From d2b6c06274f37c5c6c967939ee556c4be5b568d0 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 27 May 2021 15:03:06 +0100
Subject: [PATCH] Ensure libctx/propq is propagated when handling X509_REQ

When we create via d2i or dup an X509_REQ we should ensure that the libctx
is properly propagated. We also ensure we create X509_REQ objects with the
proper libctx assigned in the CMP tests.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15591)
---
 crypto/x509/x_all.c    | 10 +++++++++-
 crypto/x509/x_req.c    | 31 +++++++++++++++++++++++++++++++
 test/cmp_client_test.c |  2 +-
 test/cmp_msg_test.c    |  4 ++--
 test/testutil.h        |  2 +-
 test/testutil/load.c   |  7 +++++--
 6 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 92b659d009..88c75c3d36 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -239,7 +239,15 @@ int i2d_X509_REQ_fp(FILE *fp, const X509_REQ *req)
 
 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
 {
-    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+    OSSL_LIB_CTX *libctx = NULL;
+    const char *propq = NULL;
+
+    if (req != NULL && *req != NULL) {
+        libctx = (*req)->libctx;
+        propq = (*req)->propq;
+    }
+
+    return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(X509_REQ), bp, req, libctx, propq);
 }
 
 int i2d_X509_REQ_bio(BIO *bp, const X509_REQ *req)
diff --git a/crypto/x509/x_req.c b/crypto/x509/x_req.c
index 1b4e1587dd..293d4be713 100644
--- a/crypto/x509/x_req.c
+++ b/crypto/x509/x_req.c
@@ -68,6 +68,37 @@ static int req_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
             if (!ossl_x509_req_set0_libctx(ret, old->libctx, old->propq))
                 return 0;
+            if (old->req_info.pubkey != NULL) {
+                EVP_PKEY *pkey = X509_PUBKEY_get0(old->req_info.pubkey);
+
+                if (pkey != NULL) {
+                    pkey = EVP_PKEY_dup(pkey);
+                    if (pkey == NULL) {
+                        ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE);
+                        return 0;
+                    }
+                    if (!X509_PUBKEY_set(&ret->req_info.pubkey, pkey)) {
+                        EVP_PKEY_free(pkey);
+                        ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
+                        return 0;
+                    }
+                    EVP_PKEY_free(pkey);
+                }
+            }
+        }
+        break;
+    case ASN1_OP_GET0_LIBCTX:
+        {
+            OSSL_LIB_CTX **libctx = exarg;
+
+            *libctx = ret->libctx;
+        }
+        break;
+    case ASN1_OP_GET0_PROPQ:
+        {
+            const char **propq = exarg;
+
+            *propq = ret->propq;
         }
         break;
     }
diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c
index 863a765886..f470f5e445 100644
--- a/test/cmp_client_test.c
+++ b/test/cmp_client_test.c
@@ -223,7 +223,7 @@ static int test_exec_P10CR_ses(void)
     SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
     fixture->req_type = OSSL_CMP_P10CR;
     fixture->expected = 1;
-    if (!TEST_ptr(req = load_csr_der(pkcs10_f))
+    if (!TEST_ptr(req = load_csr_der(pkcs10_f, libctx))
             || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, req))) {
         tear_down(fixture);
         fixture = NULL;
diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c
index a9a858c07a..4f2ca1b40b 100644
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@@ -226,7 +226,7 @@ static int test_cmp_create_p10cr(void)
     fixture->bodytype = OSSL_CMP_PKIBODY_P10CR;
     fixture->err_code = CMP_R_ERROR_CREATING_CERTREQ;
     fixture->expected = 1;
-    if (!TEST_ptr(p10cr = load_csr_der(pkcs10_f))
+    if (!TEST_ptr(p10cr = load_csr_der(pkcs10_f, libctx))
             || !TEST_true(set1_newPkey(ctx, newkey))
             || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(ctx, p10cr))) {
         tear_down(fixture);
@@ -504,7 +504,7 @@ static int test_cmp_pkimessage_create(int bodytype)
     switch (fixture->bodytype = bodytype) {
     case OSSL_CMP_PKIBODY_P10CR:
         fixture->expected = 1;
-        p10cr = load_csr_der(pkcs10_f);
+        p10cr = load_csr_der(pkcs10_f, libctx);
         if (!TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, p10cr))) {
             tear_down(fixture);
             fixture = NULL;
diff --git a/test/testutil.h b/test/testutil.h
index 710f51c147..c28df702cc 100644
--- a/test/testutil.h
+++ b/test/testutil.h
@@ -592,6 +592,6 @@ EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx);
 X509 *load_cert_pem(const char *file, OSSL_LIB_CTX *libctx);
 X509 *load_cert_der(const unsigned char *bytes, int len);
 STACK_OF(X509) *load_certs_pem(const char *file);
-X509_REQ *load_csr_der(const char *file);
+X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx);
 
 #endif                          /* OSSL_TESTUTIL_H */
diff --git a/test/testutil/load.c b/test/testutil/load.c
index 444fb8a78d..be30d7e053 100644
--- a/test/testutil/load.c
+++ b/test/testutil/load.c
@@ -81,14 +81,17 @@ EVP_PKEY *load_pkey_pem(const char *file, OSSL_LIB_CTX *libctx)
     return key;
 }
 
-X509_REQ *load_csr_der(const char *file)
+X509_REQ *load_csr_der(const char *file, OSSL_LIB_CTX *libctx)
 {
     X509_REQ *csr = NULL;
     BIO *bio = NULL;
 
     if (!TEST_ptr(file) || !TEST_ptr(bio = BIO_new_file(file, "rb")))
         return NULL;
-    (void)TEST_ptr(csr = d2i_X509_REQ_bio(bio, NULL));
+
+    csr = X509_REQ_new_ex(libctx, NULL);
+    if (TEST_ptr(csr))
+        (void)TEST_ptr(d2i_X509_REQ_bio(bio, &csr));
     BIO_free(bio);
     return csr;
 }