1/*
2 * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License"). You may not use
7 * this file except in compliance with the License. You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 */
11
12#include <openssl/asn1t.h>
13
14#include "cmp_local.h"
15
16/* explicit #includes not strictly needed since implied by the above: */
17#include <openssl/cmp.h>
18#include <openssl/crmf.h>
19
20/* ASN.1 declarations from RFC4210 */
21ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
22 /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */
23 ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER),
24 ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID),
25 ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME),
26 ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME),
27 ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS)
28} ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT)
29IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)
30
31
32ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
33 ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR),
34 ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING),
35 ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING)
36} ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE)
37IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)
38
39
40ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) =
41 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
42 OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE)
43ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT)
44
45
46ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) =
47 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
48 OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER)
49ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT)
50
51
52ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
53 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
54 ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509),
55 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
56 ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509),
57 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
58 ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509)
59} ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT)
60IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)
61
62
63ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
64 ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI),
65 ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER),
66 /*
67 * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
68 * so it is used directly
69 *
70 */
71 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails, ASN1_UTF8STRING)
72} ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT)
73IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT)
74
75ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV,
76 infoValue.other, ASN1_ANY);
77/* ITAV means InfoTypeAndValue */
78ASN1_ADB(OSSL_CMP_ITAV) = {
79 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
80 ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV,
81 infoValue.caProtEncCert, X509)),
82 ADB_ENTRY(NID_id_it_signKeyPairTypes,
83 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
84 infoValue.signKeyPairTypes, X509_ALGOR)),
85 ADB_ENTRY(NID_id_it_encKeyPairTypes,
86 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
87 infoValue.encKeyPairTypes, X509_ALGOR)),
88 ADB_ENTRY(NID_id_it_preferredSymmAlg,
89 ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg,
90 X509_ALGOR)),
91 ADB_ENTRY(NID_id_it_caKeyUpdateInfo,
92 ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo,
93 OSSL_CMP_CAKEYUPDANNCONTENT)),
94 ADB_ENTRY(NID_id_it_currentCRL,
95 ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)),
96 ADB_ENTRY(NID_id_it_unsupportedOIDs,
97 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
98 infoValue.unsupportedOIDs, ASN1_OBJECT)),
99 ADB_ENTRY(NID_id_it_keyPairParamReq,
100 ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq,
101 ASN1_OBJECT)),
102 ADB_ENTRY(NID_id_it_keyPairParamRep,
103 ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep,
104 X509_ALGOR)),
105 ADB_ENTRY(NID_id_it_revPassphrase,
106 ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase,
107 OSSL_CRMF_ENCRYPTEDVALUE)),
108 ADB_ENTRY(NID_id_it_implicitConfirm,
109 ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm,
110 ASN1_NULL)),
111 ADB_ENTRY(NID_id_it_confirmWaitTime,
112 ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime,
113 ASN1_GENERALIZEDTIME)),
114 ADB_ENTRY(NID_id_it_origPKIMessage,
115 ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage,
116 OSSL_CMP_MSGS)),
117 ADB_ENTRY(NID_id_it_suppLangTags,
118 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue,
119 ASN1_UTF8STRING)),
120} ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0,
121 &infotypeandvalue_default_tt, NULL);
122
123
124ASN1_SEQUENCE(OSSL_CMP_ITAV) = {
125 ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT),
126 ASN1_ADB_OBJECT(OSSL_CMP_ITAV)
127} ASN1_SEQUENCE_END(OSSL_CMP_ITAV)
128IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV)
129IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
130
131OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value)
132{
133 OSSL_CMP_ITAV *itav;
134
135 if (type == NULL || (itav = OSSL_CMP_ITAV_new()) == NULL)
136 return NULL;
137 OSSL_CMP_ITAV_set0(itav, type, value);
138 return itav;
139}
140
141void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type,
142 ASN1_TYPE *value)
143{
144 itav->infoType = type;
145 itav->infoValue.other = value;
146}
147
148ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav)
149{
150 if (itav == NULL)
151 return NULL;
152 return itav->infoType;
153}
154
155ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav)
156{
157 if (itav == NULL)
158 return NULL;
159 return itav->infoValue.other;
160}
161
162int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
163 OSSL_CMP_ITAV *itav)
164{
165 int created = 0;
166
167 if (itav_sk_p == NULL || itav == NULL) {
168 CMPerr(0, CMP_R_NULL_ARGUMENT);
169 goto err;
170 }
171
172 if (*itav_sk_p == NULL) {
173 if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL)
174 goto err;
175 created = 1;
176 }
177 if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav))
178 goto err;
179 return 1;
180
181 err:
182 if (created != 0) {
183 sk_OSSL_CMP_ITAV_free(*itav_sk_p);
184 *itav_sk_p = NULL;
185 }
186 return 0;
187}
188
189/* get ASN.1 encoded integer, return -1 on error */
190int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a)
191{
192 int64_t res;
193
194 if (!ASN1_INTEGER_get_int64(&res, a)) {
195 CMPerr(0, ASN1_R_INVALID_NUMBER);
196 return -1;
197 }
198 if (res < INT_MIN) {
199 CMPerr(0, ASN1_R_TOO_SMALL);
200 return -1;
201 }
202 if (res > INT_MAX) {
203 CMPerr(0, ASN1_R_TOO_LARGE);
204 return -1;
205 }
206 return (int)res;
207}
208
209ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = {
210 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
211 ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0),
212 ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert,
213 OSSL_CRMF_ENCRYPTEDVALUE, 1),
214} ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT)
215IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)
216
217
218ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
219 ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert,
220 OSSL_CMP_CERTORENCCERT),
221 ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey,
222 OSSL_CRMF_ENCRYPTEDVALUE, 0),
223 ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo,
224 OSSL_CRMF_PKIPUBLICATIONINFO, 1)
225} ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR)
226IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)
227
228
229ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = {
230 ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE),
231 ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS)
232} ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS)
233IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)
234
235
236ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) =
237 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT,
238 OSSL_CMP_REVDETAILS)
239ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT)
240
241
242ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
243 ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI),
244 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID,
245 0),
246 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1)
247} ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT)
248IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)
249
250
251ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
252 ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI),
253 ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0),
254 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1),
255 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist,
256 OSSL_CMP_CERTIFIEDKEYPAIR, 2)
257} ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT)
258IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)
259
260
261ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) =
262 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER)
263ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS)
264
265ASN1_SEQUENCE(OSSL_CMP_PKISI) = {
266 ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS),
267 /*
268 * CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
269 * so it is used directly
270 */
271 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING),
272 /*
273 * OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING so used directly
274 */
275 ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING)
276} ASN1_SEQUENCE_END(OSSL_CMP_PKISI)
277IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
278IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
279
280ASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = {
281 ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING),
282 ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER),
283 ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI)
284} ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS)
285IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS)
286
287ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) =
288 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT,
289 OSSL_CMP_CERTSTATUS)
290ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT)
291
292ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = {
293 ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER),
294 ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI),
295 ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair,
296 OSSL_CMP_CERTIFIEDKEYPAIR),
297 ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING)
298} ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE)
299IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE)
300
301ASN1_SEQUENCE(OSSL_CMP_POLLREQ) = {
302 ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER)
303} ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ)
304IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ)
305
306ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) =
307 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT,
308 OSSL_CMP_POLLREQ)
309ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT)
310
311ASN1_SEQUENCE(OSSL_CMP_POLLREP) = {
312 ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER),
313 ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER),
314 ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING),
315} ASN1_SEQUENCE_END(OSSL_CMP_POLLREP)
316IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP)
317
318ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) =
319 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
320 OSSL_CMP_POLLREPCONTENT,
321 OSSL_CMP_POLLREP)
322ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT)
323
324ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = {
325 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
326 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1),
327 ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE)
328} ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE)
329IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE)
330
331ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) =
332 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT,
333 OSSL_CMP_ITAV)
334ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT)
335
336ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) =
337 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT,
338 OSSL_CMP_ITAV)
339ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT)
340
341ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) =
342 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
343 OSSL_CMP_CRLANNCONTENT, X509_CRL)
344ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT)
345
346ASN1_CHOICE(OSSL_CMP_PKIBODY) = {
347 ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0),
348 ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1),
349 ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2),
350 ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3),
351 ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4),
352 ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc, OSSL_CMP_POPODECKEYCHALLCONTENT, 5),
353 ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr, OSSL_CMP_POPODECKEYRESPCONTENT, 6),
354 ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7),
355 ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8),
356 ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9),
357 ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10),
358 ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11),
359 ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12),
360 ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13),
361 ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14),
362 ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15),
363 ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16),
364 ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17),
365 ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18),
366 ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19),
367 ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20),
368 ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21),
369 ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22),
370 ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23),
371 ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24),
372 ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25),
373 ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26),
374} ASN1_CHOICE_END(OSSL_CMP_PKIBODY)
375IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY)
376
377ASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = {
378 ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER),
379 ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME),
380 ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME),
381 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0),
382 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1),
383 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2),
384 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3),
385 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4),
386 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5),
387 ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6),
388 /*
389 * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING
390 * so it is used directly
391 */
392 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7),
393 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo,
394 OSSL_CMP_ITAV, 8)
395} ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER)
396IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
397
398ASN1_SEQUENCE(CMP_PROTECTEDPART) = {
399 ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
400 ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY)
401} ASN1_SEQUENCE_END(CMP_PROTECTEDPART)
402IMPLEMENT_ASN1_FUNCTIONS(CMP_PROTECTEDPART)
403
404ASN1_SEQUENCE(OSSL_CMP_MSG) = {
405 ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
406 ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY),
407 ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0),
408 /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
409 ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1)
410} ASN1_SEQUENCE_END(OSSL_CMP_MSG)
411IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_MSG)
412IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
413
414ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) =
415 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS,
416 OSSL_CMP_MSG)
417ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS)
418