/*
- * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright Nokia 2007-2019
* Copyright Siemens AG 2015-2019
*
#include <openssl/trace.h>
#include <openssl/bio.h>
#include <openssl/ocsp.h> /* for OCSP_REVOKED_STATUS_* */
-#include "crypto/x509.h" /* for x509v3_cache_extensions() */
#include "cmp_local.h"
#include <openssl/crmf.h>
#include <openssl/err.h>
-DEFINE_STACK_OF(POLICYINFO)
-DEFINE_STACK_OF(ASN1_UTF8STRING)
-DEFINE_STACK_OF(GENERAL_NAME)
-DEFINE_STACK_OF(OSSL_CMP_ITAV)
-
/*
* Get current certificate store containing trusted root CA certs
*/
X509_STORE *OSSL_CMP_CTX_get0_trustedStore(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
return ctx->trusted;
int OSSL_CMP_CTX_set0_trustedStore(OSSL_CMP_CTX *ctx, X509_STORE *store)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
X509_STORE_free(ctx->trusted);
STACK_OF(X509) *OSSL_CMP_CTX_get0_untrusted(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
return ctx->untrusted;
*/
int OSSL_CMP_CTX_set1_untrusted(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
{
- STACK_OF(X509) *untrusted;
+ STACK_OF(X509) *untrusted = NULL;
+
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
- if ((untrusted = sk_X509_new_null()) == NULL)
- return 0;
- if (X509_add_certs(untrusted, certs,
- X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP) != 1)
+ if (!ossl_x509_add_certs_new(&untrusted, certs,
+ X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
goto err;
sk_X509_pop_free(ctx->untrusted, X509_free);
ctx->untrusted = untrusted;
/* fetching in advance to be able to throw error early if unsupported */
if (md == NULL) {
- CMPerr(0, CMP_R_UNSUPPORTED_ALGORITHM);
+ ERR_raise(ERR_LIB_CMP, CMP_R_UNSUPPORTED_ALGORITHM);
return 0;
}
EVP_MD_free(*pmd);
* Allocates and initializes OSSL_CMP_CTX context structure with default values.
* Returns new context on success, NULL on error
*/
-OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq)
+OSSL_CMP_CTX *OSSL_CMP_CTX_new(OSSL_LIB_CTX *libctx, const char *propq)
{
OSSL_CMP_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
ctx->libctx = libctx;
if (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL)
- goto err;
+ goto oom;
ctx->log_verbosity = OSSL_CMP_LOG_INFO;
ctx->status = -1;
ctx->failInfoCode = -1;
- ctx->msg_timeout = 2 * 60;
+ ctx->keep_alive = 1;
+ ctx->msg_timeout = -1;
if ((ctx->untrusted = sk_X509_new_null()) == NULL)
- goto err;
+ goto oom;
ctx->pbm_slen = 16;
if (!cmp_ctx_set_md(ctx, &ctx->pbm_owf, NID_sha256))
/* all other elements are initialized to 0 or NULL, respectively */
return ctx;
+ oom:
+ ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
err:
OSSL_CMP_CTX_free(ctx);
- X509err(0, ERR_R_MALLOC_FAILURE);
return NULL;
}
int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
+ if (ctx->http_ctx != NULL) {
+ (void)OSSL_HTTP_close(ctx->http_ctx, 1);
+ ossl_cmp_debug(ctx, "disconnected from CMP server");
+ ctx->http_ctx = NULL;
+ }
ctx->status = -1;
ctx->failInfoCode = -1;
if (ctx == NULL)
return;
+ if (ctx->http_ctx != NULL) {
+ (void)OSSL_HTTP_close(ctx->http_ctx, 1);
+ ossl_cmp_debug(ctx, "disconnected from CMP server");
+ }
OPENSSL_free(ctx->serverPath);
OPENSSL_free(ctx->server);
OPENSSL_free(ctx->proxy);
int OSSL_CMP_CTX_get_status(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return -1;
}
return ctx->status;
OSSL_CMP_PKIFREETEXT *OSSL_CMP_CTX_get0_statusString(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
return ctx->statusString;
int OSSL_CMP_CTX_set_certConf_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_certConf_cb_t cb)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
ctx->certConf_cb = cb;
int OSSL_CMP_CTX_set_certConf_cb_arg(OSSL_CMP_CTX *ctx, void *arg)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
ctx->certConf_cb_arg = arg;
void *OSSL_CMP_CTX_get_certConf_cb_arg(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
return ctx->certConf_cb_arg;
int OSSL_CMP_CTX_set_log_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_log_cb_t cb)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
ctx->log_cb = cb;
const unsigned char *ref, int len)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
return ossl_cmp_asn1_octet_string_set1_bytes(&ctx->referenceValue, ref,
{
ASN1_OCTET_STRING *secretValue = NULL;
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
if (ossl_cmp_asn1_octet_string_set1_bytes(&secretValue, sec, len) != 1)
STACK_OF(X509) *OSSL_CMP_CTX_get1_newChain(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
- if (ctx->newChain == NULL)
- return sk_X509_new_null();
return X509_chain_up_ref(ctx->newChain);
}
return 0;
sk_X509_pop_free(ctx->newChain, X509_free);
- ctx->newChain= NULL;
- if (newChain == NULL)
- return 1;
- return (ctx->newChain = X509_chain_up_ref(newChain)) != NULL;
+ ctx->newChain = NULL;
+ return newChain == NULL ||
+ (ctx->newChain = X509_chain_up_ref(newChain)) != NULL;
}
/* Returns the stack of extraCerts received in CertRepMessage, NULL on error */
STACK_OF(X509) *OSSL_CMP_CTX_get1_extraCertsIn(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
- if (ctx->extraCertsIn == NULL)
- return sk_X509_new_null();
return X509_chain_up_ref(ctx->extraCertsIn);
}
sk_X509_pop_free(ctx->extraCertsIn, X509_free);
ctx->extraCertsIn = NULL;
- if (extraCertsIn == NULL)
- return 1;
- return (ctx->extraCertsIn = X509_chain_up_ref(extraCertsIn)) != NULL;
+ return extraCertsIn == NULL
+ || (ctx->extraCertsIn = X509_chain_up_ref(extraCertsIn)) != NULL;
}
/*
STACK_OF(X509) *extraCertsOut)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
sk_X509_pop_free(ctx->extraCertsOut, X509_free);
ctx->extraCertsOut = NULL;
- if (extraCertsOut == NULL)
- return 1;
- return (ctx->extraCertsOut = X509_chain_up_ref(extraCertsOut)) != NULL;
+ return extraCertsOut == NULL
+ || (ctx->extraCertsOut = X509_chain_up_ref(extraCertsOut)) != NULL;
}
/*
int OSSL_CMP_CTX_push0_policy(OSSL_CMP_CTX *ctx, POLICYINFO *pinfo)
{
if (ctx == NULL || pinfo == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
return OSSL_CMP_ITAV_push0_stack_item(&ctx->geninfo_ITAVs, itav);
int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
return OSSL_CMP_ITAV_push0_stack_item(&ctx->genm_ITAVs, itav);
STACK_OF(X509) *OSSL_CMP_CTX_get1_caPubs(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
- if (ctx->caPubs == NULL)
- return sk_X509_new_null();
return X509_chain_up_ref(ctx->caPubs);
}
sk_X509_pop_free(ctx->caPubs, X509_free);
ctx->caPubs = NULL;
- if (caPubs == NULL)
- return 1;
- return (ctx->caPubs = X509_chain_up_ref(caPubs)) != NULL;
+ return caPubs == NULL || (ctx->caPubs = X509_chain_up_ref(caPubs)) != NULL;
}
#define char_dup OPENSSL_strdup
TYPE *val_dup = NULL; \
\
if (ctx == NULL) { \
- CMPerr(0, CMP_R_NULL_ARGUMENT); \
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
return 0; \
} \
\
return 1; \
}
-#define X509_invalid(cert) (!x509v3_cache_extensions(cert))
+#define X509_invalid(cert) (!ossl_x509v3_cache_extensions(cert))
#define EVP_PKEY_invalid(key) 0
#define DEFINE_OSSL_CMP_CTX_set1_up_ref(FIELD, TYPE) \
int OSSL_CMP_CTX_set1_##FIELD(OSSL_CMP_CTX *ctx, TYPE *val) \
{ \
if (ctx == NULL) { \
- CMPerr(0, CMP_R_NULL_ARGUMENT); \
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); \
return 0; \
} \
\
/* prevent misleading error later on malformed cert or provider issue */ \
if (val != NULL && TYPE##_invalid(val)) { \
- CMPerr(0, CMP_R_POTENTIALLY_INVALID_CERTIFICATE); \
+ ERR_raise(ERR_LIB_CMP, CMP_R_POTENTIALLY_INVALID_CERTIFICATE); \
return 0; \
} \
if (val != NULL && !TYPE##_up_ref(val)) \
int OSSL_CMP_CTX_set0_reqExtensions(OSSL_CMP_CTX *ctx, X509_EXTENSIONS *exts)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0 && exts != NULL
&& X509v3_get_ext_by_NID(exts, NID_subject_alt_name, -1) >= 0) {
- CMPerr(0, CMP_R_MULTIPLE_SAN_SOURCES);
+ ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_SAN_SOURCES);
return 0;
}
sk_X509_EXTENSION_pop_free(ctx->reqExtensions, X509_EXTENSION_free);
int OSSL_CMP_CTX_reqExtensions_have_SAN(OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return -1;
}
/* if one of the following conditions 'fail' this is not an error */
GENERAL_NAME *name_dup;
if (ctx == NULL || name == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
if (OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) {
- CMPerr(0, CMP_R_MULTIPLE_SAN_SOURCES);
+ ERR_raise(ERR_LIB_CMP, CMP_R_MULTIPLE_SAN_SOURCES);
return 0;
}
STACK_OF(X509) *chain;
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
- if (ctx->untrusted != NULL ?
- !X509_add_certs(ctx->untrusted, candidates,
- X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP) :
- !OSSL_CMP_CTX_set1_untrusted(ctx, candidates))
+ if (!ossl_x509_add_certs_new(&ctx->untrusted, candidates,
+ X509_ADD_FLAG_UP_REF | X509_ADD_FLAG_NO_DUP))
return 0;
ossl_cmp_debug(ctx, "trying to build chain for own CMP signer cert");
- chain = ossl_cmp_build_cert_chain(ctx->libctx, ctx->propq, own_trusted,
- ctx->untrusted, ctx->cert);
+ chain = X509_build_chain(ctx->cert, ctx->untrusted, own_trusted, 0,
+ ctx->libctx, ctx->propq);
if (chain == NULL) {
- CMPerr(0, CMP_R_FAILED_BUILDING_OWN_CHAIN);
+ ERR_raise(ERR_LIB_CMP, CMP_R_FAILED_BUILDING_OWN_CHAIN);
return 0;
}
ossl_cmp_debug(ctx, "success building chain for own CMP signer cert");
X509 *OSSL_CMP_CTX_get0_newCert(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
return ctx->newCert;
int OSSL_CMP_CTX_set0_newPkey(OSSL_CMP_CTX *ctx, int priv, EVP_PKEY *pkey)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
EVP_PKEY *OSSL_CMP_CTX_get0_newPkey(const OSSL_CMP_CTX *ctx, int priv)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
const ASN1_OCTET_STRING *id)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
return ossl_cmp_asn1_octet_string_set1(&ctx->transactionID, id);
const ASN1_OCTET_STRING *nonce)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
return ossl_cmp_asn1_octet_string_set1(&ctx->senderNonce, nonce);
int OSSL_CMP_CTX_set_http_cb(OSSL_CMP_CTX *ctx, OSSL_HTTP_bio_cb_t cb)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
ctx->http_cb = cb;
int OSSL_CMP_CTX_set_http_cb_arg(OSSL_CMP_CTX *ctx, void *arg)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
ctx->http_cb_arg = arg;
void *OSSL_CMP_CTX_get_http_cb_arg(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
return ctx->http_cb_arg;
int OSSL_CMP_CTX_set_transfer_cb(OSSL_CMP_CTX *ctx, OSSL_CMP_transfer_cb_t cb)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
ctx->transfer_cb = cb;
int OSSL_CMP_CTX_set_transfer_cb_arg(OSSL_CMP_CTX *ctx, void *arg)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
ctx->transfer_cb_arg = arg;
void *OSSL_CMP_CTX_get_transfer_cb_arg(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return NULL;
}
return ctx->transfer_cb_arg;
int OSSL_CMP_CTX_set_serverPort(OSSL_CMP_CTX *ctx, int port)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
ctx->serverPort = port;
int OSSL_CMP_CTX_get_failInfoCode(const OSSL_CMP_CTX *ctx)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return -1;
}
return ctx->failInfoCode;
int min_val;
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return 0;
}
break;
}
if (val < min_val) {
- CMPerr(0, CMP_R_VALUE_TOO_SMALL);
+ ERR_raise(ERR_LIB_CMP, CMP_R_VALUE_TOO_SMALL);
return 0;
}
switch (opt) {
case OSSL_CMP_OPT_LOG_VERBOSITY:
if (val > OSSL_CMP_LOG_MAX) {
- CMPerr(0, CMP_R_VALUE_TOO_LARGE);
+ ERR_raise(ERR_LIB_CMP, CMP_R_VALUE_TOO_LARGE);
return 0;
}
ctx->log_verbosity = val;
break;
case OSSL_CMP_OPT_POPO_METHOD:
if (val > OSSL_CRMF_POPO_KEYAGREE) {
- CMPerr(0, CMP_R_VALUE_TOO_LARGE);
+ ERR_raise(ERR_LIB_CMP, CMP_R_VALUE_TOO_LARGE);
return 0;
}
ctx->popoMethod = val;
case OSSL_CMP_OPT_MAC_ALGNID:
ctx->pbm_mac = val;
break;
+ case OSSL_CMP_OPT_KEEP_ALIVE:
+ ctx->keep_alive = val;
+ break;
case OSSL_CMP_OPT_MSG_TIMEOUT:
ctx->msg_timeout = val;
break;
break;
case OSSL_CMP_OPT_REVOCATION_REASON:
if (val > OCSP_REVOKED_STATUS_AACOMPROMISE) {
- CMPerr(0, CMP_R_VALUE_TOO_LARGE);
+ ERR_raise(ERR_LIB_CMP, CMP_R_VALUE_TOO_LARGE);
return 0;
}
ctx->revocationReason = val;
break;
default:
- CMPerr(0, CMP_R_INVALID_OPTION);
+ ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_OPTION);
return 0;
}
int OSSL_CMP_CTX_get_option(const OSSL_CMP_CTX *ctx, int opt)
{
if (ctx == NULL) {
- CMPerr(0, CMP_R_NULL_ARGUMENT);
+ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
return -1;
}
return EVP_MD_type(ctx->pbm_owf);
case OSSL_CMP_OPT_MAC_ALGNID:
return ctx->pbm_mac;
+ case OSSL_CMP_OPT_KEEP_ALIVE:
+ return ctx->keep_alive;
case OSSL_CMP_OPT_MSG_TIMEOUT:
return ctx->msg_timeout;
case OSSL_CMP_OPT_TOTAL_TIMEOUT:
case OSSL_CMP_OPT_REVOCATION_REASON:
return ctx->revocationReason;
default:
- CMPerr(0, CMP_R_INVALID_OPTION);
+ ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_OPTION);
return -1;
}
}