/*
- * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
#include <openssl/bio.h>
#include <openssl/ocsp.h> /* for OCSP_REVOKED_STATUS_* */
-#include "cmp_int.h"
+#include "cmp_local.h"
/* explicit #includes not strictly needed since implied by the above: */
#include <openssl/cmp.h>
#include <openssl/crmf.h>
#include <openssl/err.h>
+DEFINE_STACK_OF(X509)
+DEFINE_STACK_OF(X509_EXTENSION)
+DEFINE_STACK_OF(POLICYINFO)
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+DEFINE_STACK_OF(GENERAL_NAME)
+DEFINE_STACK_OF(OSSL_CMP_ITAV)
+
/*
* Get current certificate store containing trusted root CA certs
*/
* Set certificate store containing trusted (root) CA certs and possibly CRLs
* and a cert verification callback function used for CMP server authentication.
* Any already existing store entry is freed. Given NULL, the entry is reset.
- * returns 1 on success, 0 on error
*/
int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store)
{
return 1;
}
-/*
- * Get current list of non-trusted intermediate certs
- */
+/* Get current list of non-trusted intermediate certs */
STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
/*
* Set untrusted certificates for path construction in authentication of
* the CMP server and potentially others (TLS server, newly enrolled cert).
- * returns 1 on success, 0 on error
*/
int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
{
+ STACK_OF(X509) *untrusted_certs;
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return 0;
}
- sk_X509_pop_free(ctx->untrusted_certs, X509_free);
- if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL)
+ if ((untrusted_certs = sk_X509_new_null()) == NULL)
return 0;
- return ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, certs, 0, 1, 0);
+ if (ossl_cmp_sk_X509_add1_certs(untrusted_certs, certs, 0, 1, 0) != 1)
+ goto err;
+ sk_X509_pop_free(ctx->untrusted_certs, X509_free);
+ ctx->untrusted_certs = untrusted_certs;
+ return 1;
+ err:
+ sk_X509_pop_free(untrusted_certs, X509_free);
+ return 0;
}
/*
ctx->status = -1;
ctx->failInfoCode = -1;
- ctx->serverPort = OSSL_CMP_DEFAULT_PORT;
- ctx->proxyPort = OSSL_CMP_DEFAULT_PORT;
- ctx->msgtimeout = 2 * 60;
+ ctx->msg_timeout = 2 * 60;
if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL)
goto err;
return NULL;
}
-/*
- * Prepare the OSSL_CMP_CTX for next use, partly re-initializing OSSL_CMP_CTX
- */
+/* Prepare the OSSL_CMP_CTX for next use, partly re-initializing OSSL_CMP_CTX */
int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
&& ossl_cmp_ctx_set1_recipNonce(ctx, NULL);
}
-/*
- * Frees OSSL_CMP_CTX variables allocated in OSSL_CMP_CTX_new()
- */
+/* Frees OSSL_CMP_CTX variables allocated in OSSL_CMP_CTX_new() */
void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
{
if (ctx == NULL)
return;
OPENSSL_free(ctx->serverPath);
- OPENSSL_free(ctx->serverName);
- OPENSSL_free(ctx->proxyName);
+ OPENSSL_free(ctx->server);
+ OPENSSL_free(ctx->proxy);
+ OPENSSL_free(ctx->no_proxy);
X509_free(ctx->srvCert);
X509_free(ctx->validatedSrvCert);
X509_STORE_free(ctx->trusted);
sk_X509_pop_free(ctx->untrusted_certs, X509_free);
- X509_free(ctx->clCert);
+ X509_free(ctx->cert);
EVP_PKEY_free(ctx->pkey);
ASN1_OCTET_STRING_free(ctx->referenceValue);
if (ctx->secretValue != NULL)
int ossl_cmp_ctx_set_status(OSSL_CMP_CTX *ctx, int status)
{
if (!ossl_assert(ctx != NULL))
- return 0;
+ return 0;
ctx->status = status;
return 1;
}
return 1;
}
-/*
- * Set callback function for checking if the cert is ok or should
- * it be rejected.
- * Returns 1 on success, 0 on error
- */
-int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_certConf_cb_t cb)
+/* Set callback function for checking if the cert is ok or should be rejected */
+int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb)
{
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
/*
* Set argument, respectively a pointer to a structure containing arguments,
* optionally to be used by the certConf callback.
- * Returns 1 on success, 0 on error
*/
int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg)
{
int category, int cmd, void *vdata)
{
OSSL_CMP_CTX *ctx = vdata;
- const char *prefix_msg;
+ const char *msg;
OSSL_CMP_severity level = -1;
char *func = NULL;
char *file = NULL;
if (ctx->log_cb == NULL)
return 1; /* silently drop message */
- prefix_msg = ossl_cmp_log_parse_metadata(buf, &level, &func, &file, &line);
+ msg = ossl_cmp_log_parse_metadata(buf, &level, &func, &file, &line);
if (level > ctx->log_verbosity) /* excludes the case level is unknown */
goto end; /* suppress output since severity is not sufficient */
if (!ctx->log_cb(func != NULL ? func : "(no func)",
file != NULL ? file : "(no file)",
- line, level, prefix_msg))
+ line, level, msg))
cnt = 0;
end:
}
#endif
-/*
- * Set a callback function for error reporting and logging messages.
- * Returns 1 on success, 0 on error
- */
-int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_log_cb_t cb)
+/* Print CMP log messages (i.e., diagnostic info) via the log cb of the ctx */
+int ossl_cmp_print_log(OSSL_CMP_severity level, const OSSL_CMP_CTX *ctx,
+ const char *func, const char *file, int line,
+ const char *level_str, const char *format, ...)
+{
+ va_list args;
+ char hugebuf[1024 * 2];
+ int res = 0;
+
+ if (ctx == NULL || ctx->log_cb == NULL)
+ return 1; /* silently drop message */
+
+ if (level > ctx->log_verbosity) /* excludes the case level is unknown */
+ return 1; /* suppress output since severity is not sufficient */
+
+ if (format == NULL)
+ return 0;
+
+ va_start(args, format);
+
+ if (func == NULL)
+ func = "(unset function name)";
+ if (file == NULL)
+ file = "(unset file name)";
+ if (level_str == NULL)
+ level_str = "(unset level string)";
+
+#ifndef OPENSSL_NO_TRACE
+ if (OSSL_TRACE_ENABLED(CMP)) {
+ OSSL_TRACE_BEGIN(CMP) {
+ int printed =
+ BIO_snprintf(hugebuf, sizeof(hugebuf),
+ "%s:%s:%d:" OSSL_CMP_LOG_PREFIX "%s: ",
+ func, file, line, level_str);
+ if (printed > 0 && (size_t)printed < sizeof(hugebuf)) {
+ if (BIO_vsnprintf(hugebuf + printed,
+ sizeof(hugebuf) - printed, format, args) > 0)
+ res = BIO_puts(trc_out, hugebuf) > 0;
+ }
+ } OSSL_TRACE_END(CMP);
+ }
+#else /* compensate for disabled trace API */
+ {
+ if (BIO_vsnprintf(hugebuf, sizeof(hugebuf), format, args) > 0)
+ res = ctx->log_cb(func, file, line, level, hugebuf);
+ }
+#endif
+ va_end(args);
+ return res;
+}
+
+/* Set a callback function for error reporting and logging messages */
+int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb)
{
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
/*
* Set or clear the reference value to be used for identification
* (i.e., the user name) when using PBMAC.
- * Returns 1 on success, 0 on error
*/
int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
const unsigned char *ref, int len)
len);
}
-/*
- * Set or clear the password to be used for protecting messages with PBMAC.
- * Returns 1 on success, 0 on error
- */
+/* Set or clear the password to be used for protecting messages with PBMAC */
int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
const int len)
{
+ ASN1_OCTET_STRING *secretValue = NULL;
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return 0;
}
- if (ctx->secretValue != NULL)
+ if (ossl_cmp_asn1_octet_string_set1_bytes(&secretValue, sec, len) != 1)
+ return 0;
+ if (ctx->secretValue != NULL) {
OPENSSL_cleanse(ctx->secretValue->data, ctx->secretValue->length);
- return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->secretValue, sec, len);
+ ASN1_OCTET_STRING_free(ctx->secretValue);
+ }
+ ctx->secretValue = secretValue;
+ return 1;
}
/*
/*
* Copies any given stack of inbound X509 certificates to extraCertsIn
* of the OSSL_CMP_CTX structure so that they may be retrieved later.
- * Returns 1 on success, 0 on error.
*/
int ossl_cmp_ctx_set1_extraCertsIn(OSSL_CMP_CTX *ctx,
STACK_OF(X509) *extraCertsIn)
/*
* Duplicate and set the given stack as the new stack of X509
* certificates to send out in the extraCerts field.
- * Returns 1 on success, 0 on error
*/
int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx,
STACK_OF(X509) *extraCertsOut)
/*
* Add the given policy info object
* to the X509_EXTENSIONS of the requested certificate template.
- * Returns 1 on success, 0 on error.
*/
int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo)
{
return sk_POLICYINFO_push(ctx->policies, pinfo);
}
-/*
- * Add an ITAV for geninfo of the PKI message header
- */
+/* Add an ITAV for geninfo of the PKI message header */
int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav)
{
if (ctx == NULL) {
return OSSL_CMP_ITAV_push0_stack_item(&ctx->geninfo_ITAVs, itav);
}
-/*
- * Add an itav for the body of outgoing general messages
- */
+/* Add an itav for the body of outgoing general messages */
int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav)
{
if (ctx == NULL) {
/*
* Duplicate and copy the given stack of certificates to the given
* OSSL_CMP_CTX structure so that they may be retrieved later.
- * Returns 1 on success, 0 on error
*/
int ossl_cmp_ctx_set1_caPubs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *caPubs)
{
* Pins the server certificate to be directly trusted (even if it is expired)
* for verifying response messages.
* Cert pointer is not consumed. It may be NULL to clear the entry.
- * Returns 1 on success, 0 on error
*/
DEFINE_OSSL_CMP_CTX_set1_up_ref(srvCert, X509)
-/*
- * Set the X509 name of the recipient. Set in the PKIHeader.
- * returns 1 on success, 0 on error
- */
+/* Set the X509 name of the recipient. Set in the PKIHeader */
DEFINE_OSSL_CMP_CTX_set1(recipient, X509_NAME)
-/*
- * Store the X509 name of the expected sender in the PKIHeader of responses.
- * Returns 1 on success, 0 on error
- */
+/* Store the X509 name of the expected sender in the PKIHeader of responses */
DEFINE_OSSL_CMP_CTX_set1(expected_sender, X509_NAME)
-/*
- * Set the X509 name of the issuer. Set in the PKIHeader.
- * Returns 1 on success, 0 on error
- */
+/* Set the X509 name of the issuer. Set in the PKIHeader */
DEFINE_OSSL_CMP_CTX_set1(issuer, X509_NAME)
/*
* Set the subject name that will be placed in the certificate
* request. This will be the subject name on the received certificate.
- * Returns 1 on success, 0 on error
*/
DEFINE_OSSL_CMP_CTX_set1(subjectName, X509_NAME)
-/*
- * Set the X.509v3 certificate request extensions to be used in IR/CR/KUR.
- * Returns 1 on success, 0 on error
- */
+/* Set the X.509v3 certificate request extensions to be used in IR/CR/KUR */
int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts)
{
if (ctx == NULL) {
/*
* Add a GENERAL_NAME structure that will be added to the CRMF
* request's extensions field to request subject alternative names.
- * Returns 1 on success, 0 on error
*/
int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
const GENERAL_NAME *name)
/*
* Set our own client certificate, used for example in KUR and when
* doing the IR with existing certificate.
- * Returns 1 on success, 0 on error
*/
-DEFINE_OSSL_CMP_CTX_set1_up_ref(clCert, X509)
+DEFINE_OSSL_CMP_CTX_set1_up_ref(cert, X509)
/*
* Set the old certificate that we are updating in KUR
* or the certificate to be revoked in RR, respectively.
- * Also used as reference cert (defaulting to clCert) for deriving subject DN
+ * Also used as reference cert (defaulting to cert) for deriving subject DN
* and SANs. Its issuer is used as default recipient in the CMP message header.
- * Returns 1 on success, 0 on error
*/
DEFINE_OSSL_CMP_CTX_set1_up_ref(oldCert, X509)
-/*
- * Set the PKCS#10 CSR to be sent in P10CR.
- * Returns 1 on success, 0 on error
- */
+/* Set the PKCS#10 CSR to be sent in P10CR */
DEFINE_OSSL_CMP_CTX_set1(p10CSR, X509_REQ)
/*
- * Sets the (newly received in IP/KUP/CP) certificate in the context.
- * Returns 1 on success, 0 on error
+ * Set the (newly received in IP/KUP/CP) certificate in the context.
* TODO: this only permits for one cert to be enrolled at a time.
*/
int ossl_cmp_ctx_set0_newCert(OSSL_CMP_CTX *ctx, X509 *cert)
return ctx->newCert;
}
-/*
- * Set the client's current private key.
- * Returns 1 on success, 0 on error
- */
+/* Set the client's current private key */
DEFINE_OSSL_CMP_CTX_set1_up_ref(pkey, EVP_PKEY)
-/*
- * Set new key pair. Used e.g. when doing Key Update.
- * Returns 1 on success, 0 on error
- */
+/* Set new key pair. Used e.g. when doing Key Update */
int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey)
{
if (ctx == NULL) {
return 1;
}
-/*
- * gets the private/public key to use for certificate enrollment, NULL on error
- */
+/* Get the private/public key to use for cert enrollment, or NULL on error */
EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv)
{
if (ctx == NULL) {
return ctx->pkey; /* may be NULL */
}
-/*
- * Sets the given transactionID to the context.
- * Returns 1 on success, 0 on error
- */
+/* Set the given transactionID to the context */
int OSSL_CMP_CTX_set1_transactionID(OSSL_CMP_CTX *ctx,
const ASN1_OCTET_STRING *id)
{
return ossl_cmp_asn1_octet_string_set1(&ctx->transactionID, id);
}
-/*
- * sets the given nonce to be used for the recipNonce in the next message to be
- * created.
- * returns 1 on success, 0 on error
- */
+/* Set the nonce to be used for the recipNonce in the message created next */
int ossl_cmp_ctx_set1_recipNonce(OSSL_CMP_CTX *ctx,
- const ASN1_OCTET_STRING *nonce)
+ const ASN1_OCTET_STRING *nonce)
{
if (!ossl_assert(ctx != NULL))
return 0;
return ossl_cmp_asn1_octet_string_set1(&ctx->recipNonce, nonce);
}
-/*
- * Stores the given nonce as the last senderNonce sent out.
- * Returns 1 on success, 0 on error
- */
+/* Stores the given nonce as the last senderNonce sent out */
int OSSL_CMP_CTX_set1_senderNonce(OSSL_CMP_CTX *ctx,
const ASN1_OCTET_STRING *nonce)
{
return ossl_cmp_asn1_octet_string_set1(&ctx->senderNonce, nonce);
}
-/*
- * Set the host name of the (HTTP) proxy server to use for all connections
- * returns 1 on success, 0 on error
- */
-DEFINE_OSSL_CMP_CTX_set1(proxyName, char)
+/* Set the proxy server to use for HTTP(S) connections */
+DEFINE_OSSL_CMP_CTX_set1(proxy, char)
-/*
- * Set the (HTTP) host name of the CA server.
- * Returns 1 on success, 0 on error
- */
-DEFINE_OSSL_CMP_CTX_set1(serverName, char)
+/* Set the (HTTP) host name of the CMP server */
+DEFINE_OSSL_CMP_CTX_set1(server, char)
-/*
- * Sets the (HTTP) proxy port to be used.
- * Returns 1 on success, 0 on error
- */
-int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port)
-{
- if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
- return 0;
- }
- ctx->proxyPort = port;
- return 1;
-}
+/* Set the server exclusion list of the HTTP proxy server */
+DEFINE_OSSL_CMP_CTX_set1(no_proxy, char)
-/*
- * sets the http connect/disconnect callback function to be used for HTTP(S)
- * returns 1 on success, 0 on error
- */
-int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_http_cb_t cb)
+/* Set the http connect/disconnect callback function to be used for HTTP(S) */
+int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb)
{
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return 1;
}
-/*
- * Set argument optionally to be used by the http connect/disconnect callback.
- * Returns 1 on success, 0 on error
- */
+/* Set argument optionally to be used by the http connect/disconnect callback */
int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg)
{
if (ctx == NULL) {
return ctx->http_cb_arg;
}
-/*
- * Set callback function for sending CMP request and receiving response.
- * Returns 1 on success, 0 on error
- */
-int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_transfer_cb_t cb)
+/* Set callback function for sending CMP request and receiving response */
+int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb)
{
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return 1;
}
-/*
- * Set argument optionally to be used by the transfer callback.
- * Returns 1 on success, 0 on error
- */
+/* Set argument optionally to be used by the transfer callback */
int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg)
{
if (ctx == NULL) {
return ctx->transfer_cb_arg;
}
-/*
- * Sets the (HTTP) server port to be used.
- * Returns 1 on success, 0 on error
- */
+/** Set the HTTP server port to be used */
int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port)
{
if (ctx == NULL) {
return 1;
}
-/*
- * Sets the HTTP path to be used on the server (e.g "pkix/").
- * Returns 1 on success, 0 on error
- */
+/* Set the HTTP path to be used on the server (e.g "pkix/") */
DEFINE_OSSL_CMP_CTX_set1(serverPath, char)
-/*
- * Set the failInfo error code as bit encoding in OSSL_CMP_CTX.
- * Returns 1 on success, 0 on error
- */
+/* Set the failInfo error code as bit encoding in OSSL_CMP_CTX */
int ossl_cmp_ctx_set_failInfoCode(OSSL_CMP_CTX *ctx, int fail_info)
{
if (!ossl_assert(ctx != NULL))
return ctx->failInfoCode;
}
-/*
- * Sets a Boolean or integer option of the context to the "val" arg.
- * Returns 1 on success, 0 on error
- */
-int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) {
+/* Set a Boolean or integer option of the context to the "val" arg */
+int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val)
+{
int min_val;
if (ctx == NULL) {
case OSSL_CMP_OPT_REVOCATION_REASON:
min_val = OCSP_REVOKED_STATUS_NOSTATUS;
break;
- case OSSL_CMP_OPT_POPOMETHOD:
+ case OSSL_CMP_OPT_POPO_METHOD:
min_val = OSSL_CRMF_POPO_NONE;
break;
default:
}
ctx->log_verbosity = val;
break;
- case OSSL_CMP_OPT_IMPLICITCONFIRM:
+ case OSSL_CMP_OPT_IMPLICIT_CONFIRM:
ctx->implicitConfirm = val;
break;
- case OSSL_CMP_OPT_DISABLECONFIRM:
+ case OSSL_CMP_OPT_DISABLE_CONFIRM:
ctx->disableConfirm = val;
break;
case OSSL_CMP_OPT_UNPROTECTED_SEND:
case OSSL_CMP_OPT_UNPROTECTED_ERRORS:
ctx->unprotectedErrors = val;
break;
- case OSSL_CMP_OPT_VALIDITYDAYS:
+ case OSSL_CMP_OPT_VALIDITY_DAYS:
ctx->days = val;
break;
case OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT:
case OSSL_CMP_OPT_IGNORE_KEYUSAGE:
ctx->ignore_keyusage = val;
break;
- case OSSL_CMP_OPT_POPOMETHOD:
+ case OSSL_CMP_OPT_POPO_METHOD:
if (val > OSSL_CRMF_POPO_KEYAGREE) {
CMPerr(0, CMP_R_INVALID_ARGS);
return 0;
case OSSL_CMP_OPT_MAC_ALGNID:
ctx->pbm_mac = val;
break;
- case OSSL_CMP_OPT_MSGTIMEOUT:
- ctx->msgtimeout = val;
+ case OSSL_CMP_OPT_MSG_TIMEOUT:
+ ctx->msg_timeout = val;
break;
- case OSSL_CMP_OPT_TOTALTIMEOUT:
- ctx->totaltimeout = val;
+ case OSSL_CMP_OPT_TOTAL_TIMEOUT:
+ ctx->total_timeout = val;
break;
case OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR:
ctx->permitTAInExtraCertsForIR = val;
* Reads a Boolean or integer option value from the context.
* Returns -1 on error (which is the default OSSL_CMP_OPT_REVOCATION_REASON)
*/
-int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt) {
+int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt)
+{
if (ctx == NULL) {
CMPerr(0, CMP_R_NULL_ARGUMENT);
return -1;
switch (opt) {
case OSSL_CMP_OPT_LOG_VERBOSITY:
return ctx->log_verbosity;
- case OSSL_CMP_OPT_IMPLICITCONFIRM:
+ case OSSL_CMP_OPT_IMPLICIT_CONFIRM:
return ctx->implicitConfirm;
- case OSSL_CMP_OPT_DISABLECONFIRM:
+ case OSSL_CMP_OPT_DISABLE_CONFIRM:
return ctx->disableConfirm;
case OSSL_CMP_OPT_UNPROTECTED_SEND:
return ctx->unprotectedSend;
case OSSL_CMP_OPT_UNPROTECTED_ERRORS:
return ctx->unprotectedErrors;
- case OSSL_CMP_OPT_VALIDITYDAYS:
+ case OSSL_CMP_OPT_VALIDITY_DAYS:
return ctx->days;
case OSSL_CMP_OPT_SUBJECTALTNAME_NODEFAULT:
return ctx->SubjectAltName_nodefault;
return ctx->setPoliciesCritical;
case OSSL_CMP_OPT_IGNORE_KEYUSAGE:
return ctx->ignore_keyusage;
- case OSSL_CMP_OPT_POPOMETHOD:
+ case OSSL_CMP_OPT_POPO_METHOD:
return ctx->popoMethod;
case OSSL_CMP_OPT_DIGEST_ALGNID:
return ctx->digest;
return ctx->pbm_owf;
case OSSL_CMP_OPT_MAC_ALGNID:
return ctx->pbm_mac;
- case OSSL_CMP_OPT_MSGTIMEOUT:
- return ctx->msgtimeout;
- case OSSL_CMP_OPT_TOTALTIMEOUT:
- return ctx->totaltimeout;
+ case OSSL_CMP_OPT_MSG_TIMEOUT:
+ return ctx->msg_timeout;
+ case OSSL_CMP_OPT_TOTAL_TIMEOUT:
+ return ctx->total_timeout;
case OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR:
return ctx->permitTAInExtraCertsForIR;
case OSSL_CMP_OPT_REVOCATION_REASON: