Commit 5cbf8ce894 for openssl.org
commit 5cbf8ce8942188e6da2698c42faed61f36b54850
Author: Dr. David von Oheimb <dev@ddvo.net>
Date: Wed Feb 26 18:55:00 2025 +0100
OSSL_CRMF_MSG_centralkeygen_requested(): change confusing paramter name 'p10cr' to 'p10'
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/29073)
diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index a615b1f775..95b643685c 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -537,13 +537,13 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
return 1;
}
-int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr)
+int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm, const X509_REQ *p10)
{
X509_PUBKEY *pubkey = NULL;
const unsigned char *pk = NULL;
int pklen, ret = 0;
- if (crm == NULL && p10cr == NULL) {
+ if (crm == NULL && p10 == NULL) {
ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
return -1;
}
@@ -551,7 +551,7 @@ int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm, const X509_R
if (crm != NULL)
pubkey = OSSL_CRMF_CERTTEMPLATE_get0_publicKey(OSSL_CRMF_MSG_get0_tmpl(crm));
else
- pubkey = p10cr->req_info.pubkey;
+ pubkey = p10->req_info.pubkey;
if (pubkey == NULL
|| (X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey)
@@ -848,7 +848,7 @@ end:
return NULL;
}
-/*
+/*-
* Decrypts the certificate in the given encryptedValue using private key pkey.
* This is needed for the indirect PoP method as in RFC 9810 section 5.2.8.3.2.
*
@@ -878,6 +878,7 @@ end:
OPENSSL_free(buf);
return cert;
}
+
/*-
* Decrypts the certificate in the given encryptedKey using private key pkey.
* This is needed for the indirect PoP method as in RFC 9810 section 5.2.8.3.2.
diff --git a/doc/man3/OSSL_CMP_SRV_CTX_new.pod b/doc/man3/OSSL_CMP_SRV_CTX_new.pod
index 34862a0906..3de9618c63 100644
--- a/doc/man3/OSSL_CMP_SRV_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_SRV_CTX_new.pod
@@ -40,7 +40,7 @@ OSSL_CMP_SRV_CTX_set_grant_implicit_confirm
const OSSL_CMP_MSG *req,
int certReqId,
const OSSL_CRMF_MSG *crm,
- const X509_REQ *p10cr,
+ const X509_REQ *p10,
X509 **certOut,
STACK_OF(X509) **chainOut,
STACK_OF(X509) **caPubs);
diff --git a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
index a8a5a36b68..78936ffb39 100644
--- a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
+++ b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
@@ -62,7 +62,7 @@ OSSL_CRMF_MSG_centralkeygen_requested
int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm,
- const X509_REQ *p10cr);
+ const X509_REQ *p10);
=head1 DESCRIPTION
@@ -127,7 +127,7 @@ OSSL_CRMF_MSG_get_certReqId() retrieves the certReqId of I<crm>.
OSSL_CRMF_MSG_centralkeygen_requested() returns 1 if central key generation
is requested i.e., the public key in the certificate request (I<crm> is taken if it is non-NULL,
-otherwise I<p10cr>) is NULL or has an empty key value (with length zero).
+otherwise I<p10>) is NULL or has an empty key value (with length zero).
In case I<crm> is non-NULL, this is checked for consistency with its B<popo> field
(must be NULL if and only if central key generation is requested).
Otherwise it returns 0, and on error a negative value.
diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in
index b600aa6bbd..476d4497be 100644
--- a/include/openssl/cmp.h.in
+++ b/include/openssl/cmp.h.in
@@ -507,8 +507,9 @@ OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx,
const OSSL_CMP_MSG *req);
OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OSSL_LIB_CTX *libctx, const char *propq);
void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx);
-typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId,
- const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr,
+typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
+ const OSSL_CMP_MSG *req, int certReqId,
+ const OSSL_CRMF_MSG *crm, const X509_REQ *p10,
X509 **certOut, STACK_OF(X509) **chainOut, STACK_OF(X509) **caPubs);
typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_rr_cb_t)(OSSL_CMP_SRV_CTX *srv_ctx,
const OSSL_CMP_MSG *req,
diff --git a/include/openssl/crmf.h.in b/include/openssl/crmf.h.in
index 3d9cbf4320..e3dd4d6149 100644
--- a/include/openssl/crmf.h.in
+++ b/include/openssl/crmf.h.in
@@ -196,7 +196,7 @@ EVP_PKEY *OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(const OSSL_CRMF_ENCRYPTEDKEY *encrypt
X509_STORE *ts, STACK_OF(X509) *extra, EVP_PKEY *pkey,
X509 *cert, ASN1_OCTET_STRING *secret,
OSSL_LIB_CTX *libctx, const char *propq);
-int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr);
+int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm, const X509_REQ *p10);
#ifndef OPENSSL_NO_CMS
OSSL_CRMF_ENCRYPTEDKEY *OSSL_CRMF_ENCRYPTEDKEY_init_envdata(CMS_EnvelopedData *envdata);
#endif