Ensure libctx/propq is propagated when handling X509_REQ

When we create via d2i or dup an X509_REQ we should ensure that the libctx is properly propagated. We also ensure we create X509_REQ objects with the proper libctx assigned in the CMP tests. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15591)
2024-11-21 01:15:20 +08:00 · 2021-05-27 15:03:06 +01:00 · 2021-05-27 15:03:06 +01:00 · d2b6c06274
commit d2b6c06274
parent 7be04a3ac4
6 changed files with 49 additions and 7 deletions
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@ -239,7 +239,15 @@ int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req)

 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
 {
-    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+    OSSL_LIB_CTX *libctx = NULL;
+    const char *propq = NULL;
+
+    if (req != NULL && *req != NULL) {
+        libctx = (*req)->libctx;
+        propq = (*req)->propq;
+    }
+
+    return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(X509_REQ), bp, req, libctx, propq);
 }

 int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req)
--- a/crypto/x509/x_req.c
+++ b/crypto/x509/x_req.c
@ -68,6 +68,37 @@ static int req_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,

            if (!ossl_x509_req_set0_libctx(ret, old->libctx, old->propq))
                return 0;
+            if (old->req_info.pubkey != NULL) {
+                EVP_PKEY *pkey = X509_PUBKEY_get0(old->req_info.pubkey);
+
+                if (pkey != NULL) {
+                    pkey = EVP_PKEY_dup(pkey);
+                    if (pkey == NULL) {
+                        ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                    }
+                    if (!X509_PUBKEY_set(&ret->req_info.pubkey, pkey)) {
+                        EVP_PKEY_free(pkey);
+                        ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
+                        return 0;
+                    }
+                    EVP_PKEY_free(pkey);
+                }
+            }
+        }
+        break;
+    case ASN1_OP_GET0_LIBCTX:
+        {
+            OSSL_LIB_CTX **libctx = exarg;
+
+            *libctx = ret->libctx;
+        }
+        break;
+    case ASN1_OP_GET0_PROPQ:
+        {
+            const char **propq = exarg;
+
+            *propq = ret->propq;
        }
        break;
    }
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@ -223,7 +223,7 @@ static int test_exec_P10CR_ses(void)
    SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
    fixture->req_type = OSSL_CMP_P10CR;
    fixture->expected = 1;
-    if (!TEST_ptr(req = load_csr_der(pkcs10_f))
+    if (!TEST_ptr(req = load_csr_der(pkcs10_f, libctx))
            || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, req))) {
        tear_down(fixture);
        fixture = NULL;
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@ -226,7 +226,7 @@ static int test_cmp_create_p10cr(void)
    fixture->bodytype = OSSL_CMP_PKIBODY_P10CR;
    fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ;
    fixture->expected = 1;
-    if (!TEST_ptr(p10cr = load_csr_der(pkcs10_f))
+    if (!TEST_ptr(p10cr = load_csr_der(pkcs10_f, libctx))
            || !TEST_true(set1_newPkey(ctx, newkey))
            || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, p10cr))) {
        tear_down(fixture);
@ -504,7 +504,7 @@ static int test_cmp_pkimessage_create(int bodytype)
    switch (fixture->bodytype = bodytype) {
    case OSSL_CMP_PKIBODY_P10CR:
        fixture->expected = 1;
-        p10cr = load_csr_der(pkcs10_f);
+        p10cr = load_csr_der(pkcs10_f, libctx);
        if (!TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, p10cr))) {
            tear_down(fixture);
            fixture = NULL;
--- a/test/testutil.h
+++ b/test/testutil.h
@ -592,6 +592,6 @@ EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx);
 X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx);
 X509 *load_cert_der(const unsigned char *bytes, int len);
 STACK_OF(X509) *load_certs_pem(const char *file);
-X509_REQ *load_csr_der(const char *file);
+X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx);

 #endif                          /* OSSL_TESTUTIL_H */
--- a/test/testutil/load.c
+++ b/test/testutil/load.c
@ -81,14 +81,17 @@ EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx)
    return key;
 }

-X509_REQ *load_csr_der(const char *file)
+X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx)
 {
    X509_REQ *csr = NULL;
    BIO *bio = NULL;

    if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new_file(file, "rb")))
        return NULL;
-    (void)TEST_ptr(csr = d2i_X509_REQ_bio(bio, NULL));
+
+    csr = X509_REQ_new_ex(libctx, NULL);
+    if (TEST_ptr(csr))
+        (void)TEST_ptr(d2i_X509_REQ_bio(bio, &csr));
    BIO_free(bio);
    return csr;
 }