diff options
| author | Matt Caswell <matt@openssl.org> | 2021-05-26 17:18:13 +0100 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-06-05 17:39:10 +1000 |
| commit | c6313780586f94b0542f55c3ffa399f5ad2c7297 (patch) | |
| tree | 4ee7a22fbbe0e507a1b974b5e2e45778836fed09 | |
| parent | 5dca2afca3f5de55f3de3a404ede1a96c6d9af26 (diff) | |
| download | openssl-c6313780586f94b0542f55c3ffa399f5ad2c7297.zip openssl-c6313780586f94b0542f55c3ffa399f5ad2c7297.tar.gz openssl-c6313780586f94b0542f55c3ffa399f5ad2c7297.tar.bz2 | |
Use the new ASN.1 libctx aware capabilities in CMP
Make sure we pass the libctx/propq around everywhere that we need it to
ensure we get provider keys when needed.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15591)
| -rw-r--r-- | apps/cmp.c | 2 | ||||
| -rw-r--r-- | crypto/cmp/cmp_asn.c | 30 | ||||
| -rw-r--r-- | crypto/cmp/cmp_local.h | 7 | ||||
| -rw-r--r-- | crypto/cmp/cmp_msg.c | 92 | ||||
| -rw-r--r-- | crypto/x509/x_pubkey.c | 14 | ||||
| -rw-r--r-- | include/openssl/cmp.h.in | 3 | ||||
| -rw-r--r-- | test/cmp_protect_test.c | 10 | ||||
| -rw-r--r-- | test/cmp_server_test.c | 2 | ||||
| -rw-r--r-- | test/cmp_vfy_test.c | 28 | ||||
| -rw-r--r-- | test/helpers/cmp_testlib.c | 4 | ||||
| -rw-r--r-- | test/helpers/cmp_testlib.h | 2 |
11 files changed, 153 insertions, 41 deletions
@@ -729,7 +729,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames) file = *filenames; *filenames = next_item(file); - ret = OSSL_CMP_MSG_read(file); + ret = OSSL_CMP_MSG_read(file, app_get0_libctx(), app_get0_propq()); if (ret == NULL) CMP_err1("cannot read PKIMessage from file '%s'", file); return ret; diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c index e2f7169..1d17f77 100644 --- a/crypto/cmp/cmp_asn.c +++ b/crypto/cmp/cmp_asn.c @@ -208,6 +208,31 @@ int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a) return (int)res; } +static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval, + const ASN1_ITEM *it, void *exarg) +{ + OSSL_CMP_MSG *ret = (OSSL_CMP_MSG *)*pval; + + switch (operation) { + case ASN1_OP_FREE_POST: + OPENSSL_free(ret->propq); + break; + + case ASN1_OP_DUP_POST: + { + OSSL_CMP_MSG *old = exarg; + + if (!ossl_cmp_msg_set0_libctx(ret, old->libctx, old->propq)) + return 0; + } + break; + default: + break; + } + + return 1; +} + ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = { /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0), @@ -405,14 +430,13 @@ ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = { } ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART) IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART) -ASN1_SEQUENCE(OSSL_CMP_MSG) = { +ASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = { ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY), ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0), /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1) -} ASN1_SEQUENCE_END(OSSL_CMP_MSG) -IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_MSG) +} ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG) IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 2b22db3..9dba9e8 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -670,8 +670,11 @@ struct ossl_cmp_msg_st { ASN1_BIT_STRING *protection; /* 0 */ /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ STACK_OF(X509) *extraCerts; /* 1 */ + OSSL_LIB_CTX *libctx; + char *propq; } /* OSSL_CMP_MSG */; -DECLARE_ASN1_FUNCTIONS(OSSL_CMP_MSG) +OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq); +void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /*- * ProtectedPart ::= SEQUENCE { @@ -852,6 +855,8 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr); # define OSSL_CMP_CERTREQID 0 /* sequence id for the first - and so far only - revocation request */ # define OSSL_CMP_REVREQSID 0 +int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, + const char *propq); const char *ossl_cmp_bodytype_to_string(int type); int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type); int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg); diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index b9c347a..b625147 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -20,6 +20,46 @@ #include <openssl/err.h> #include <openssl/x509.h> +OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq) +{ + OSSL_CMP_MSG *msg = NULL; + + msg = (OSSL_CMP_MSG *)ASN1_item_new_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), + libctx, propq); + if (!ossl_cmp_msg_set0_libctx(msg, libctx, propq)) { + OSSL_CMP_MSG_free(msg); + msg = NULL; + } + return msg; +} + +void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg) +{ + ASN1_item_free((ASN1_VALUE *)msg, ASN1_ITEM_rptr(OSSL_CMP_MSG)); +} + +/* + * This should only be used if the X509 object was embedded inside another + * asn1 object and it needs a libctx to operate. + * Use OSSL_CMP_MSG_new() instead if possible. + */ +int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx, + const char *propq) +{ + if (msg != NULL) { + msg->libctx = libctx; + OPENSSL_free(msg->propq); + msg->propq = NULL; + if (propq != NULL) { + msg->propq = OPENSSL_strdup(propq); + if (msg->propq == NULL) + return 0; + } + } + return 1; +} + + OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg) { if (msg == NULL) { @@ -125,7 +165,7 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype) if (!ossl_assert(ctx != NULL)) return NULL; - if ((msg = OSSL_CMP_MSG_new()) == NULL) + if ((msg = OSSL_CMP_MSG_new(ctx->libctx, ctx->propq)) == NULL) return NULL; if (!ossl_cmp_hdr_init(ctx, msg->header) || !ossl_cmp_msg_set_bodytype(msg, bodytype)) @@ -1031,9 +1071,10 @@ int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) || ossl_cmp_msg_protect(ctx, msg); } -OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file) +OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, + const char *propq) { - OSSL_CMP_MSG *msg = NULL; + OSSL_CMP_MSG *msg; BIO *bio = NULL; if (file == NULL) { @@ -1041,9 +1082,18 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file) return NULL; } + msg = OSSL_CMP_MSG_new(libctx, propq); + if (msg == NULL){ + ERR_raise(ERR_LIB_CMP, ERR_R_MALLOC_FAILURE); + return NULL; + } + if ((bio = BIO_new_file(file, "rb")) == NULL) return NULL; - msg = d2i_OSSL_CMP_MSG_bio(bio, NULL); + if (d2i_OSSL_CMP_MSG_bio(bio, &msg) == NULL) { + OSSL_CMP_MSG_free(msg); + msg = NULL; + } BIO_free(bio); return msg; } @@ -1066,10 +1116,40 @@ int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg) return res; } +OSSL_CMP_MSG *d2i_OSSL_CMP_MSG(OSSL_CMP_MSG **msg, const unsigned char **in, + long len) +{ + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + + if (msg != NULL && *msg != NULL) { + libctx = (*msg)->libctx; + propq = (*msg)->propq; + } + + return (OSSL_CMP_MSG *)ASN1_item_d2i_ex((ASN1_VALUE **)msg, in, len, + ASN1_ITEM_rptr(OSSL_CMP_MSG), + libctx, propq); +} + +int i2d_OSSL_CMP_MSG(const OSSL_CMP_MSG *msg, unsigned char **out) +{ + return ASN1_item_i2d((const ASN1_VALUE *)msg, out, + ASN1_ITEM_rptr(OSSL_CMP_MSG)); +} + OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg) { - return ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new, - d2i_OSSL_CMP_MSG, bio, msg); + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + + if (msg != NULL && *msg != NULL) { + libctx = (*msg)->libctx; + propq = (*msg)->propq; + } + + return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), bio, msg, libctx, + propq); } int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg) diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index d83e5c5..2fe5724 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -104,17 +104,18 @@ static int x509_pubkey_ex_new_ex(ASN1_VALUE **pval, const ASN1_ITEM *it, return ret != NULL; } -static int x509_pubkey_ex_d2i(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, - char opt, ASN1_TLC *ctx) +static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval, + const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, + char opt, ASN1_TLC *ctx, OSSL_LIB_CTX *libctx, + const char *propq) { const unsigned char *in_saved = *in; X509_PUBKEY *pubkey; int ret; OSSL_DECODER_CTX *dctx = NULL; - if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, NULL, NULL)) + if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, libctx, propq)) return 0; if (!x509_pubkey_ex_populate(pval, NULL)) { ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); @@ -197,10 +198,11 @@ static const ASN1_EXTERN_FUNCS x509_pubkey_ff = { NULL, x509_pubkey_ex_free, 0, /* Default clear behaviour is OK */ - x509_pubkey_ex_d2i, + NULL, x509_pubkey_ex_i2d, x509_pubkey_ex_print, x509_pubkey_ex_new_ex, + x509_pubkey_ex_d2i_ex, }; IMPLEMENT_EXTERN_ASN1(X509_PUBKEY, V_ASN1_SEQUENCE, x509_pubkey_ff) diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in index 352ffcd..27afa27 100644 --- a/include/openssl/cmp.h.in +++ b/include/openssl/cmp.h.in @@ -380,7 +380,8 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr); OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg); int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg); OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid); -OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file); +OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx, + const char *propq); int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg); OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg); int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg); diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index 5fafb69..9111b89 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -143,7 +143,7 @@ static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE * static int test_cmp_calc_protection_no_key_no_secret(void) { SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx)) || !TEST_ptr(fixture->msg->header->protectionAlg = X509_ALGOR_new() /* no specific alg needed here */)) { tear_down(fixture); @@ -159,7 +159,7 @@ static int test_cmp_calc_protection_pkey(void) SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); fixture->pubkey = loadedpubkey; if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey)) - || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -174,7 +174,7 @@ static int test_cmp_calc_protection_pbmac(void) SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up); if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_insta, sizeof(sec_insta))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -577,8 +577,8 @@ int setup_tests(void) return 0; if (TEST_true(EVP_PKEY_up_ref(loadedprivkey))) loadedpubkey = loadedprivkey; - if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f)) - || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f))) + if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx)) + || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))) return 0; if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx)) || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx)) diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c index bff42c8..d93a75d 100644 --- a/test/cmp_server_test.c +++ b/test/cmp_server_test.c @@ -148,7 +148,7 @@ int setup_tests(void) if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 1, USAGE)) return 0; - if (!TEST_ptr(request = load_pkimsg(request_f))) { + if (!TEST_ptr(request = load_pkimsg(request_f, libctx))) { cleanup_tests(); return 0; } diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index 2a06e0b..a480090 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -91,7 +91,7 @@ static int flip_bit(ASN1_BIT_STRING *bitstr) static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture) { - if ((fixture->msg = load_pkimsg(ir_protected_f)) == NULL) + if ((fixture->msg = load_pkimsg(ir_protected_f, libctx)) == NULL) return 0; if (fixture->expected == 0) { const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir; @@ -153,7 +153,7 @@ static int test_validate_msg_mac_alg_protection(void) fixture->expected = 1; if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1, sizeof(sec_1))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -174,7 +174,7 @@ static int test_validate_msg_mac_alg_protection_bad(void) if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad, sizeof(sec_bad))) - || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) { + || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -203,7 +203,7 @@ static int test_validate_msg_signature_partial_chain(int expired) ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx); fixture->expected = !expired; if (ts == NULL - || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !add_trusted(fixture->cmp_ctx, srvcert)) { tear_down(fixture); fixture = NULL; @@ -233,7 +233,7 @@ static int test_validate_msg_signature_srvcert_wrong(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) { tear_down(fixture); fixture = NULL; @@ -246,7 +246,7 @@ static int test_validate_msg_signature_srvcert(int bad_sig) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = !bad_sig; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert)) || (bad_sig && !flip_bit(fixture->msg->protection))) { tear_down(fixture); @@ -272,7 +272,7 @@ static int test_validate_msg_signature_sender_cert_untrusted(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert) || !add_untrusted(fixture->cmp_ctx, insta_cert)) { tear_down(fixture); @@ -286,7 +286,7 @@ static int test_validate_msg_signature_sender_cert_trusted(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert) || !add_trusted(fixture->cmp_ctx, insta_cert)) { tear_down(fixture); @@ -300,7 +300,7 @@ static int test_validate_msg_signature_sender_cert_extracert(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 1; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx)) || !add_trusted(fixture->cmp_ctx, instaca_cert)) { tear_down(fixture); fixture = NULL; @@ -315,7 +315,7 @@ static int test_validate_msg_signature_sender_cert_absent(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))) { + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) { tear_down(fixture); fixture = NULL; } @@ -328,7 +328,7 @@ static int test_validate_with_sender(const X509_NAME *name, int expected) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = expected; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f)) + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name)) || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))) { tear_down(fixture); @@ -353,7 +353,7 @@ static int test_validate_msg_unprotected_request(void) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); fixture->expected = 0; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))) { + if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))) { tear_down(fixture); fixture = NULL; } @@ -620,8 +620,8 @@ int setup_tests(void) goto err; if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH))) goto err; - if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)) - || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f))) + if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)) + || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx))) goto err; /* Message validation tests */ diff --git a/test/helpers/cmp_testlib.c b/test/helpers/cmp_testlib.c index 2d7297c..e0fb1d3 100644 --- a/test/helpers/cmp_testlib.c +++ b/test/helpers/cmp_testlib.c @@ -12,11 +12,11 @@ #include "cmp_testlib.h" #include <openssl/rsa.h> /* needed in case config no-deprecated */ -OSSL_CMP_MSG *load_pkimsg(const char *file) +OSSL_CMP_MSG *load_pkimsg(const char *file, OSSL_LIB_CTX *libctx) { OSSL_CMP_MSG *msg; - (void)TEST_ptr((msg = OSSL_CMP_MSG_read(file))); + (void)TEST_ptr((msg = OSSL_CMP_MSG_read(file, libctx, NULL))); return msg; } diff --git a/test/helpers/cmp_testlib.h b/test/helpers/cmp_testlib.h index 681b06a..50b085b 100644 --- a/test/helpers/cmp_testlib.h +++ b/test/helpers/cmp_testlib.h @@ -21,7 +21,7 @@ # ifndef OPENSSL_NO_CMP # define CMP_TEST_REFVALUE_LENGTH 15 /* arbitrary value */ -OSSL_CMP_MSG *load_pkimsg(const char *file); +OSSL_CMP_MSG *load_pkimsg(const char *file, OSSL_LIB_CTX *libctx); int valid_asn1_encoding(const OSSL_CMP_MSG *msg); int STACK_OF_X509_cmp(const STACK_OF(X509) *sk1, const STACK_OF(X509) *sk2); int STACK_OF_X509_push1(STACK_OF(X509) *sk, X509 *cert); |