From 7031f5821c4380d9c1f60a92734c940fdedfb488 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Fri, 30 Apr 2021 18:29:12 +0200
Subject: [PATCH] OCSP: Minor improvements of documentation and header file

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15103)
---
 CHANGES.md                    |  5 +++--
 doc/man3/OCSP_sendreq_new.pod | 13 ++++++++-----
 include/openssl/ocsp.h.in     |  8 ++++----
 util/other.syms               |  1 +
 4 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 0abee0a0ac..0e7b09432b 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -328,14 +328,15 @@ OpenSSL 3.0
 
  * Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_new(),
    OCSP_REQ_CTX_free(), OCSP_REQ_CTX_http(), OCSP_REQ_CTX_add1_header(),
-   OCSP_REQ_CTX_i2d(), OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
+   OCSP_REQ_CTX_i2d() and its special form OCSP_REQ_CTX_set1_req(),
+   OCSP_REQ_CTX_nbio(), OCSP_REQ_CTX_nbio_d2i(),
    OCSP_REQ_CTX_get0_mem_bio() and OCSP_set_max_response_length().  These
    were used to collect all necessary data to form a HTTP request, and to
    perform the HTTP transfer with that request.  With OpenSSL 3.0, the
    type is OSSL_HTTP_REQ_CTX, and the deprecated functions are replaced
    with OSSL_HTTP_REQ_CTX_new(), OSSL_HTTP_REQ_CTX_free(),
    OSSL_HTTP_REQ_CTX_set_request_line(), OSSL_HTTP_REQ_CTX_add1_header(),
-   OSSL_HTTP_REQ_CTX_set1_req(), OSSL_HTTP_REQ_CTX_nbio(),
+   OSSL_HTTP_REQ_CTX_i2d(), OSSL_HTTP_REQ_CTX_nbio(),
    OSSL_HTTP_REQ_CTX_sendreq_d2i(), OSSL_HTTP_REQ_CTX_get0_mem_bio() and
    OSSL_HTTP_REQ_CTX_set_max_response_length().
 
diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod
index f01aadad6b..10c6131f86 100644
--- a/doc/man3/OCSP_sendreq_new.pod
+++ b/doc/man3/OCSP_sendreq_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+OCSP_REQ_CTX,
 OCSP_sendreq_new,
 OCSP_sendreq_nbio,
 OCSP_sendreq_bio,
@@ -27,13 +28,14 @@ Deprecated since OpenSSL 3.0, can be hidden entirely by defining
 B<OPENSSL_API_COMPAT> with a suitable version value, see
 L<openssl_user_macros(7)>:
 
+ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
  int OCSP_REQ_CTX_i2d(OCSP_REQ_CT *rctx, const ASN1_ITEM *it, ASN1_VALUE *req);
  int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT *rctx,
                               const char *name, const char *value);
- void OCSP_REQ_CTX_free(OSSL_HTTP_REQ_CTX *rctx);
+ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
  void OCSP_set_max_response_length(OCSP_REQ_CT *rctx,
                                    unsigned long len);
- int OCSP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const OCSP_REQUEST *req);
+ int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, const OCSP_REQUEST *req);
 
 =head1 DESCRIPTION
 
@@ -70,10 +72,11 @@ OCSP_REQ_CTX_i2d(rctx, it, req) is equivalent to the following:
 OCSP_REQ_CTX_set1_req(rctx, req) is equivalent to the following:
 
  OSSL_HTTP_REQ_CTX_set1_req(rctx, "application/ocsp-request",
-                            ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)req)
+                            ASN1_ITEM_rptr(OCSP_REQUEST),
+                            (const ASN1_VALUE *)req)
 
-The other deprecated type and functions have been superseded by the
-following equivalents:
+The deprecated type and the remaining deprecated functions
+have been superseded by the following equivalents:
 B<OCSP_REQ_CTX> by L<OSSL_HTTP_REQ_CTX(3)>,
 OCSP_REQ_CTX_add1_header() by L<OSSL_HTTP_REQ_CTX_add1_header(3)>,
 OCSP_REQ_CTX_free() by L<OSSL_HTTP_REQ_CTX_free(3)>, and
diff --git a/include/openssl/ocsp.h.in b/include/openssl/ocsp.h.in
index bf8bd7e676..83c8a175fe 100644
--- a/include/openssl/ocsp.h.in
+++ b/include/openssl/ocsp.h.in
@@ -186,8 +186,10 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
                                            NULL, NULL, path)
 #   define OCSP_REQ_CTX_add1_header(r, n, v) \
         OSSL_HTTP_REQ_CTX_add1_header(r, n, v)
-#   define OCSP_REQ_CTX_i2d(r, i, req) \
-        OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", i, req)
+#   define OCSP_REQ_CTX_i2d(r, it, req) \
+        OSSL_HTTP_REQ_CTX_set1_req(r, "application/ocsp-request", it, req)
+#   define OCSP_REQ_CTX_set1_req(r, req) \
+        OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req))
 #   define OCSP_REQ_CTX_nbio(r) \
         OSSL_HTTP_REQ_CTX_nbio(r)
 #   define OCSP_REQ_CTX_nbio_d2i(r, p, i)        \
@@ -196,8 +198,6 @@ typedef OSSL_HTTP_REQ_CTX OCSP_REQ_CTX;
         OSSL_HTTP_REQ_CTX_get0_mem_bio(r)
 #   define OCSP_set_max_response_length(r, l) \
         OSSL_HTTP_REQ_CTX_set_max_response_length(r, l)
-#   define OCSP_REQ_CTX_set1_req(r, req) \
-        OCSP_REQ_CTX_i2d(r, ASN1_ITEM_rptr(OCSP_REQUEST), (ASN1_VALUE *)(req))
 #  endif
 
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
diff --git a/util/other.syms b/util/other.syms
index 54eeeb95cf..bd9f4d32a9 100644
--- a/util/other.syms
+++ b/util/other.syms
@@ -333,6 +333,7 @@ EVP_seed_cfb                            define
 EVP_sm4_cfb                             define
 OBJ_cleanup                             define deprecated 1.1.0
 OCSP_parse_url                          define
+OCSP_REQ_CTX                            datatype deprecated 3.0.0
 OCSP_REQ_CTX_add1_header                define deprecated 3.0.0
 OCSP_REQ_CTX_free                       define deprecated 3.0.0
 OCSP_REQ_CTX_i2d                        define deprecated 3.0.0