From 63f1883dca7a42949e8b9db5b035c17fc160f998 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Fri, 8 May 2020 13:30:44 +0200
Subject: Rename OSSL_CMP_CTX_set1_clCert() to OSSL_CMP_CTX_set1_cert()

Also update documentation and example code in openssl-cmp.pod.in

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/11470)
---
 crypto/cmp/cmp_ctx.c     |  6 +++---
 crypto/cmp/cmp_hdr.c     |  8 ++++----
 crypto/cmp/cmp_local.h   |  4 ++--
 crypto/cmp/cmp_msg.c     |  2 +-
 crypto/cmp/cmp_protect.c | 14 +++++++-------
 5 files changed, 17 insertions(+), 17 deletions(-)

(limited to 'crypto')

diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c
index aa18338db5..9aeee7f5dd 100644
--- a/crypto/cmp/cmp_ctx.c
+++ b/crypto/cmp/cmp_ctx.c
@@ -164,7 +164,7 @@ void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx)
     X509_STORE_free(ctx->trusted);
     sk_X509_pop_free(ctx->untrusted_certs, X509_free);
 
-    X509_free(ctx->clCert);
+    X509_free(ctx->cert);
     EVP_PKEY_free(ctx->pkey);
     ASN1_OCTET_STRING_free(ctx->referenceValue);
     if (ctx->secretValue != NULL)
@@ -676,12 +676,12 @@ int OSSL_CMP_CTX_push1_subjectAltName(OSSL_CMP_CTX *ctx,
  * Set our own client certificate, used for example in KUR and when
  * doing the IR with existing certificate.
  */
-DEFINE_OSSL_CMP_CTX_set1_up_ref(clCert, X509)
+DEFINE_OSSL_CMP_CTX_set1_up_ref(cert, X509)
 
 /*
  * Set the old certificate that we are updating in KUR
  * or the certificate to be revoked in RR, respectively.
- * Also used as reference cert (defaulting to clCert) for deriving subject DN
+ * Also used as reference cert (defaulting to cert) for deriving subject DN
  * and SANs. Its issuer is used as default recipient in the CMP message header.
  */
 DEFINE_OSSL_CMP_CTX_set1_up_ref(oldCert, X509)
diff --git a/crypto/cmp/cmp_hdr.c b/crypto/cmp/cmp_hdr.c
index 157247d47e..b07bf031bf 100644
--- a/crypto/cmp/cmp_hdr.c
+++ b/crypto/cmp/cmp_hdr.c
@@ -303,8 +303,8 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
      * The sender name is copied from the subject of the client cert, if any,
      * or else from the subject name provided for certification requests.
      */
-    sender = ctx->clCert != NULL ?
-        X509_get_subject_name(ctx->clCert) : ctx->subjectName;
+    sender = ctx->cert != NULL ?
+        X509_get_subject_name(ctx->cert) : ctx->subjectName;
     if (!ossl_cmp_hdr_set1_sender(hdr, sender))
         return 0;
 
@@ -321,8 +321,8 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr)
         rcp = ctx->issuer;
     } else if (ctx->oldCert != NULL) {
         rcp = X509_get_issuer_name(ctx->oldCert);
-    } else if (ctx->clCert != NULL) {
-        rcp = X509_get_issuer_name(ctx->clCert);
+    } else if (ctx->cert != NULL) {
+        rcp = X509_get_issuer_name(ctx->cert);
     }
     if (!ossl_cmp_hdr_set1_recipient(hdr, rcp))
         return 0;
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index 62d7dbd1d4..04abcf5084 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -68,8 +68,8 @@ struct ossl_cmp_ctx_st {
 
     /* client authentication */
     int unprotectedSend; /* send unprotected PKI messages */
-    X509 *clCert; /* client cert used to identify and sign for MSG_SIG_ALG */
-    EVP_PKEY *pkey; /* the key pair corresponding to clCert */
+    X509 *cert; /* protection cert used to identify and sign for MSG_SIG_ALG */
+    EVP_PKEY *pkey; /* the key pair corresponding to cert */
     ASN1_OCTET_STRING *referenceValue; /* optional user name for MSG_MAC_ALG */
     ASN1_OCTET_STRING *secretValue; /* password/shared secret for MSG_MAC_ALG */
     /* PBMParameters for MSG_MAC_ALG */
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 0534cae0ae..7b338b2b01 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -218,7 +218,7 @@ static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, X509 *refcert,
 static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype, int rid)
 {
     OSSL_CRMF_MSG *crm = NULL;
-    X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->clCert;
+    X509 *refcert = ctx->oldCert != NULL ? ctx->oldCert : ctx->cert;
     /* refcert defaults to current client cert */
     EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0);
     STACK_OF(GENERAL_NAME) *default_sans = NULL;
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index 0b87acd804..97600a7266 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -145,14 +145,14 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
             && (msg->extraCerts = sk_X509_new_null()) == NULL)
         return 0;
 
-    if (ctx->clCert != NULL && ctx->pkey != NULL) {
+    if (ctx->cert != NULL && ctx->pkey != NULL) {
         /* make sure that our own cert is included in the first position */
-        if (!ossl_cmp_sk_X509_add1_cert(msg->extraCerts, ctx->clCert, 1, 1))
+        if (!ossl_cmp_sk_X509_add1_cert(msg->extraCerts, ctx->cert, 1, 1))
             return 0;
         /* if we have untrusted certs, try to add intermediate certs */
         if (ctx->untrusted_certs != NULL) {
             STACK_OF(X509) *chain =
-                ossl_cmp_build_cert_chain(ctx->untrusted_certs, ctx->clCert);
+                ossl_cmp_build_cert_chain(ctx->untrusted_certs, ctx->cert);
             int res = ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain,
                                                   1 /* no self-issued */,
                                                   1 /* no duplicates */, 0);
@@ -244,7 +244,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
                 && !ossl_cmp_hdr_set1_senderKID(msg->header,
                                                 ctx->referenceValue))
             goto err;
-    } else if (ctx->clCert != NULL && ctx->pkey != NULL) {
+    } else if (ctx->cert != NULL && ctx->pkey != NULL) {
         /*
          * use MSG_SIG_ALG according to 5.1.3.3 if client Certificate and
          * private key is given
@@ -254,7 +254,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
         ASN1_OBJECT *alg = NULL;
 
         /* make sure that key and certificate match */
-        if (!X509_check_private_key(ctx->clCert, ctx->pkey)) {
+        if (!X509_check_private_key(ctx->cert, ctx->pkey)) {
             CMPerr(0, CMP_R_CERT_AND_KEY_DO_NOT_MATCH);
             goto err;
         }
@@ -280,7 +280,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
          * set senderKID to keyIdentifier of the used certificate according
          * to section 5.1.1
          */
-        subjKeyIDStr = X509_get0_subject_key_id(ctx->clCert);
+        subjKeyIDStr = X509_get0_subject_key_id(ctx->cert);
         if (subjKeyIDStr == NULL)
             subjKeyIDStr = ctx->referenceValue; /* fallback */
         if (subjKeyIDStr != NULL
@@ -295,7 +295,7 @@ int ossl_cmp_msg_protect(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
         goto err;
 
     /*
-     * If present, add ctx->clCert followed by its chain as far as possible.
+     * If present, add ctx->cert followed by its chain as far as possible.
      * Finally add any additional certificates from ctx->extraCertsOut;
      * even if not needed to validate the protection
      * the option to do this might be handy for certain use cases.
-- 
cgit v1.2.3