x509v3.h.in: Deprecate CTX_TEST and replace it by X509V3_CTX_TEST

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13658)
2025-01-30 14:01:55 +08:00 · 2021-01-11 07:52:45 +01:00 · 2021-01-11 07:52:45 +01:00 · 2ed63033e4
commit 2ed63033e4
parent 04a1b3fa7b
5 changed files with 17 additions and 11 deletions
--- a/crypto/x509/v3_akid.c
+++ b/crypto/x509/v3_akid.c
@ -114,7 +114,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
        }
    }

-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
        return akeyid;

    if (ctx == NULL) {
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@ -325,7 +325,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
    X509_EXTENSION *ext;
    int i, num;

-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
        return 1;
    if (!ctx || !ctx->issuer_cert) {
        ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_ISSUER_DETAILS);
@ -410,7 +410,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
    GENERAL_NAME *gen = NULL;
    int i = -1;

-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
        return 1;
    if (ctx == NULL
        || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
--- a/crypto/x509/v3_skid.c
+++ b/crypto/x509/v3_skid.c
@ -86,7 +86,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
    if (strcmp(str, "hash") != 0)
        return s2i_ASN1_OCTET_STRING(method, ctx /* not used */, str);

-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
        return ASN1_OCTET_STRING_new();
    if (ctx == NULL
        || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
--- a/doc/man3/X509V3_set_ctx.pod
+++ b/doc/man3/X509V3_set_ctx.pod
@ -3,7 +3,7 @@
 =head1 NAME

 X509V3_set_ctx,
-X509V3_set_issuer_pkey - X.509v3 extension generation utility functions
+X509V3_set_issuer_pkey - X.509 v3 extension generation utilities

 =head1 SYNOPSIS

@ -16,15 +16,16 @@ X509V3_set_issuer_pkey - X.509v3 extension generation utility functions
 =head1 DESCRIPTION

 X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,
-providing details potentially needed by functions producing X509 v3 certificate
-extensions, e.g., to look up values for filling in authority key identifiers.
+providing details potentially needed by functions producing X509 v3 extensions,
+e.g., to look up values for filling in authority key identifiers.
 Any of I<subj>, I<req>, or I<crl> may be provided, pointing to a certificate,
 certification request, or certificate revocation list, respectively.
 If I<subj> or I<crl> is provided, I<issuer> should point to its issuer,
 for instance to help generating an authority key identifier extension.
 Note that if I<subj> is provided, I<issuer> may be the same as I<subj>,
 which means that I<subj> is self-issued (or even self-signed).
-I<flags> may be 0 or contain B<CTX_TEST>, which means that just the syntax of
+I<flags> may be 0
+or contain B<X509V3_CTX_TEST>, which means that just the syntax of
 extension definitions is to be checked without actually producing an extension,
 or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
 defined in some configuration section shall replace any already existing
@ -48,6 +49,8 @@ L<X509_add_ext(3)>

 X509V3_set_issuer_pkey() was added in OpenSSL 3.0.

+CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.
+
 =head1 COPYRIGHT

 Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
--- a/include/openssl/x509v3.h.in
+++ b/include/openssl/x509v3.h.in
@ -87,9 +87,12 @@ typedef struct X509V3_CONF_METHOD_st {
    void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
 } X509V3_CONF_METHOD;

-/* Context specific info */
+/* Context specific info for producing X509 v3 extensions*/
 struct v3_ext_ctx {
-# define CTX_TEST 0x1
+# define X509V3_CTX_TEST 0x1
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define CTX_TEST X509V3_CTX_TEST
+# endif
 # define X509V3_CTX_REPLACE 0x2
    int flags;
    X509 *issuer_cert;
@ -363,7 +366,7 @@ struct ISSUING_DIST_POINT_st {
                        ",name:", (val)->name, ",value:", (val)->value)

 # define X509V3_set_ctx_test(ctx) \
-                        X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+    X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST)
 # define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;

 # define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \