From 2ed63033e46953d0d95ff100c1334da7cc32c49b Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Mon, 11 Jan 2021 07:52:45 +0100
Subject: [PATCH] x509v3.h.in: Deprecate CTX_TEST and replace it by
 X509V3_CTX_TEST

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
---
 crypto/x509/v3_akid.c       |  2 +-
 crypto/x509/v3_san.c        |  4 ++--
 crypto/x509/v3_skid.c       |  2 +-
 doc/man3/X509V3_set_ctx.pod | 11 +++++++----
 include/openssl/x509v3.h.in |  9 ++++++---
 5 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/crypto/x509/v3_akid.c b/crypto/x509/v3_akid.c
index d0d20c4455b..0b1283f0afa 100644
--- a/crypto/x509/v3_akid.c
+++ b/crypto/x509/v3_akid.c
@@ -114,7 +114,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
         }
     }
 
-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
         return akeyid;
 
     if (ctx == NULL) {
diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
index d2e3ec138b5..cf7fdc6e388 100644
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@@ -325,7 +325,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
     X509_EXTENSION *ext;
     int i, num;
 
-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
         return 1;
     if (!ctx || !ctx->issuer_cert) {
         ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_ISSUER_DETAILS);
@@ -410,7 +410,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
     GENERAL_NAME *gen = NULL;
     int i = -1;
 
-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
         return 1;
     if (ctx == NULL
         || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
diff --git a/crypto/x509/v3_skid.c b/crypto/x509/v3_skid.c
index 8d13dc248ab..f1581e7452a 100644
--- a/crypto/x509/v3_skid.c
+++ b/crypto/x509/v3_skid.c
@@ -86,7 +86,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
     if (strcmp(str, "hash") != 0)
         return s2i_ASN1_OCTET_STRING(method, ctx /* not used */, str);
 
-    if (ctx != NULL && (ctx->flags & CTX_TEST) != 0)
+    if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
         return ASN1_OCTET_STRING_new();
     if (ctx == NULL
         || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
diff --git a/doc/man3/X509V3_set_ctx.pod b/doc/man3/X509V3_set_ctx.pod
index 136e3f1982e..63571994830 100644
--- a/doc/man3/X509V3_set_ctx.pod
+++ b/doc/man3/X509V3_set_ctx.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 X509V3_set_ctx,
-X509V3_set_issuer_pkey - X.509v3 extension generation utility functions
+X509V3_set_issuer_pkey - X.509 v3 extension generation utilities
 
 =head1 SYNOPSIS
 
@@ -16,15 +16,16 @@ X509V3_set_issuer_pkey - X.509v3 extension generation utility functions
 =head1 DESCRIPTION
 
 X509V3_set_ctx() fills in the basic fields of I<ctx> of type B<X509V3_CTX>,
-providing details potentially needed by functions producing X509 v3 certificate
-extensions, e.g., to look up values for filling in authority key identifiers.
+providing details potentially needed by functions producing X509 v3 extensions,
+e.g., to look up values for filling in authority key identifiers.
 Any of I<subj>, I<req>, or I<crl> may be provided, pointing to a certificate,
 certification request, or certificate revocation list, respectively.
 If I<subj> or I<crl> is provided, I<issuer> should point to its issuer,
 for instance to help generating an authority key identifier extension.
 Note that if I<subj> is provided, I<issuer> may be the same as I<subj>,
 which means that I<subj> is self-issued (or even self-signed).
-I<flags> may be 0 or contain B<CTX_TEST>, which means that just the syntax of
+I<flags> may be 0
+or contain B<X509V3_CTX_TEST>, which means that just the syntax of
 extension definitions is to be checked without actually producing an extension,
 or B<X509V3_CTX_REPLACE>, which means that each X.509v3 extension added as
 defined in some configuration section shall replace any already existing
@@ -48,6 +49,8 @@ L<X509_add_ext(3)>
 
 X509V3_set_issuer_pkey() was added in OpenSSL 3.0.
 
+CTX_TEST was deprecated in OpenSSL 3.0; use X509V3_CTX_TEST instead.
+
 =head1 COPYRIGHT
 
 Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in
index 3726f37999d..1df530985a2 100644
--- a/include/openssl/x509v3.h.in
+++ b/include/openssl/x509v3.h.in
@@ -87,9 +87,12 @@ typedef struct X509V3_CONF_METHOD_st {
     void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
 } X509V3_CONF_METHOD;
 
-/* Context specific info */
+/* Context specific info for producing X509 v3 extensions*/
 struct v3_ext_ctx {
-# define CTX_TEST 0x1
+# define X509V3_CTX_TEST 0x1
+# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  define CTX_TEST X509V3_CTX_TEST
+# endif
 # define X509V3_CTX_REPLACE 0x2
     int flags;
     X509 *issuer_cert;
@@ -363,7 +366,7 @@ struct ISSUING_DIST_POINT_st {
                         ",name:", (val)->name, ",value:", (val)->value)
 
 # define X509V3_set_ctx_test(ctx) \
-                        X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+    X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, X509V3_CTX_TEST)
 # define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
 
 # define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
-- 
2.47.2