Rename OPENSSL_CTX prefix to OSSL_LIB_CTX

[openssl.git] / crypto / cmp / cmp_ctx.c

diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index adb3ff564b7b2c01a3305e791d870642847bdc77..97d76f02231ecd55040c3ec0e509858bbfc48547 100644 (file)
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -21,13 +21,6 @@
 #include <openssl/crmf.h>
 #include <openssl/err.h>
 
-DEFINE_STACK_OF(X509)
-DEFINE_STACK_OF(X509_EXTENSION)
-DEFINE_STACK_OF(POLICYINFO)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
 /*
  * Get current certificate store containing trusted root CA certs
  */
@@ -57,36 +50,36 @@ int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store)
 }
 
 /* Get current list of non-trusted intermediate certs */
-STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx)
+STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx)
 {
     if (ctx == NULL) {
         CMPerr(0, CMP_R_NULL_ARGUMENT);
         return NULL;
     }
-    return ctx->untrusted_certs;
+    return ctx->untrusted;
 }
 
 /*
  * Set untrusted certificates for path construction in authentication of
  * the CMP server and potentially others (TLS server, newly enrolled cert).
  */
-int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
+int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
 {
-    STACK_OF(X509) *untrusted_certs;
+    STACK_OF(X509) *untrusted;
     if (ctx == NULL) {
         CMPerr(0, CMP_R_NULL_ARGUMENT);
         return 0;
     }
-    if ((untrusted_certs = sk_X509_new_null()) == NULL)
+    if ((untrusted = sk_X509_new_null()) == NULL)
         return 0;
-    if (X509_add_certs(untrusted_certs, certs,
+    if (X509_add_certs(untrusted, certs,
                        X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP) != 1)
         goto err;
-    sk_X509_pop_free(ctx->untrusted_certs, X509_free);
-    ctx->untrusted_certs = untrusted_certs;
+    sk_X509_pop_free(ctx->untrusted, X509_free);
+    ctx->untrusted = untrusted;
     return 1;
  err:
-    sk_X509_pop_free(untrusted_certs, X509_free);
+    sk_X509_pop_free(untrusted, X509_free);
     return 0;
 }
 
@@ -108,7 +101,7 @@ static int cmp_ctx_set_md(OSSL_CMP_CTX *ctx, EVP_MD **pmd, int nid)
  * Allocates and initializes OSSL_CMP_CTX context structure with default values.
  * Returns new context on success, NULL on error
  */
-OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq)
+OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq)
 {
     OSSL_CMP_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
@@ -126,7 +119,7 @@ OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq)
 
     ctx->msg_timeout = 2 * 60;
 
-    if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL)
+    if ((ctx->untrusted = sk_X509_new_null()) == NULL)
         goto err;
 
     ctx->pbm_slen = 16;
@@ -186,9 +179,10 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
     X509_free(ctx->validatedSrvCert);
     X509_NAME_free(ctx->expected_sender);
     X509_STORE_free(ctx->trusted);
-    sk_X509_pop_free(ctx->untrusted_certs, X509_free);
+    sk_X509_pop_free(ctx->untrusted, X509_free);
 
     X509_free(ctx->cert);
+    sk_X509_pop_free(ctx->chain, X509_free);
     EVP_PKEY_free(ctx->pkey);
     ASN1_OCTET_STRING_free(ctx->referenceValue);
     if (ctx->secretValue != NULL)
@@ -489,11 +483,7 @@ int ossl_cmp_ctx_set1_newChain(OSSL_CMP_CTX *ctx, STACK_OF(X509) *newChain)
     return (ctx->newChain = X509_chain_up_ref(newChain)) != NULL;
 }
 
-/*
- * Returns the stack of certificates received in a response message.
- * The stack is duplicated so the caller must handle freeing it!
- * Returns pointer to created stack on success, NULL on error
- */
+/* Returns the stack of extraCerts received in CertRepMessage, NULL on error */
 STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx)
 {
     if (ctx == NULL) {
@@ -523,7 +513,7 @@ int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx,
 }
 
 /*
- * Duplicate and set the given stack as the new stack of X509
+ * Copies any given stack as the new stack of X509
  * certificates to send out in the extraCerts field.
  */
 int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
@@ -596,7 +586,7 @@ STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx)
 }
 
 /*
- * Duplicate and copy the given stack of certificates to the given
+ * Copies any given stack of certificates to the given
  * OSSL_CMP_CTX structure so that they may be retrieved later.
  */
 int ossl_cmp_ctx_set1_caPubs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *caPubs)
@@ -752,21 +742,21 @@ int OSSL_CMP_CTX_build_cert_chain(OSSL_CMP_CTX *ctx, X509_STORE *own_trusted,
         return 0;
     }
 
-    if (ctx->untrusted_certs != NULL ?
-        !X509_add_certs(ctx->untrusted_certs, candidates,
+    if (ctx->untrusted != NULL ?
+        !X509_add_certs(ctx->untrusted, candidates,
                         X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP) :
-        !OSSL_CMP_CTX_set1_untrusted_certs(ctx, candidates))
+        !OSSL_CMP_CTX_set1_untrusted(ctx, candidates))
         return 0;
 
     ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert");
     chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, own_trusted,
-                                      ctx->untrusted_certs, ctx->cert);
+                                      ctx->untrusted, ctx->cert);
     if (chain == NULL) {
         CMPerr(0, CMP_R_FAILED_BUILDING_OWN_CHAIN);
         return 0;
     }
     ossl_cmp_debug(ctx, "success building chain for own CMP signer cert");
-    sk_X509_pop_free(chain, X509_free); /* TODO(3.0) replace this by 'ctx->chain = chain;' when ctx->chain is available */    
+    ctx->chain = chain;
     return 1;
 }