Chunk 9 of CMP contribution to OpenSSL: CMP client and related tests

Certificate Management Protocol (CMP, RFC 4210) extension to OpenSSL Also includes CRMF (RFC 4211) and HTTP transfer (RFC 6712). Adds the CMP and CRMF API to libcrypto and the "cmp" app to the CLI. Adds extensive documentation and tests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/11300)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-03-10 17:32:57 +0100
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-03-25 14:10:18 +0100
commit: 7e765f46a6b3a5b2fc48e10657bea7016e5c5e4b (patch)
tree: 10aa335bdb8955d13781f0139d49b3a30b7b5578 /include
parent: b4ba2b7ce0933bede5d3b59a5abbde8fa3de2228 (diff)
3 files changed, 48 insertions, 15 deletions
diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h
index fcdd44b40c..21d16cc94d 100644
--- a/include/openssl/cmp.h
+++ b/include/openssl/cmp.h
@@ -248,19 +248,19 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
 /* various CMP options: */
 #  define OSSL_CMP_OPT_LOG_VERBOSITY 0
-#  define OSSL_CMP_OPT_MSGTIMEOUT 1
-#  define OSSL_CMP_OPT_TOTALTIMEOUT 2
-#  define OSSL_CMP_OPT_VALIDITYDAYS 3
+#  define OSSL_CMP_OPT_MSG_TIMEOUT 1
+#  define OSSL_CMP_OPT_TOTAL_TIMEOUT 2
+#  define OSSL_CMP_OPT_VALIDITY_DAYS 3
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT 4
 #  define OSSL_CMP_OPT_SUBJECTALTNAME_CRITICAL 5
 #  define OSSL_CMP_OPT_POLICIES_CRITICAL 6
-#  define OSSL_CMP_OPT_POPOMETHOD 7
+#  define OSSL_CMP_OPT_POPO_METHOD 7
 #  define OSSL_CMP_OPT_DIGEST_ALGNID 8
 #  define OSSL_CMP_OPT_OWF_ALGNID 9
 #  define OSSL_CMP_OPT_MAC_ALGNID 10
 #  define OSSL_CMP_OPT_REVOCATION_REASON 11
-#  define OSSL_CMP_OPT_IMPLICITCONFIRM 12
-#  define OSSL_CMP_OPT_DISABLECONFIRM 13
+#  define OSSL_CMP_OPT_IMPLICIT_CONFIRM 12
+#  define OSSL_CMP_OPT_DISABLE_CONFIRM 13
 #  define OSSL_CMP_OPT_UNPROTECTED_SEND 14
 #  define OSSL_CMP_OPT_UNPROTECTED_ERRORS 15
 #  define OSSL_CMP_OPT_IGNORE_KEYUSAGE 16
@@ -268,7 +268,7 @@ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx);
 int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val);
 int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt);
 /* CMP-specific callback for logging and outputting the error queue: */
-int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_log_cb_t cb);
+int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb);
 #  define OSSL_CMP_CTX_set_log_verbosity(ctx, level) \
     OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_LOG_VERBOSITY, level)
 void OSSL_CMP_CTX_print_errors(OSSL_CMP_CTX *ctx);
@@ -282,9 +282,9 @@ int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port);
 int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb);
 int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx);
-typedef OSSL_CMP_MSG *(*OSSL_cmp_transfer_cb_t) (OSSL_CMP_CTX *ctx,
+typedef OSSL_CMP_MSG *(*OSSL_CMP_transfer_cb_t) (OSSL_CMP_CTX *ctx,
                                                  const OSSL_CMP_MSG *req);
-int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_transfer_cb_t cb);
+int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb);
 int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx);
 /* server authentication: */
@@ -320,9 +320,9 @@ int OSSL_CMP_CTX_set1_p10CSR(OSSL_CMP_CTX *ctx, const X509_REQ *csr);
 /* misc body contents: */
 int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav);
 /* certificate confirmation: */
-typedef int (*OSSL_cmp_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
+typedef int (*OSSL_CMP_certConf_cb_t) (OSSL_CMP_CTX *ctx, X509 *cert,
                                        int fail_info, const char **txt);
-int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_certConf_cb_t cb);
+int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb);
 int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg);
 void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx);
 /* result fetching: */
@@ -410,6 +410,21 @@ int OSSL_CMP_SRV_CTX_set_accept_raverified(OSSL_CMP_SRV_CTX *srv_ctx, int val);
 int OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(OSSL_CMP_SRV_CTX *srv_ctx,
                                                 int val);
 
+/* from cmp_client.c */
+X509 *OSSL_CMP_exec_IR_ses(OSSL_CMP_CTX *ctx);
+X509 *OSSL_CMP_exec_CR_ses(OSSL_CMP_CTX *ctx);
+X509 *OSSL_CMP_exec_P10CR_ses(OSSL_CMP_CTX *ctx);
+X509 *OSSL_CMP_exec_KUR_ses(OSSL_CMP_CTX *ctx);
+# define OSSL_CMP_IR    OSSL_CMP_PKIBODY_IR
+# define OSSL_CMP_CR    OSSL_CMP_PKIBODY_CR
+# define OSSL_CMP_P10CR OSSL_CMP_PKIBODY_P10CR
+# define OSSL_CMP_KUR   OSSL_CMP_PKIBODY_KUR
+int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type, int *checkAfter);
+int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
+                         const char **text);
+X509 *OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx);
+STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
+
 #  ifdef  __cplusplus
 }
 #  endif
diff --git a/include/openssl/cmp_util.h b/include/openssl/cmp_util.h
index 6b6025b6ce..831b65ec1c 100644
--- a/include/openssl/cmp_util.h
+++ b/include/openssl/cmp_util.h
@@ -39,13 +39,13 @@ typedef int OSSL_CMP_severity;
 #  define OSSL_CMP_LOG_NOTICE  5
 #  define OSSL_CMP_LOG_INFO    6
 #  define OSSL_CMP_LOG_DEBUG   7
-typedef int (*OSSL_cmp_log_cb_t)(const char *func, const char *file, int line,
+typedef int (*OSSL_CMP_log_cb_t)(const char *func, const char *file, int line,
                                  OSSL_CMP_severity level, const char *msg);
 
 int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file,
                           int line, OSSL_CMP_severity level, const char *msg);
 /* use of the logging callback for outputting error queue */
-void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn);
+void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn);
 
 #  ifdef  __cplusplus
 }
diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h
index f868cc104f..c11f372ab5 100644
--- a/include/openssl/cmperr.h
+++ b/include/openssl/cmperr.h
@@ -34,19 +34,27 @@ int ERR_load_CMP_strings(void);
  * CMP reason codes.
  */
 #  define CMP_R_ALGORITHM_NOT_SUPPORTED                    139
+#  define CMP_R_BAD_CHECKAFTER_IN_POLLREP                  167
 #  define CMP_R_BAD_REQUEST_ID                             108
 #  define CMP_R_CERTHASH_UNMATCHED                         156
 #  define CMP_R_CERTID_NOT_FOUND                           109
+#  define CMP_R_CERTIFICATE_NOT_ACCEPTED                   169
 #  define CMP_R_CERTIFICATE_NOT_FOUND                      112
 #  define CMP_R_CERTREQMSG_NOT_FOUND                       157
 #  define CMP_R_CERTRESPONSE_NOT_FOUND                     113
 #  define CMP_R_CERT_AND_KEY_DO_NOT_MATCH                  114
+#  define CMP_R_CHECKAFTER_OUT_OF_RANGE                    181
+#  define CMP_R_ENCOUNTERED_KEYUPDATEWARNING               176
+#  define CMP_R_ENCOUNTERED_WAITING                        162
 #  define CMP_R_ERROR_CALCULATING_PROTECTION               115
 #  define CMP_R_ERROR_CREATING_CERTCONF                    116
 #  define CMP_R_ERROR_CREATING_CERTREP                     117
+#  define CMP_R_ERROR_CREATING_CR                          163
 #  define CMP_R_ERROR_CREATING_ERROR                       118
 #  define CMP_R_ERROR_CREATING_GENM                        119
 #  define CMP_R_ERROR_CREATING_GENP                        120
+#  define CMP_R_ERROR_CREATING_IR                          164
+#  define CMP_R_ERROR_CREATING_KUR                         165
 #  define CMP_R_ERROR_CREATING_P10CR                       121
 #  define CMP_R_ERROR_CREATING_PKICONF                     122
 #  define CMP_R_ERROR_CREATING_POLLREP                     123
@@ -54,10 +62,9 @@ int ERR_load_CMP_strings(void);
 #  define CMP_R_ERROR_CREATING_RP                          125
 #  define CMP_R_ERROR_CREATING_RR                          126
 #  define CMP_R_ERROR_PARSING_PKISTATUS                    107
-#  define CMP_R_ERROR_PROCESSING_MSG                       158
+#  define CMP_R_ERROR_PROCESSING_MESSAGE                   158
 #  define CMP_R_ERROR_PROTECTING_MESSAGE                   127
 #  define CMP_R_ERROR_SETTING_CERTHASH                     128
-#  define CMP_R_ERROR_TRANSFERRING_OUT                     159
 #  define CMP_R_ERROR_UNEXPECTED_CERTCONF                  160
 #  define CMP_R_ERROR_VALIDATING_PROTECTION                140
 #  define CMP_R_FAILED_EXTRACTING_PUBKEY                   141
@@ -71,27 +78,38 @@ int ERR_load_CMP_strings(void);
 #  define CMP_R_MISSING_SENDER_IDENTIFICATION              111
 #  define CMP_R_MISSING_TRUST_STORE                        144
 #  define CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED            161
+#  define CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED           170
 #  define CMP_R_MULTIPLE_SAN_SOURCES                       102
 #  define CMP_R_NO_STDIO                                   194
 #  define CMP_R_NO_SUITABLE_SENDER_CERT                    145
 #  define CMP_R_NULL_ARGUMENT                              103
 #  define CMP_R_PKIBODY_ERROR                              146
 #  define CMP_R_PKISTATUSINFO_NOT_FOUND                    132
+#  define CMP_R_POLLING_FAILED                             172
 #  define CMP_R_POTENTIALLY_INVALID_CERTIFICATE            147
+#  define CMP_R_RECEIVED_ERROR                             180
 #  define CMP_R_RECIPNONCE_UNMATCHED                       148
 #  define CMP_R_REQUEST_NOT_ACCEPTED                       149
+#  define CMP_R_REQUEST_REJECTED_BY_SERVER                 182
 #  define CMP_R_SENDER_GENERALNAME_TYPE_NOT_SUPPORTED      150
 #  define CMP_R_SRVCERT_DOES_NOT_VALIDATE_MSG              151
+#  define CMP_R_TOTAL_TIMEOUT                              184
 #  define CMP_R_TRANSACTIONID_UNMATCHED                    152
+#  define CMP_R_TRANSFER_ERROR                             159
 #  define CMP_R_UNEXPECTED_PKIBODY                         133
+#  define CMP_R_UNEXPECTED_PKISTATUS                       185
 #  define CMP_R_UNEXPECTED_PVNO                            153
 #  define CMP_R_UNKNOWN_ALGORITHM_ID                       134
 #  define CMP_R_UNKNOWN_CERT_TYPE                          135
+#  define CMP_R_UNKNOWN_PKISTATUS                          186
 #  define CMP_R_UNSUPPORTED_ALGORITHM                      136
 #  define CMP_R_UNSUPPORTED_KEY_TYPE                       137
 #  define CMP_R_UNSUPPORTED_PROTECTION_ALG_DHBASEDMAC      154
 #  define CMP_R_WRONG_ALGORITHM_OID                        138
+#  define CMP_R_WRONG_CERTID_IN_RP                         187
 #  define CMP_R_WRONG_PBM_VALUE                            155
+#  define CMP_R_WRONG_RP_COMPONENT_COUNT                   188
+#  define CMP_R_WRONG_SERIAL_IN_RP                         173
 
 # endif
 #endif
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-03-10 17:32:57 +0100
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-03-25 14:10:18 +0100
commit	7e765f46a6b3a5b2fc48e10657bea7016e5c5e4b (patch)
tree	10aa335bdb8955d13781f0139d49b3a30b7b5578 /include
parent	b4ba2b7ce0933bede5d3b59a5abbde8fa3de2228 (diff)