CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21129)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2022-09-17 10:56:21 +0200
committer: Pauli <pauli@openssl.org> 2023-07-17 08:48:36 +1000
commit: 01b048513153bdbee3efc82389d38d353352a7f1 (patch)
tree: f22d8f0a44aeb740bc8a7ab837605f82dc10d8f3 /include
parent: 1a9e28607e29a1dc996024f03f445ca67b49a44f (diff)
2 files changed, 14 insertions, 0 deletions
diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in
index 0e49ee9d51..d7f2354b3a 100644
--- a/include/openssl/cmp.h.in
+++ b/include/openssl/cmp.h.in
@@ -264,6 +264,16 @@ void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav);
 OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) *caCerts);
 int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV *itav, STACK_OF(X509) **out);
 
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaCert(const X509 *rootCaCert);
+int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV *itav, X509 **out);
+OSSL_CMP_ITAV *OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 *newWithNew,
+                                                 const X509 *newWithOld,
+                                                 const X509 *oldWithNew);
+int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
+                                       X509 **newWithNew,
+                                       X509 **newWithOld,
+                                       X509 **oldWithNew);
+
 void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /* from cmp_ctx.c */
@@ -488,6 +498,9 @@ STACK_OF(OSSL_CMP_ITAV) *OSSL_CMP_exec_GENM_ses(OSSL_CMP_CTX *ctx);
 
 /* from cmp_genm.c */
 int OSSL_CMP_get1_caCerts(OSSL_CMP_CTX *ctx, STACK_OF(X509) **out);
+int OSSL_CMP_get1_rootCaKeyUpdate(OSSL_CMP_CTX *ctx,
+                                  const X509 *oldWithOld, X509 **newWithNew,
+                                  X509 **newWithOld, X509 **oldWithNew);
 
 #  ifdef  __cplusplus
 }
diff --git a/include/openssl/cmperr.h b/include/openssl/cmperr.h
index f4435d825d..57a6effbe3 100644
--- a/include/openssl/cmperr.h
+++ b/include/openssl/cmperr.h
@@ -63,6 +63,7 @@
 #  define CMP_R_INVALID_ARGS                               100
 #  define CMP_R_INVALID_GENP                               193
 #  define CMP_R_INVALID_OPTION                             174
+#  define CMP_R_INVALID_ROOTCAKEYUPDATE                    195
 #  define CMP_R_MISSING_CERTID                             165
 #  define CMP_R_MISSING_KEY_INPUT_FOR_CREATING_PROTECTION  130
 #  define CMP_R_MISSING_KEY_USAGE_DIGITALSIGNATURE         142
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2022-09-17 10:56:21 +0200
committer	Pauli <pauli@openssl.org>	2023-07-17 08:48:36 +1000
commit	01b048513153bdbee3efc82389d38d353352a7f1 (patch)
tree	f22d8f0a44aeb740bc8a7ab837605f82dc10d8f3 /include
parent	1a9e28607e29a1dc996024f03f445ca67b49a44f (diff)