Commit 2ed63033e4 for openssl.org

commit 2ed63033e46953d0d95ff100c1334da7cc32c49b
Author: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date:   Mon Jan 11 07:52:45 2021 +0100

    x509v3.h.in: Deprecate CTX_TEST and replace it by X509V3_CTX_TEST

    Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/13658)

diff --git a/crypto/x509/v3_akid.c b/crypto/x509/v3_akid.c
index d0d20c4455..0b1283f0af 100644
--- a/crypto/x509/v3_akid.c
+++ b/crypto/x509/v3_akid.c
@@ -114,7 +114,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
         }
     }

-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
         return akeyid;

     if (ctx == NULL) {
diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
index d2e3ec138b..cf7fdc6e38 100644
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@@ -325,7 +325,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
     X509_EXTENSION *ext;
     int i, num;

-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
         return 1;
     if (!ctx || !ctx->issuer_cert) {
         ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_ISSUER_DETAILS);
@@ -410,7 +410,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
     GENERAL_NAME *gen = NULL;
     int i = -1;

-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
         return 1;
     if (ctx == NULL
         || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
diff --git a/crypto/x509/v3_skid.c b/crypto/x509/v3_skid.c
index 8d13dc248a..f1581e7452 100644
--- a/crypto/x509/v3_skid.c
+++ b/crypto/x509/v3_skid.c
@@ -86,7 +86,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
     if (strcmp(str, "hash") != 0)
         return s2i_ASN1_OCTET_STRING(method, ctx /* not used */, str);

-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
         return ASN1_OCTET_STRING_new();
     if (ctx == NULL
         || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
diff --git a/doc/man3/X509V3_set_ctx.pod b/doc/man3/X509V3_set_ctx.pod
index 136e3f1982..6357199483 100644
--- a/doc/man3/X509V3_set_ctx.pod
+++ b/doc/man3/X509V3_set_ctx.pod
@@ -3,7 +3,7 @@
 =head1 NAME

 X509V3_set_ctx,
-X509V3_set_issuer_pkey - X.509v3 extension generation utility functions
+X509V3_set_issuer_pkey - X.509 v3 extension generation utilities

 =head1 SYNOPSIS

@@ -16,15 +16,16 @@ X509V3_set_issuer_pkey - X.509v3 extension generation utility functions
 =head1 DESCRIPTION

 X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,
-providing details potentially needed by functions producing X509 v3 certificate
-extensions, e.g., to look up values for filling in authority key identifiers.
+providing details potentially needed by functions producing X509 v3 extensions,
+e.g., to look up values for filling in authority key identifiers.
 Any of I<subj>, I<req>, or I<crl> may be provided, pointing to a certificate,
 certification request, or certificate revocation list, respectively.
 If I<subj> or I<crl> is provided, I<issuer> should point to its issuer,
 for instance to help generating an authority key identifier extension.
 Note that if I<subj> is provided, I<issuer> may be the same as I<subj>,
 which means that I<subj> is self-issued (or even self-signed).
-I<flags> may be 0 or contain B<CTX_TEST>, which means that just the syntax of
+I<flags> may be 0
+or contain B<X509V3_CTX_TEST>, which means that just the syntax of
 extension definitions is to be checked without actually producing an extension,
 or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
 defined in some configuration section shall replace any already existing
@@ -48,6 +49,8 @@ L<X509_add_ext(3)>

 X509V3_set_issuer_pkey() was added in OpenSSL 3.0.

+CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.
+
 =head1 COPYRIGHT

 Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in
index 3726f37999..1df530985a 100644
--- a/include/openssl/x509v3.h.in
+++ b/include/openssl/x509v3.h.in
@@ -87,9 +87,12 @@ typedef struct X509V3_CONF_METHOD_st {
     void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
 } X509V3_CONF_METHOD;

-/* Context specific info */
+/* Context specific info for producing X509 v3 extensions*/
 struct v3_ext_ctx {
-# define CTX_TEST 0x1
+# define X509V3_CTX_TEST 0x1
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define CTX_TEST X509V3_CTX_TEST
+# endif
 # define X509V3_CTX_REPLACE 0x2
     int flags;
     X509 *issuer_cert;
@@ -363,7 +366,7 @@ struct ISSUING_DIST_POINT_st {
                         ",name:", (val)->name, ",value:", (val)->value)

 # define X509V3_set_ctx_test(ctx) \
-                        X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+    X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST)
 # define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;

 # define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \