From c6313780586f94b0542f55c3ffa399f5ad2c7297 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 26 May 2021 17:18:13 +0100 Subject: [PATCH] Use the new ASN.1 libctx aware capabilities in CMP Make sure we pass the libctx/propq around everywhere that we need it to ensure we get provider keys when needed. Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15591) --- apps/cmp.c | 2 +- crypto/cmp/cmp_asn.c | 30 +++++++++++-- crypto/cmp/cmp_local.h | 7 ++- crypto/cmp/cmp_msg.c | 92 +++++++++++++++++++++++++++++++++++--- crypto/x509/x_pubkey.c | 14 +++--- include/openssl/cmp.h.in | 3 +- test/cmp_protect_test.c | 10 ++--- test/cmp_server_test.c | 2 +- test/cmp_vfy_test.c | 28 ++++++------ test/helpers/cmp_testlib.c | 4 +- test/helpers/cmp_testlib.h | 2 +- 11 files changed, 153 insertions(+), 41 deletions(-) diff --git a/apps/cmp.c b/apps/cmp.c index 03530f2584..dfd2981425 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -729,7 +729,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames) file = *filenames; *filenames = next_item(file); - ret = OSSL_CMP_MSG_read(file); + ret = OSSL_CMP_MSG_read(file, app_get0_libctx(), app_get0_propq()); if (ret == NULL) CMP_err1("cannot read PKIMessage from file '%s'", file); return ret; diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c index e2f7169dda..1d17f77bd6 100644 --- a/crypto/cmp/cmp_asn.c +++ b/crypto/cmp/cmp_asn.c @@ -208,6 +208,31 @@ int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a) return (int)res; } +static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval, + const ASN1_ITEM *it, void *exarg) +{ + OSSL_CMP_MSG *ret = (OSSL_CMP_MSG *)*pval; + + switch (operation) { + case ASN1_OP_FREE_POST: + OPENSSL_free(ret->propq); + break; + + case ASN1_OP_DUP_POST: + { + OSSL_CMP_MSG *old = exarg; + + if (!ossl_cmp_msg_set0_libctx(ret, old->libctx, old->propq)) + return 0; + } + break; + default: + break; + } + + return 1; +} + ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = { /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0), @@ -405,14 +430,13 @@ ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = { } ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART) -ASN1_SEQUENCE(OSSL_CMP_MSG) = { +ASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = { ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY), ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0), /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1) -} ASN1_SEQUENCE_END(OSSL_CMP_MSG) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_MSG) +} ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 2b22db3e82..9dba9e8169 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -670,8 +670,11 @@ struct ossl_cmp_msg_st { ASN1_BIT_STRING *protection; /* 0 */ /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ STACK_OF(X509) *extraCerts; /* 1 */ + OSSL_LIB_CTX *libctx; + char *propq; } /* OSSL_CMP_MSG */; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_MSG) +OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq); +void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /*- * ProtectedPart ::= SEQUENCE { @@ -852,6 +855,8 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); # define OSSL_CMP_CERTREQID 0 /* sequence id for the first - and so far only - revocation request */ # define OSSL_CMP_REVREQSID 0 +int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, + const char *propq); const char *ossl_cmp_bodytype_to_string(int type); int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type); int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg); diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index b9c347afb8..b625147b6e 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -20,6 +20,46 @@ #include #include +OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq) +{ + OSSL_CMP_MSG *msg = NULL; + + msg = (OSSL_CMP_MSG *)ASN1_item_new_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), + libctx, propq); + if (!ossl_cmp_msg_set0_libctx(msg, libctx, propq)) { + OSSL_CMP_MSG_free(msg); + msg = NULL; + } + return msg; +} + +void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg) +{ + ASN1_item_free((ASN1_VALUE *)msg, ASN1_ITEM_rptr(OSSL_CMP_MSG)); +} + +/* + * This should only be used if the X509 object was embedded inside another + * asn1 object and it needs a libctx to operate. + * Use OSSL_CMP_MSG_new() instead if possible. + */ +int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, + const char *propq) +{ + if (msg != NULL) { + msg->libctx = libctx; + OPENSSL_free(msg->propq); + msg->propq = NULL; + if (propq != NULL) { + msg->propq = OPENSSL_strdup(propq); + if (msg->propq == NULL) + return 0; + } + } + return 1; +} + + OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg) { if (msg == NULL) { @@ -125,7 +165,7 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) if (!ossl_assert(ctx != NULL)) return NULL; - if ((msg = OSSL_CMP_MSG_new()) == NULL) + if ((msg = OSSL_CMP_MSG_new(ctx->libctx, ctx->propq)) == NULL) return NULL; if (!ossl_cmp_hdr_init(ctx, msg->header) || !ossl_cmp_msg_set_bodytype(msg, bodytype)) @@ -1031,9 +1071,10 @@ int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) || ossl_cmp_msg_protect(ctx, msg); } -OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file) +OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, + const char *propq) { - OSSL_CMP_MSG *msg = NULL; + OSSL_CMP_MSG *msg; BIO *bio = NULL; if (file == NULL) { @@ -1041,9 +1082,18 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file) return NULL; } + msg = OSSL_CMP_MSG_new(libctx, propq); + if (msg == NULL){ + ERR_raise(ERR_LIB_CMP, ERR_R_MALLOC_FAILURE); + return NULL; + } + if ((bio = BIO_new_file(file, "rb")) == NULL) return NULL; - msg = d2i_OSSL_CMP_MSG_bio(bio, NULL); + if (d2i_OSSL_CMP_MSG_bio(bio, &msg) == NULL) { + OSSL_CMP_MSG_free(msg); + msg = NULL; + } BIO_free(bio); return msg; } @@ -1066,10 +1116,40 @@ int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg) return res; } +OSSL_CMP_MSG *d2i_OSSL_CMP_MSG(OSSL_CMP_MSG **msg, const unsigned char **in, + long len) +{ + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + + if (msg != NULL && *msg != NULL) { + libctx = (*msg)->libctx; + propq = (*msg)->propq; + } + + return (OSSL_CMP_MSG *)ASN1_item_d2i_ex((ASN1_VALUE **)msg, in, len, + ASN1_ITEM_rptr(OSSL_CMP_MSG), + libctx, propq); +} + +int i2d_OSSL_CMP_MSG(const OSSL_CMP_MSG *msg, unsigned char **out) +{ + return ASN1_item_i2d((const ASN1_VALUE *)msg, out, + ASN1_ITEM_rptr(OSSL_CMP_MSG)); +} + OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg) { - return ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new, - d2i_OSSL_CMP_MSG, bio, msg); + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + + if (msg != NULL && *msg != NULL) { + libctx = (*msg)->libctx; + propq = (*msg)->propq; + } + + return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), bio, msg, libctx, + propq); } int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg) diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index d83e5c59e0..2fe5724743 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -104,17 +104,18 @@ static int x509_pubkey_ex_new_ex(ASN1_VALUE **pval, const ASN1_ITEM *it, return ret != NULL; } -static int x509_pubkey_ex_d2i(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, - char opt, ASN1_TLC *ctx) +static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval, + const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, + char opt, ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, + const char *propq) { const unsigned char *in_saved = *in; X509_PUBKEY *pubkey; int ret; OSSL_DECODER_CTX *dctx = NULL; - if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, NULL, NULL)) + if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, libctx, propq)) return 0; if (!x509_pubkey_ex_populate(pval, NULL)) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); @@ -197,10 +198,11 @@ static const ASN1_EXTERN_FUNCS x509_pubkey_ff = { NULL, x509_pubkey_ex_free, 0, /* Default clear behaviour is OK */ - x509_pubkey_ex_d2i, + NULL, x509_pubkey_ex_i2d, x509_pubkey_ex_print, x509_pubkey_ex_new_ex, + x509_pubkey_ex_d2i_ex, }; IMPLEMENT_EXTERN_ASN1(X509_PUBKEY, V_ASN1_SEQUENCE, x509_pubkey_ff) diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index 352ffcdb2f..27afa27d6a 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -380,7 +380,8 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); -OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file); +OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, + const char *propq); int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index 5fafb69475..9111b89423 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -143,7 +143,7 @@ static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * static int test_cmp_calc_protection_no_key_no_secret(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx)) || !TEST_ptr(fixture->msg->header->protectionAlg = X509_ALGOR_new() /* no specific alg needed here */)) { tear_down(fixture); @@ -159,7 +159,7 @@ static int test_cmp_calc_protection_pkey(void) SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->pubkey = loadedpubkey; if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey)) - || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -174,7 +174,7 @@ static int test_cmp_calc_protection_pbmac(void) SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_insta, sizeof(sec_insta))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -577,8 +577,8 @@ int setup_tests(void) return 0; if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) loadedpubkey = loadedprivkey; - if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f)) - || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f))) + if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) + || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) return 0; if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c index bff42c8baf..d93a75db81 100644 --- a/test/cmp_server_test.c +++ b/test/cmp_server_test.c @@ -148,7 +148,7 @@ int setup_tests(void) if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 1, USAGE)) return 0; - if (!TEST_ptr(request = load_pkimsg(request_f))) { + if (!TEST_ptr(request = load_pkimsg(request_f, libctx))) { cleanup_tests(); return 0; } diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index 2a06e0b097..a480090363 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -91,7 +91,7 @@ static int flip_bit(ASN1_BIT_STRING *bitstr) static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture) { - if ((fixture->msg = load_pkimsg(ir_protected_f)) == NULL) + if ((fixture->msg = load_pkimsg(ir_protected_f, libctx)) == NULL) return 0; if (fixture->expected == 0) { const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir; @@ -153,7 +153,7 @@ static int test_validate_msg_mac_alg_protection(void) fixture->expected = 1; if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1, sizeof(sec_1))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -174,7 +174,7 @@ static int test_validate_msg_mac_alg_protection_bad(void) if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad, sizeof(sec_bad))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -203,7 +203,7 @@ static int test_validate_msg_signature_partial_chain(int expired) ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx); fixture->expected = !expired; if (ts == NULL - || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !add_trusted(fixture->cmp_ctx, srvcert)) { tear_down(fixture); fixture = NULL; @@ -233,7 +233,7 @@ static int test_validate_msg_signature_srvcert_wrong(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) { tear_down(fixture); fixture = NULL; @@ -246,7 +246,7 @@ static int test_validate_msg_signature_srvcert(int bad_sig) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = !bad_sig; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert)) || (bad_sig && !flip_bit(fixture->msg->protection))) { tear_down(fixture); @@ -272,7 +272,7 @@ static int test_validate_msg_signature_sender_cert_untrusted(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert) || !add_untrusted(fixture->cmp_ctx, insta_cert)) { tear_down(fixture); @@ -286,7 +286,7 @@ static int test_validate_msg_signature_sender_cert_trusted(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert) || !add_trusted(fixture->cmp_ctx, insta_cert)) { tear_down(fixture); @@ -300,7 +300,7 @@ static int test_validate_msg_signature_sender_cert_extracert(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert)) { tear_down(fixture); fixture = NULL; @@ -315,7 +315,7 @@ static int test_validate_msg_signature_sender_cert_absent(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))) { + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) { tear_down(fixture); fixture = NULL; } @@ -328,7 +328,7 @@ static int test_validate_with_sender(const X509_NAME *name, int expected) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = expected; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name)) || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))) { tear_down(fixture); @@ -353,7 +353,7 @@ static int test_validate_msg_unprotected_request(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))) { + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -620,8 +620,8 @@ int setup_tests(void) goto err; if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) goto err; - if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)) - || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f))) + if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)) + || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx))) goto err; /* Message validation tests */ diff --git a/test/helpers/cmp_testlib.c b/test/helpers/cmp_testlib.c index 2d7297c42b..e0fb1d3d34 100644 --- a/test/helpers/cmp_testlib.c +++ b/test/helpers/cmp_testlib.c @@ -12,11 +12,11 @@ #include "cmp_testlib.h" #include /* needed in case config no-deprecated */ -OSSL_CMP_MSG *load_pkimsg(const char *file) +OSSL_CMP_MSG *load_pkimsg(const char *file, OSSL_LIB_CTX *libctx) { OSSL_CMP_MSG *msg; - (void)TEST_ptr((msg = OSSL_CMP_MSG_read(file))); + (void)TEST_ptr((msg = OSSL_CMP_MSG_read(file, libctx, NULL))); return msg; } diff --git a/test/helpers/cmp_testlib.h b/test/helpers/cmp_testlib.h index 681b06ae22..50b085beca 100644 --- a/test/helpers/cmp_testlib.h +++ b/test/helpers/cmp_testlib.h @@ -21,7 +21,7 @@ # ifndef OPENSSL_NO_CMP # define CMP_TEST_REFVALUE_LENGTH 15 /* arbitrary value */ -OSSL_CMP_MSG *load_pkimsg(const char *file); +OSSL_CMP_MSG *load_pkimsg(const char *file, OSSL_LIB_CTX *libctx); int valid_asn1_encoding(const OSSL_CMP_MSG *msg); int STACK_OF_X509_cmp(const STACK_OF(X509) *sk1, const STACK_OF(X509) *sk2); int STACK_OF_X509_push1(STACK_OF(X509) *sk, X509 *cert);