diff --git a/apps/cmp.c b/apps/cmp.c index 350aa22628..8565dc62aa 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1156,7 +1156,8 @@ static int transform_opts(void) static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) { OSSL_CMP_CTX *ctx; /* extra CMP (client) ctx partly used by server */ - OSSL_CMP_SRV_CTX *srv_ctx = ossl_cmp_mock_srv_new(); + OSSL_CMP_SRV_CTX *srv_ctx = ossl_cmp_mock_srv_new(app_get0_libctx(), + app_get0_propq()); if (srv_ctx == NULL) return NULL; @@ -2776,10 +2777,9 @@ int cmp_main(int argc, char **argv) } } - if ((cmp_ctx = OSSL_CMP_CTX_new()) == NULL) { - CMP_err("out of memory"); + cmp_ctx = OSSL_CMP_CTX_new(app_get0_libctx(), app_get0_propq()); + if (cmp_ctx == NULL) goto err; - } if (!OSSL_CMP_CTX_set_log_cb(cmp_ctx, print_to_bio_out)) { CMP_err1("cannot set up error reporting and logging for %s", prog); goto err; diff --git a/apps/cmp_mock_srv.c b/apps/cmp_mock_srv.c index c63e5f9943..3a0819008b 100644 --- a/apps/cmp_mock_srv.c +++ b/apps/cmp_mock_srv.c @@ -388,9 +388,9 @@ static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, return 1; } -OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(void) +OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OPENSSL_CTX *libctx, const char *propq) { - OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(); + OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(libctx, propq); mock_srv_ctx *ctx = mock_srv_ctx_new(); if (srv_ctx != NULL && ctx != NULL diff --git a/apps/cmp_mock_srv.h b/apps/cmp_mock_srv.h index bddc44df5b..b4f82d1b81 100644 --- a/apps/cmp_mock_srv.h +++ b/apps/cmp_mock_srv.h @@ -16,7 +16,7 @@ # include -OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(void); +OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OPENSSL_CTX *libctx, const char *propq); void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx); int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); diff --git a/crypto/cmp/cmp_ctx.c b/crypto/cmp/cmp_ctx.c index 3081dfcc21..5b9c0f3120 100644 --- a/crypto/cmp/cmp_ctx.c +++ b/crypto/cmp/cmp_ctx.c @@ -93,12 +93,16 @@ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs) * Allocates and initializes OSSL_CMP_CTX context structure with default values. * Returns new context on success, NULL on error */ -OSSL_CMP_CTX *OSSL_CMP_CTX_new(void) +OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq) { OSSL_CMP_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); if (ctx == NULL) - return NULL; + goto err; + + ctx->libctx = libctx; + if (propq != NULL && (ctx->propq = OPENSSL_strdup(propq)) == NULL) + goto err; ctx->log_verbosity = OSSL_CMP_LOG_INFO; @@ -124,6 +128,7 @@ OSSL_CMP_CTX *OSSL_CMP_CTX_new(void) err: OSSL_CMP_CTX_free(ctx); + X509err(0, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h index 84309cc1af..95c4781b6f 100644 --- a/crypto/cmp/cmp_local.h +++ b/crypto/cmp/cmp_local.h @@ -28,6 +28,8 @@ * this structure is used to store the context for CMP sessions */ struct ossl_cmp_ctx_st { + OPENSSL_CTX *libctx; + const char *propq; OSSL_CMP_log_cb_t log_cb; /* log callback for error/debug/etc. output */ OSSL_CMP_severity log_verbosity; /* level of verbosity of log output */ diff --git a/crypto/cmp/cmp_server.c b/crypto/cmp/cmp_server.c index a9a86cb5de..eb98b50383 100644 --- a/crypto/cmp/cmp_server.c +++ b/crypto/cmp/cmp_server.c @@ -53,14 +53,14 @@ void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx) OPENSSL_free(srv_ctx); } -OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(void) +OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OPENSSL_CTX *libctx, const char *propq) { OSSL_CMP_SRV_CTX *ctx = OPENSSL_zalloc(sizeof(OSSL_CMP_SRV_CTX)); if (ctx == NULL) goto err; - if ((ctx->ctx = OSSL_CMP_CTX_new()) == NULL) + if ((ctx->ctx = OSSL_CMP_CTX_new(libctx, propq)) == NULL) goto err; /* all other elements are initialized to 0 or NULL, respectively */ diff --git a/doc/internal/man3/ossl_cmp_mock_srv_new.pod b/doc/internal/man3/ossl_cmp_mock_srv_new.pod index da1f44b391..3a90edfa4a 100644 --- a/doc/internal/man3/ossl_cmp_mock_srv_new.pod +++ b/doc/internal/man3/ossl_cmp_mock_srv_new.pod @@ -15,9 +15,9 @@ ossl_cmp_mock_srv_set_checkAfterTime =head1 SYNOPSIS - #include + #include "apps/cmp_mock_srv.h" - OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(void); + OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OPENSSL_CTX *libctx, const char *propq); void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx); int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert); @@ -33,7 +33,9 @@ ossl_cmp_mock_srv_set_checkAfterTime =head1 DESCRIPTION -ossl_cmp_mock_srv_new() allocates the contexts for the CMP mock server. +ossl_cmp_mock_srv_new() allocates the contexts for the CMP mock server +associated with the library context I and property query string +I, both of which may be NULL to select the defaults. ossl_cmp_mock_srv_free() deallocates the contexts for the CMP mock server. diff --git a/doc/man3/OSSL_CMP_CTX_new.pod b/doc/man3/OSSL_CMP_CTX_new.pod index 368d73f820..62e1a562c9 100644 --- a/doc/man3/OSSL_CMP_CTX_new.pod +++ b/doc/man3/OSSL_CMP_CTX_new.pod @@ -64,7 +64,7 @@ OSSL_CMP_CTX_set1_senderNonce #include - OSSL_CMP_CTX *OSSL_CMP_CTX_new(void); + OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq); void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set_option(OSSL_CMP_CTX *ctx, int opt, int val); @@ -158,8 +158,13 @@ OSSL_CMP_CTX_set1_senderNonce This is the context API for using CMP (Certificate Management Protocol) with OpenSSL. -OSSL_CMP_CTX_new() allocates and initializes an OSSL_CMP_CTX structure to -default values, e.g., proof-of-possession method is set to POPOSigningKey. +OSSL_CMP_CTX_new() allocates an B structure associated with +the library context I and property query string I, +both of which may be NULL to select the defaults. +It initializes the remaining fields to their default values - for instance, +the logging verbosity is set to OSSL_CMP_LOG_INFO, +the message timeout is set to 120 seconds, +and the proof-of-possession method is set to OSSL_CRMF_POPO_SIGNATURE. OSSL_CMP_CTX_free() deallocates an OSSL_CMP_CTX structure. diff --git a/doc/man3/OSSL_CMP_SRV_CTX_new.pod b/doc/man3/OSSL_CMP_SRV_CTX_new.pod index 27d4f6ca1e..7d87d7df2c 100644 --- a/doc/man3/OSSL_CMP_SRV_CTX_new.pod +++ b/doc/man3/OSSL_CMP_SRV_CTX_new.pod @@ -29,7 +29,7 @@ OSSL_CMP_SRV_CTX_set_grant_implicit_confirm const OSSL_CMP_MSG *req); OSSL_CMP_MSG *OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, const OSSL_CMP_MSG *req); - OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(void); + OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OPENSSL_CTX *libctx, const char *propq); void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx); typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t)( @@ -95,8 +95,9 @@ B that can be used by a CMP client in the same way as B. The B must be set as I of I. -OSSL_CMP_SRV_CTX_new() creates and initializes an OSSL_CMP_SRV_CTX structure -and returns a pointer to it on success, NULL on error. +OSSL_CMP_SRV_CTX_new() creates and initializes an B structure +associated with the library context I and property query string +I, both of which may be NULL to select the defaults. OSSL_CMP_SRV_CTX_free() deletes the given I. diff --git a/fuzz/cmp.c b/fuzz/cmp.c index a63ef9c238..44a0c1adeb 100644 --- a/fuzz/cmp.c +++ b/fuzz/cmp.c @@ -171,8 +171,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) msg = d2i_OSSL_CMP_MSG_bio(in, NULL); if (msg != NULL) { BIO *out = BIO_new(BIO_s_null()); - OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(); - OSSL_CMP_CTX *client_ctx = OSSL_CMP_CTX_new(); + OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(NULL, NULL); + OSSL_CMP_CTX *client_ctx = OSSL_CMP_CTX_new(NULL, NULL); i2d_OSSL_CMP_MSG_bio(out, msg); ASN1_item_print(out, (ASN1_VALUE *)msg, 4, diff --git a/include/openssl/cmp.h b/include/openssl/cmp.h index 519117d622..cf79a4c71f 100644 --- a/include/openssl/cmp.h +++ b/include/openssl/cmp.h @@ -243,7 +243,7 @@ void OSSL_CMP_ITAV_free(OSSL_CMP_ITAV *itav); void OSSL_CMP_MSG_free(OSSL_CMP_MSG *msg); /* from cmp_ctx.c */ -OSSL_CMP_CTX *OSSL_CMP_CTX_new(void); +OSSL_CMP_CTX *OSSL_CMP_CTX_new(OPENSSL_CTX *libctx, const char *propq); void OSSL_CMP_CTX_free(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx); /* various CMP options: */ @@ -375,7 +375,7 @@ OSSL_CMP_MSG *OSSL_CMP_SRV_process_request(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req); OSSL_CMP_MSG * OSSL_CMP_CTX_server_perform(OSSL_CMP_CTX *client_ctx, const OSSL_CMP_MSG *req); -OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(void); +OSSL_CMP_SRV_CTX *OSSL_CMP_SRV_CTX_new(OPENSSL_CTX *libctx, const char *propq); void OSSL_CMP_SRV_CTX_free(OSSL_CMP_SRV_CTX *srv_ctx); typedef OSSL_CMP_PKISI *(*OSSL_CMP_SRV_cert_request_cb_t) (OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *req, int certReqId, diff --git a/test/cmp_client_test.c b/test/cmp_client_test.c index d305eb5610..f5c3fd77c9 100644 --- a/test/cmp_client_test.c +++ b/test/cmp_client_test.c @@ -62,7 +62,7 @@ static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name) if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) return NULL; fixture->test_case_name = test_case_name; - if (!TEST_ptr(fixture->srv_ctx = ossl_cmp_mock_srv_new()) + if (!TEST_ptr(fixture->srv_ctx = ossl_cmp_mock_srv_new(NULL, NULL)) || !OSSL_CMP_SRV_CTX_set_accept_unprotected(fixture->srv_ctx, 1) || !ossl_cmp_mock_srv_set1_certOut(fixture->srv_ctx, client_cert) || (srv_cmp_ctx = @@ -70,7 +70,7 @@ static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name) || !OSSL_CMP_CTX_set1_cert(srv_cmp_ctx, server_cert) || !OSSL_CMP_CTX_set1_pkey(srv_cmp_ctx, server_key)) goto err; - if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new()) + if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new(NULL, NULL)) || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out) || !OSSL_CMP_CTX_set_transfer_cb(ctx, OSSL_CMP_CTX_server_perform) || !OSSL_CMP_CTX_set_transfer_cb_arg(ctx, fixture->srv_ctx) diff --git a/test/cmp_ctx_test.c b/test/cmp_ctx_test.c index 898053424e..184e5bf498 100644 --- a/test/cmp_ctx_test.c +++ b/test/cmp_ctx_test.c @@ -37,7 +37,7 @@ static OSSL_CMP_CTX_TEST_FIXTURE *set_up(const char *const test_case_name) if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) return NULL; - if (!TEST_ptr(fixture->ctx = OSSL_CMP_CTX_new())) { + if (!TEST_ptr(fixture->ctx = OSSL_CMP_CTX_new(NULL, NULL))) { tear_down(fixture); return NULL; } diff --git a/test/cmp_hdr_test.c b/test/cmp_hdr_test.c index 24299ab508..4dcf998e26 100644 --- a/test/cmp_hdr_test.c +++ b/test/cmp_hdr_test.c @@ -38,7 +38,7 @@ static CMP_HDR_TEST_FIXTURE *set_up(const char *const test_case_name) if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) return NULL; fixture->test_case_name = test_case_name; - if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new())) + if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(NULL, NULL))) goto err; if (!TEST_ptr(fixture->hdr = OSSL_CMP_PKIHEADER_new())) goto err; diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c index ca2a65113f..2d96596520 100644 --- a/test/cmp_msg_test.c +++ b/test/cmp_msg_test.c @@ -51,7 +51,7 @@ static CMP_MSG_TEST_FIXTURE *set_up(const char *const test_case_name) return NULL; fixture->test_case_name = test_case_name; - if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new()) + if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(NULL, NULL)) || !TEST_true(SET_OPT_UNPROTECTED_SEND(fixture->cmp_ctx, 1)) || !TEST_true(OSSL_CMP_CTX_set1_referenceValue(fixture->cmp_ctx, ref, sizeof(ref)))) { diff --git a/test/cmp_protect_test.c b/test/cmp_protect_test.c index eed850ee57..9ac590ab63 100644 --- a/test/cmp_protect_test.c +++ b/test/cmp_protect_test.c @@ -56,7 +56,7 @@ static CMP_PROTECT_TEST_FIXTURE *set_up(const char *const test_case_name) if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) return NULL; fixture->test_case_name = test_case_name; - if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new())) { + if (!TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(NULL, NULL))) { tear_down(fixture); return NULL; } diff --git a/test/cmp_server_test.c b/test/cmp_server_test.c index 13159299e9..dc52a2515d 100644 --- a/test/cmp_server_test.c +++ b/test/cmp_server_test.c @@ -33,7 +33,7 @@ static CMP_SRV_TEST_FIXTURE *set_up(const char *const test_case_name) if (!TEST_ptr(fixture = OPENSSL_zalloc(sizeof(*fixture)))) return NULL; fixture->test_case_name = test_case_name; - if (!TEST_ptr(fixture->srv_ctx = OSSL_CMP_SRV_CTX_new())) + if (!TEST_ptr(fixture->srv_ctx = OSSL_CMP_SRV_CTX_new(NULL, NULL))) goto err; return fixture; @@ -67,7 +67,7 @@ static int execute_test_handle_request(CMP_SRV_TEST_FIXTURE *fixture) OSSL_CMP_ERRORMSGCONTENT *errorContent; int res = 0; - if (!TEST_ptr(client_ctx = OSSL_CMP_CTX_new()) + if (!TEST_ptr(client_ctx = OSSL_CMP_CTX_new(NULL, NULL)) || !TEST_true(OSSL_CMP_CTX_set_transfer_cb_arg(client_ctx, ctx))) goto end; diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c index 4c705f62c8..8d654c6ab4 100644 --- a/test/cmp_vfy_test.c +++ b/test/cmp_vfy_test.c @@ -56,7 +56,7 @@ static CMP_VFY_TEST_FIXTURE *set_up(const char *const test_case_name) return NULL; fixture->test_case_name = test_case_name; if (ts == NULL - || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new()) + || !TEST_ptr(fixture->cmp_ctx = OSSL_CMP_CTX_new(NULL, NULL)) || !OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, ts) || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)) { tear_down(fixture);