo 4664 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set_PKIPublicationInfo_action 4665 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo 4666 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey 4667 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regCtrl_oldCertID 4668 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTID_gen 4669 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regInfo_utf8Pairs 4670 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set1_regInfo_certReq 4671 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set_validity 4672 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set_certReqId 4673 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get_certReqId 4674 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_set0_extensions 4675 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_push0_extension 4676 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_create_popo 4677 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSGS_verify_popo 4678 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_MSG_get0_tmpl 4679 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_get0_serialNumber 4680 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_get0_issuer 4681 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_CERTTEMPLATE_fill 4682 3_0_0 EXIST::FUNCTION:CRMF +OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert 4683 3_0_0 EXIST::FUNCTION:CRMF +ERR_load_CRMF_strings 4684 3_0_0 EXIST::FUNCTION:CRMF +OSSL_PARAM_locate 4685 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_int 4686 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_uint 4687 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_long 4688 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_ulong 4689 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_int32 4690 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_uint32 4691 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_int64 4692 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_uint64 4693 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_size_t 4694 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_BN 4695 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_double 4696 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_utf8_string 4697 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_utf8_ptr 4698 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_octet_string 4699 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_octet_ptr 4700 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_int 4701 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_uint 4702 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_long 4703 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_ulong 4704 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_int32 4705 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_uint32 4706 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_int64 4707 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_uint64 4708 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_size_t 4709 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_int 4710 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_uint 4711 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_long 4712 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_ulong 4713 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_int32 4714 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_uint32 4715 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_int64 4716 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_uint64 4717 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_size_t 4718 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_double 4719 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_double 4720 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_BN 4721 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_BN 4722 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_utf8_string 4723 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_utf8_string 4724 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_octet_string 4725 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_octet_string 4726 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_utf8_ptr 4727 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_utf8_ptr 4728 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_get_octet_ptr 4729 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_set_octet_ptr 4730 3_0_0 EXIST::FUNCTION: +X509_set0_sm2_id 4731 3_0_0 EXIST::FUNCTION:SM2 +X509_get0_sm2_id 4732 3_0_0 EXIST::FUNCTION:SM2 +EVP_PKEY_get0_engine 4733 3_0_0 EXIST::FUNCTION:ENGINE +EVP_MD_upref 4734 3_0_0 EXIST::FUNCTION: +EVP_MD_fetch 4735 3_0_0 EXIST::FUNCTION: +EVP_set_default_properties 4736 3_0_0 EXIST::FUNCTION: +OSSL_PARAM_construct_end 4737 3_0_0 EXIST::FUNCTION: +EC_GROUP_check_named_curve 4738 3_0_0 EXIST::FUNCTION:EC +EVP_CIPHER_upref 4739 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_fetch 4740 3_0_0 EXIST::FUNCTION: +EVP_CIPHER_mode 4741 3_0_0 EXIST::FUNCTION: +OPENSSL_info 4742 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_new 4743 3_0_0 EXIST::FUNCTION: +EVP_KDF_CTX_kdf 4744 3_0_0 EXIST::FUNCTION: +EVP_KDF_nid 4745 3_0_0 EXIST::FUNCTION: +EVP_get_kdfbyname 4746 3_0_0 EXIST::FUNCTION: +i2d_KeyParams 4747 3_0_0 EXIST::FUNCTION: +d2i_KeyParams 4748 3_0_0 EXIST::FUNCTION: +i2d_KeyParams_bio 4749 3_0_0 EXIST::FUNCTION: +d2i_KeyParams_bio 4750 3_0_0 EXIST::FUNCTION: +OSSL_CMP_PKISTATUS_it 4751 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP +OSSL_CMP_PKISTATUS_it 4751 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMP +d2i_OSSL_CMP_PKIHEADER 4752 3_0_0 EXIST::FUNCTION:CMP +i2d_OSSL_CMP_PKIHEADER 4753 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKIHEADER_free 4754 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKIHEADER_new 4755 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKIHEADER_it 4756 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP +OSSL_CMP_PKIHEADER_it 4756 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMP +d2i_OSSL_CMP_MSG 4757 3_0_0 EXIST::FUNCTION:CMP +i2d_OSSL_CMP_MSG 4758 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_it 4759 3_0_0 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:CMP +OSSL_CMP_MSG_it 4759 3_0_0 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:CMP +OSSL_CMP_ITAV_create 4760 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_set0 4761 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_get0_type 4762 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_get0_value 4763 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_push0_stack_item 4764 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_ITAV_free 4765 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_free 4766 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_PKISI_free 4767 3_0_0 EXIST::FUNCTION:CMP +OSSL_CMP_MSG_dup 4768 3_0_0 EXIST::FUNCTION:CMP +ERR_load_CMP_strings 4769 3_0_0 EXIST::FUNCTION:CMP -- 2.25.1