Generalize the HTTP client so far implemented mostly in crypto/ocsp/ocsp_ht.c

[thirdparty/openssl.git] / crypto / cmp / cmp_ctx.c

diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index 4a70b33ee71b0e1a5e1c761e4726b961a36f2395..fc89ea6bc88eb0fa965a36045c80f5c6e1f8f94c 100644 (file)
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -68,14 +68,21 @@ STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted_certs(const OSSL_CMP_CTX *ctx)
  */
 int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
 {
+    STACK_OF(X509) *untrusted_certs;
     if (ctx == NULL) {
         CMPerr(0, CMP_R_NULL_ARGUMENT);
         return 0;
     }
-    sk_X509_pop_free(ctx->untrusted_certs, X509_free);
-    if ((ctx->untrusted_certs = sk_X509_new_null()) == NULL)
+    if ((untrusted_certs = sk_X509_new_null()) == NULL)
         return 0;
-    return ossl_cmp_sk_X509_add1_certs(ctx->untrusted_certs, certs, 0, 1, 0);
+    if (ossl_cmp_sk_X509_add1_certs(untrusted_certs, certs, 0, 1, 0) != 1)
+        goto err;
+    sk_X509_pop_free(ctx->untrusted_certs, X509_free);
+    ctx->untrusted_certs = untrusted_certs;
+    return 1;
+err:
+    sk_X509_pop_free(untrusted_certs, X509_free);
+    return 0;
 }
 
 /*
@@ -373,13 +380,19 @@ int OSSL_CMP_CTX_set1_referenceValue(OSSL_CMP_CTX *ctx,
 int OSSL_CMP_CTX_set1_secretValue(OSSL_CMP_CTX *ctx, const unsigned char *sec,
                                   const int len)
 {
+    ASN1_OCTET_STRING *secretValue = NULL;
     if (ctx == NULL) {
         CMPerr(0, CMP_R_NULL_ARGUMENT);
         return 0;
     }
-    if (ctx->secretValue != NULL)
+    if (ossl_cmp_asn1_octet_string_set1_bytes(&secretValue, sec, len) != 1)
+        return 0;
+    if (ctx->secretValue != NULL) {
         OPENSSL_cleanse(ctx->secretValue->data, ctx->secretValue->length);
-    return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->secretValue, sec, len);
+        ASN1_OCTET_STRING_free(ctx->secretValue);
+    }
+    ctx->secretValue = secretValue;
+    return 1;
 }
 
 /*
@@ -806,7 +819,7 @@ int OSSL_CMP_CTX_set_proxyPort(OSSL_CMP_CTX *ctx, int port)
  * sets the http connect/disconnect callback function to be used for HTTP(S)
  * returns 1 on success, 0 on error
  */
-int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_cmp_http_cb_t cb)
+int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb)
 {
     if (ctx == NULL) {
         CMPerr(0, CMP_R_NULL_ARGUMENT);
@@ -933,7 +946,8 @@ int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx)
  * Sets a Boolean or integer option of the context to the "val" arg.
  * Returns 1 on success, 0 on error
  */
-int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) {
+int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val)
+{
     int min_val;
 
     if (ctx == NULL) {
@@ -1036,7 +1050,8 @@ int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val) {
  * Reads a Boolean or integer option value from the context.
  * Returns -1 on error (which is the default OSSL_CMP_OPT_REVOCATION_REASON)
  */
-int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt) {
+int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt)
+{
     if (ctx == NULL) {
         CMPerr(0, CMP_R_NULL_ARGUMENT);
         return -1;