Use the new ASN.1 libctx aware capabilities in CMP

Make sure we pass the libctx/propq around everywhere that we need it to
ensure we get provider keys when needed.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15591)

diff --git a/apps/cmp.c b/apps/cmp.c
index 03530f258410459ca16f61a34df293548c5aea4d..dfd2981425345cac379d4bb4205ed1e4732f6a34 100644 (file)
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -729,7 +729,7 @@ static OSSL_CMP_MSG *read_PKIMESSAGE(char **filenames)
     file = *filenames;
     *filenames = next_item(file);
 
-    ret = OSSL_CMP_MSG_read(file);
+    ret = OSSL_CMP_MSG_read(file, app_get0_libctx(), app_get0_propq());
     if (ret == NULL)
         CMP_err1("cannot read PKIMessage from file '%s'", file);
     return ret;

diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c
index e2f7169ddabb362eb35497b391912558dc477663..1d17f77bd6adc50808d9630e804ba63f1de3c8ff 100644 (file)
--- a/crypto/cmp/cmp_asn.c
+++ b/crypto/cmp/cmp_asn.c
@@ -208,6 +208,31 @@ int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a)
     return (int)res;
 }
 
+static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval,
+                           const ASN1_ITEM *it, void *exarg)
+{
+    OSSL_CMP_MSG *ret = (OSSL_CMP_MSG *)*pval;
+
+    switch (operation) {
+    case ASN1_OP_FREE_POST:
+        OPENSSL_free(ret->propq);
+        break;
+
+    case ASN1_OP_DUP_POST:
+        {
+            OSSL_CMP_MSG *old = exarg;
+
+            if (!ossl_cmp_msg_set0_libctx(ret, old->libctx, old->propq))
+                return 0;
+        }
+        break;
+    default:
+        break;
+    }
+
+    return 1;
+}
+
 ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = {
     /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
     ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0),
@@ -405,14 +430,13 @@ ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = {
 } ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART)
 
-ASN1_SEQUENCE(OSSL_CMP_MSG) = {
+ASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = {
     ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
     ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY),
     ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0),
     /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
     ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1)
-} ASN1_SEQUENCE_END(OSSL_CMP_MSG)
-IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_MSG)
+} ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG)
 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
 
 ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) =

diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index 2b22db3e82797e21a8d1c1c017401aead80dc8e4..9dba9e81699a78ecb3d888ea3bad28fed76b675e 100644 (file)
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -670,8 +670,11 @@ struct ossl_cmp_msg_st {
     ASN1_BIT_STRING *protection; /* 0 */
     /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
     STACK_OF(X509) *extraCerts; /* 1 */
+    OSSL_LIB_CTX *libctx;
+    char *propq;
 } /* OSSL_CMP_MSG */;
-DECLARE_ASN1_FUNCTIONS(OSSL_CMP_MSG)
+OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq);
+void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg);
 
 /*-
  * ProtectedPart ::= SEQUENCE {
@@ -852,6 +855,8 @@ int ossl_cmp_hdr_init(OSSL_CMP_CTX *ctx, OSSL_CMP_PKIHEADER *hdr);
 # define OSSL_CMP_CERTREQID 0
 /* sequence id for the first - and so far only - revocation request */
 # define OSSL_CMP_REVREQSID 0
+int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx,
+                             const char *propq);
 const char *ossl_cmp_bodytype_to_string(int type);
 int ossl_cmp_msg_set_bodytype(OSSL_CMP_MSG *msg, int type);
 int ossl_cmp_msg_get_bodytype(const OSSL_CMP_MSG *msg);

diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index b9c347afb82e37ec5a61bef9e90c96b47c17364d..b625147b6e97ebc0dc5190be004f0c17ae2d9076 100644 (file)
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -20,6 +20,46 @@
 #include <openssl/err.h>
 #include <openssl/x509.h>
 
+OSSL_CMP_MSG *OSSL_CMP_MSG_new(OSSL_LIB_CTX *libctx, const char *propq)
+{
+    OSSL_CMP_MSG *msg = NULL;
+
+    msg = (OSSL_CMP_MSG *)ASN1_item_new_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG),
+                                           libctx, propq);
+    if (!ossl_cmp_msg_set0_libctx(msg, libctx, propq)) {
+        OSSL_CMP_MSG_free(msg);
+        msg = NULL;
+    }
+    return msg;
+}
+
+void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg)
+{
+    ASN1_item_free((ASN1_VALUE *)msg, ASN1_ITEM_rptr(OSSL_CMP_MSG));
+}
+
+/*
+ * This should only be used if the X509 object was embedded inside another
+ * asn1 object and it needs a libctx to operate.
+ * Use OSSL_CMP_MSG_new() instead if possible.
+ */
+int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx,
+                             const char *propq)
+{
+    if (msg != NULL) {
+        msg->libctx = libctx;
+        OPENSSL_free(msg->propq);
+        msg->propq = NULL;
+        if (propq != NULL) {
+            msg->propq = OPENSSL_strdup(propq);
+            if (msg->propq == NULL)
+                return 0;
+        }
+    }
+    return 1;
+}
+
+
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)
 {
     if (msg == NULL) {
@@ -125,7 +165,7 @@ OSSL_CMP_MSG *ossl_cmp_msg_create(OSSL_CMP_CTX *ctx, int bodytype)
     if (!ossl_assert(ctx != NULL))
         return NULL;
 
-    if ((msg = OSSL_CMP_MSG_new()) == NULL)
+    if ((msg = OSSL_CMP_MSG_new(ctx->libctx, ctx->propq)) == NULL)
         return NULL;
     if (!ossl_cmp_hdr_init(ctx, msg->header)
             || !ossl_cmp_msg_set_bodytype(msg, bodytype))
@@ -1031,9 +1071,10 @@ int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
             || ossl_cmp_msg_protect(ctx, msg);
 }
 
-OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file)
+OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
+                                const char *propq)
 {
-    OSSL_CMP_MSG *msg = NULL;
+    OSSL_CMP_MSG *msg;
     BIO *bio = NULL;
 
     if (file == NULL) {
@@ -1041,9 +1082,18 @@ OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file)
         return NULL;
     }
 
+    msg = OSSL_CMP_MSG_new(libctx, propq);
+    if (msg == NULL){
+        ERR_raise(ERR_LIB_CMP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
     if ((bio = BIO_new_file(file, "rb")) == NULL)
         return NULL;
-    msg = d2i_OSSL_CMP_MSG_bio(bio, NULL);
+    if (d2i_OSSL_CMP_MSG_bio(bio, &msg) == NULL) {
+        OSSL_CMP_MSG_free(msg);
+        msg = NULL;
+    }
     BIO_free(bio);
     return msg;
 }
@@ -1066,10 +1116,40 @@ int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg)
     return res;
 }
 
+OSSL_CMP_MSG *d2i_OSSL_CMP_MSG(OSSL_CMP_MSG **msg, const unsigned char **in,
+                               long len)
+{
+    OSSL_LIB_CTX *libctx = NULL;
+    const char *propq = NULL;
+
+    if (msg != NULL && *msg != NULL) {
+        libctx  = (*msg)->libctx;
+        propq = (*msg)->propq;
+    }
+
+    return (OSSL_CMP_MSG *)ASN1_item_d2i_ex((ASN1_VALUE **)msg, in, len,
+                                            ASN1_ITEM_rptr(OSSL_CMP_MSG),
+                                            libctx, propq);
+}
+
+int i2d_OSSL_CMP_MSG(const OSSL_CMP_MSG *msg, unsigned char **out)
+{
+    return ASN1_item_i2d((const ASN1_VALUE *)msg, out,
+                         ASN1_ITEM_rptr(OSSL_CMP_MSG));
+}
+
 OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg)
 {
-    return ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new,
-                           d2i_OSSL_CMP_MSG, bio, msg);
+    OSSL_LIB_CTX *libctx = NULL;
+    const char *propq = NULL;
+
+    if (msg != NULL && *msg != NULL) {
+        libctx  = (*msg)->libctx;
+        propq = (*msg)->propq;
+    }
+
+    return ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(OSSL_CMP_MSG), bio, msg, libctx,
+                                propq);
 }
 
 int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg)

diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index d83e5c59e027545e54f85972e18a490f2ef51490..2fe5724743b6a3a5fc2d2dd71195e831c171c0a2 100644 (file)
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -104,17 +104,18 @@ static int x509_pubkey_ex_new_ex(ASN1_VALUE **pval, const ASN1_ITEM *it,
     return ret != NULL;
 }
 
-static int x509_pubkey_ex_d2i(ASN1_VALUE **pval,
-                              const unsigned char **in, long len,
-                              const ASN1_ITEM *it, int tag, int aclass,
-                              char opt, ASN1_TLC *ctx)
+static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval,
+                                 const unsigned char **in, long len,
+                                 const ASN1_ITEM *it, int tag, int aclass,
+                                 char opt, ASN1_TLC *ctx, OSSL_LIB_CTX *libctx,
+                                 const char *propq)
 {
     const unsigned char *in_saved = *in;
     X509_PUBKEY *pubkey;
     int ret;
     OSSL_DECODER_CTX *dctx = NULL;
 
-    if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, NULL, NULL))
+    if (*pval == NULL && !x509_pubkey_ex_new_ex(pval, it, libctx, propq))
         return 0;
     if (!x509_pubkey_ex_populate(pval, NULL)) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
@@ -197,10 +198,11 @@ static const ASN1_EXTERN_FUNCS x509_pubkey_ff = {
     NULL,
     x509_pubkey_ex_free,
     0,                          /* Default clear behaviour is OK */
-    x509_pubkey_ex_d2i,
+    NULL,
     x509_pubkey_ex_i2d,
     x509_pubkey_ex_print,
     x509_pubkey_ex_new_ex,
+    x509_pubkey_ex_d2i_ex,
 };
 
 IMPLEMENT_EXTERN_ASN1(X509_PUBKEY, V_ASN1_SEQUENCE, x509_pubkey_ff)

diff --git a/include/openssl/cmp.h.in b/include/openssl/cmp.h.in
index 352ffcdb2fd959a4f3b161c881718c714cf8fcee..27afa27d6a3ff1b3c5c034cce5c7c605449fd4e6 100644 (file)
--- a/include/openssl/cmp.h.in
+++ b/include/openssl/cmp.h.in
@@ -380,7 +380,8 @@ ASN1_OCTET_STRING *OSSL_CMP_HDR_get0_recipNonce(const OSSL_CMP_PKIHEADER *hdr);
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg);
 int OSSL_CMP_MSG_update_transactionID(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg);
 OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid);
-OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file);
+OSSL_CMP_MSG *OSSL_CMP_MSG_read(const char *file, OSSL_LIB_CTX *libctx,
+                                const char *propq);
 int OSSL_CMP_MSG_write(const char *file, const OSSL_CMP_MSG *msg);
 OSSL_CMP_MSG *d2i_OSSL_CMP_MSG_bio(BIO *bio, OSSL_CMP_MSG **msg);
 int i2d_OSSL_CMP_MSG_bio(BIO *bio, const OSSL_CMP_MSG *msg);

diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c
index 5fafb69475a1f2f663c0a221b40d3226ea359710..9111b89423303a624f1397aa127ade490f4477e5 100644 (file)
--- a/test/cmp_protect_test.c
+++ b/test/cmp_protect_test.c
@@ -143,7 +143,7 @@ static int execute_calc_protection_signature_test(CMP_PROTECT_TEST_FIXTURE *
 static int test_cmp_calc_protection_no_key_no_secret(void)
 {
     SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
-    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))
+    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))
             || !TEST_ptr(fixture->msg->header->protectionAlg =
                          X509_ALGOR_new() /* no specific alg needed here */)) {
         tear_down(fixture);
@@ -159,7 +159,7 @@ static int test_cmp_calc_protection_pkey(void)
     SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
     fixture->pubkey = loadedpubkey;
     if (!TEST_true(OSSL_CMP_CTX_set1_pkey(fixture->cmp_ctx, loadedprivkey))
-            || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))) {
+            || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -174,7 +174,7 @@ static int test_cmp_calc_protection_pbmac(void)
     SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
     if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx,
                                                  sec_insta, sizeof(sec_insta)))
-            || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f))) {
+            || !TEST_ptr(fixture->msg = load_pkimsg(ip_PBM_f, libctx))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -577,8 +577,8 @@ int setup_tests(void)
         return 0;
     if (TEST_true(EVP_PKEY_up_ref(loadedprivkey)))
         loadedpubkey = loadedprivkey;
-    if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f))
-            || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f)))
+    if (!TEST_ptr(ir_protected = load_pkimsg(ir_protected_f, libctx))
+            || !TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx)))
         return 0;
     if (!TEST_ptr(endentity1 = load_cert_pem(endentity1_f, libctx))
             || !TEST_ptr(endentity2 = load_cert_pem(endentity2_f, libctx))

diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c
index bff42c8bafbe5e427747d6204d13fe8cba406bc3..d93a75db8169a374def502fab9362fb1a6c7ec9e 100644 (file)
--- a/test/cmp_server_test.c
+++ b/test/cmp_server_test.c
@@ -148,7 +148,7 @@ int setup_tests(void)
     if (!test_arg_libctx(&libctx, &default_null_provider, &provider, 1, USAGE))
         return 0;
 
-    if (!TEST_ptr(request = load_pkimsg(request_f))) {
+    if (!TEST_ptr(request = load_pkimsg(request_f, libctx))) {
         cleanup_tests();
         return 0;
     }

diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c
index 2a06e0b097bca1c82848c322c018c7dafdd6c5e5..a4800903637309920a3d1df136fd06970768a32f 100644 (file)
--- a/test/cmp_vfy_test.c
+++ b/test/cmp_vfy_test.c
@@ -91,7 +91,7 @@ static int flip_bit(ASN1_BIT_STRING *bitstr)
 
 static int execute_verify_popo_test(CMP_VFY_TEST_FIXTURE *fixture)
 {
-    if ((fixture->msg = load_pkimsg(ir_protected_f)) == NULL)
+    if ((fixture->msg = load_pkimsg(ir_protected_f, libctx)) == NULL)
         return 0;
     if (fixture->expected == 0) {
         const OSSL_CRMF_MSGS *reqs = fixture->msg->body->value.ir;
@@ -153,7 +153,7 @@ static int test_validate_msg_mac_alg_protection(void)
     fixture->expected = 1;
     if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1,
                                                  sizeof(sec_1)))
-            || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) {
+            || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -174,7 +174,7 @@ static int test_validate_msg_mac_alg_protection_bad(void)
 
     if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_bad,
                                                  sizeof(sec_bad)))
-            || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f))) {
+            || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -203,7 +203,7 @@ static int test_validate_msg_signature_partial_chain(int expired)
     ts = OSSL_CMP_CTX_get0_trustedStore(fixture->cmp_ctx);
     fixture->expected = !expired;
     if (ts == NULL
-            || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
+            || !TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
             || !add_trusted(fixture->cmp_ctx, srvcert)) {
         tear_down(fixture);
         fixture = NULL;
@@ -233,7 +233,7 @@ static int test_validate_msg_signature_srvcert_wrong(void)
 {
     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
     fixture->expected = 0;
-    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
+    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
         || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) {
         tear_down(fixture);
         fixture = NULL;
@@ -246,7 +246,7 @@ static int test_validate_msg_signature_srvcert(int bad_sig)
 {
     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
     fixture->expected = !bad_sig;
-    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
+    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
         || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))
         || (bad_sig && !flip_bit(fixture->msg->protection))) {
         tear_down(fixture);
@@ -272,7 +272,7 @@ static int test_validate_msg_signature_sender_cert_untrusted(void)
 {
     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
     fixture->expected = 1;
-    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))
+    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
             || !add_trusted(fixture->cmp_ctx, instaca_cert)
             || !add_untrusted(fixture->cmp_ctx, insta_cert)) {
         tear_down(fixture);
@@ -286,7 +286,7 @@ static int test_validate_msg_signature_sender_cert_trusted(void)
 {
     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
     fixture->expected = 1;
-    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))
+    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))
             || !add_trusted(fixture->cmp_ctx, instaca_cert)
             || !add_trusted(fixture->cmp_ctx, insta_cert)) {
         tear_down(fixture);
@@ -300,7 +300,7 @@ static int test_validate_msg_signature_sender_cert_extracert(void)
 {
     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
     fixture->expected = 1;
-    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts))
+    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_2_extracerts, libctx))
             || !add_trusted(fixture->cmp_ctx, instaca_cert)) {
         tear_down(fixture);
         fixture = NULL;
@@ -315,7 +315,7 @@ static int test_validate_msg_signature_sender_cert_absent(void)
 {
     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
     fixture->expected = 0;
-    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts))) {
+    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_0_extracerts, libctx))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -328,7 +328,7 @@ static int test_validate_with_sender(const X509_NAME *name, int expected)
 {
     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
     fixture->expected = expected;
-    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f))
+    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx))
         || !TEST_true(OSSL_CMP_CTX_set1_expected_sender(fixture->cmp_ctx, name))
         || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert))) {
         tear_down(fixture);
@@ -353,7 +353,7 @@ static int test_validate_msg_unprotected_request(void)
 {
     SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up);
     fixture->expected = 0;
-    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f))) {
+    if (!TEST_ptr(fixture->msg = load_pkimsg(ir_unprotected_f, libctx))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -620,8 +620,8 @@ int setup_tests(void)
         goto err;
     if (!TEST_int_eq(1, RAND_bytes(rand_data, OSSL_CMP_TRANSACTIONID_LENGTH)))
         goto err;
-    if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f))
-            || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f)))
+    if (!TEST_ptr(ir_unprotected = load_pkimsg(ir_unprotected_f, libctx))
+            || !TEST_ptr(ir_rmprotection = load_pkimsg(ir_rmprotection_f, libctx)))
         goto err;
 
     /* Message validation tests */

diff --git a/test/helpers/cmp_testlib.c b/test/helpers/cmp_testlib.c
index 2d7297c42b663bab7da9eb272b44df741e50b22f..e0fb1d3d345dc1f54e68a5d16fd1acc565f17428 100644 (file)
--- a/test/helpers/cmp_testlib.c
+++ b/test/helpers/cmp_testlib.c
@@ -12,11 +12,11 @@
 #include "cmp_testlib.h"
 #include <openssl/rsa.h> /* needed in case config no-deprecated */
 
-OSSL_CMP_MSG *load_pkimsg(const char *file)
+OSSL_CMP_MSG *load_pkimsg(const char *file, OSSL_LIB_CTX *libctx)
 {
     OSSL_CMP_MSG *msg;
 
-    (void)TEST_ptr((msg = OSSL_CMP_MSG_read(file)));
+    (void)TEST_ptr((msg = OSSL_CMP_MSG_read(file, libctx, NULL)));
     return msg;
 }
 

diff --git a/test/helpers/cmp_testlib.h b/test/helpers/cmp_testlib.h
index 681b06ae229019557392cdef3ad0cfd5ce933fde..50b085beca01fe7244c70ad9d98dbcfc67ec5eca 100644 (file)
--- a/test/helpers/cmp_testlib.h
+++ b/test/helpers/cmp_testlib.h
@@ -21,7 +21,7 @@
 
 # ifndef OPENSSL_NO_CMP
 #  define CMP_TEST_REFVALUE_LENGTH 15 /* arbitrary value */
-OSSL_CMP_MSG *load_pkimsg(const char *file);
+OSSL_CMP_MSG *load_pkimsg(const char *file, OSSL_LIB_CTX *libctx);
 int valid_asn1_encoding(const OSSL_CMP_MSG *msg);
 int STACK_OF_X509_cmp(const STACK_OF(X509) *sk1, const STACK_OF(X509) *sk2);
 int STACK_OF_X509_push1(STACK_OF(X509) *sk, X509 *cert);