From 92cae9b42de1eec3da7ef6ccb36188ff61f3e0df Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Tue, 15 Mar 2022 18:40:32 +0100 Subject: [PATCH] OSSL_CMP_CTX_new.pod: make references to private key consistent with OSSL_CMP_MSG_get0_header.pod Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz Reviewed-by: David von Oheimb (Merged from https://github.com/openssl/openssl/pull/17887) --- doc/man3/OSSL_CMP_CTX_new.pod | 8 ++++---- doc/man3/OSSL_CMP_MSG_get0_header.pod | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index f40c9a0f932fb..ac60ac650cfe9 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -248,7 +248,7 @@ The following options can be set: ("indirect method") Note that a signature-based POPO can only be produced if a private key - is provided as the newPkey or client pkey component of the CMP context. + is provided as the newPkey or client's pkey component of the CMP context. =item B @@ -449,7 +449,7 @@ The reference counts of those certificates handled successfully are increased. OSSL_CMP_CTX_get0_untrusted(OSSL_CMP_CTX *ctx) returns a pointer to the list of untrusted certs, which may be empty if unset. -OSSL_CMP_CTX_set1_cert() sets the certificate related to the private key +OSSL_CMP_CTX_set1_cert() sets the certificate related to the client's private key used for CMP message protection. Therefore the public key of this I must correspond to the private key set before or thereafter via OSSL_CMP_CTX_set1_pkey(). @@ -477,7 +477,7 @@ Calling this function is optional; by default a chain construction is performed on demand that is equivalent to calling this function with the I and I arguments being NULL. -OSSL_CMP_CTX_set1_pkey() sets the private key corresponding to the +OSSL_CMP_CTX_set1_pkey() sets the client's private key corresponding to the CMP signer certificate set via OSSL_CMP_CTX_set1_cert(). This key is used create signature-based protection (protectionAlg = MSG_SIG_ALG) of outgoing messages @@ -528,7 +528,7 @@ The I parameter must be 0 if and only if the given key is a public key. OSSL_CMP_CTX_get0_newPkey() gives the key to use for certificate enrollment dependent on fields of the CMP context structure: the newPkey (which may be a private or public key) if present, -else the public key in the p10CSR if present, else the client private key. +else the public key in the p10CSR if present, else the client's private key. If the I parameter is not 0 and the selected key does not have a private component then NULL is returned. diff --git a/doc/man3/OSSL_CMP_MSG_get0_header.pod b/doc/man3/OSSL_CMP_MSG_get0_header.pod index 6bc0d26188039..113dea06b5d32 100644 --- a/doc/man3/OSSL_CMP_MSG_get0_header.pod +++ b/doc/man3/OSSL_CMP_MSG_get0_header.pod @@ -65,7 +65,8 @@ The public key included is the first available value of these: =item the public key of any reference certificate given in I, or -=item the public key derived from any client private key set via L. +=item the public key derived from any client's private key +set via L. =back