X509_dup: fix copying of libctx and propq using new ASN1_OP_DUP_POST cb operation

Fixes #12680 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12687)
author: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-08-19 20:16:53 +0200
committer: Dr. David von Oheimb <David.von.Oheimb@siemens.com> 2020-11-27 16:53:32 +0100
commit: ee46dfbf2c117a9532f887b478c9c65d8f30d50c (patch)
tree: 1106cecd9a6cd196961caa1ccf7730508ee48d37
parent: 4f7e08c83eca6667722f3d5848f28d37c821dc37 (diff)
4 files changed, 40 insertions, 16 deletions
diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c
index 624fef9e5c..bdefa448ec 100644
--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
 #ifndef NO_OLD_ASN1
 
@@ -48,14 +48,26 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x)
 
 void *ASN1_item_dup(const ASN1_ITEM *it, const void *x)
 {
+    ASN1_aux_cb *asn1_cb = NULL;
     unsigned char *b = NULL;
     const unsigned char *p;
     long i;
-    void *ret;
+    ASN1_VALUE *ret;
 
     if (x == NULL)
         return NULL;
 
+    if (it->itype == ASN1_ITYPE_SEQUENCE || it->itype == ASN1_ITYPE_CHOICE
+        || it->itype == ASN1_ITYPE_NDEF_SEQUENCE) {
+        const ASN1_AUX *aux = it->funcs;
+
+        asn1_cb = aux != NULL ? aux->asn1_cb : NULL;
+    }
+
+    if (asn1_cb != NULL
+        && !asn1_cb(ASN1_OP_DUP_PRE, (ASN1_VALUE **)&x, it, NULL))
+        goto auxerr;
+
     i = ASN1_item_i2d(x, &b, it);
     if (b == NULL) {
         ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
@@ -64,5 +76,14 @@ void *ASN1_item_dup(const ASN1_ITEM *it, const void *x)
     p = b;
     ret = ASN1_item_d2i(NULL, &p, i, it);
     OPENSSL_free(b);
+
+    if (asn1_cb != NULL
+        && !asn1_cb(ASN1_OP_DUP_POST, &ret, it, (void *)x))
+        goto auxerr;
+
     return ret;
+
+ auxerr:
+    ERR_raise_data(ERR_LIB_ASN1, ASN1_R_AUX_ERROR, "Type=%s", it->sname);
+    return NULL;
 }
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index f929fd2ae3..efcd7cd15c 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -97,6 +97,17 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
         ASN1_OCTET_STRING_free(ret->distinguishing_id);
         break;
 
+    case ASN1_OP_DUP_POST:
+        {
+            X509 *old = exarg;
+
+            ret->libctx = old->libctx;
+            ret->propq = old->propq;
+        }
+        break;
+
+    default:
+        break;
     }
 
     return 1;
diff --git a/include/openssl/asn1t.h.in b/include/openssl/asn1t.h.in
index fff259a348..2f40d1ca15 100644
--- a/include/openssl/asn1t.h.in
+++ b/include/openssl/asn1t.h.in
@@ -746,6 +746,8 @@ typedef struct ASN1_STREAM_ARG_st {
 # define ASN1_OP_STREAM_POST     11
 # define ASN1_OP_DETACHED_PRE    12
 # define ASN1_OP_DETACHED_POST   13
+# define ASN1_OP_DUP_PRE         14
+# define ASN1_OP_DUP_POST        15
 
 /* Macro to implement a primitive type */
 # define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
diff --git a/test/cmp_msg_test.c b/test/cmp_msg_test.c
index cc5a6268fd..59b0a1777d 100644
--- a/test/cmp_msg_test.c
+++ b/test/cmp_msg_test.c
@@ -33,16 +33,6 @@ typedef struct test_fixture {
 static OSSL_LIB_CTX *libctx = NULL;
 static OSSL_PROVIDER *default_null_provider = NULL, *provider = NULL;
 
-/* TODO(3.0) Clean this up - See issue #12680 */
-static X509 *X509_dup_ex(const X509 *cert)
-{
-    X509 *dup = X509_dup(cert);
-
-    if (dup != NULL)
-        x509_set0_libctx(dup, libctx, NULL);
-    return dup;
-}
-
 static unsigned char ref[CMP_TEST_REFVALUE_LENGTH];
 
 static void tear_down(CMP_MSG_TEST_FIXTURE *fixture)
@@ -296,7 +286,7 @@ static int test_cmp_create_certconf(void)
     fixture->fail_info = 0;
     fixture->expected = 1;
     if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
-                                             X509_dup_ex(cert)))) {
+                                             X509_dup(cert)))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -310,7 +300,7 @@ static int test_cmp_create_certconf_badAlg(void)
     fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_badAlg;
     fixture->expected = 1;
     if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
-                                             X509_dup_ex(cert)))) {
+                                             X509_dup(cert)))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -324,7 +314,7 @@ static int test_cmp_create_certconf_fail_info_max(void)
     fixture->fail_info = 1 << OSSL_CMP_PKIFAILUREINFO_MAX;
     fixture->expected = 1;
     if (!TEST_true(ossl_cmp_ctx_set0_newCert(fixture->cmp_ctx,
-                                             X509_dup_ex(cert)))) {
+                                             X509_dup(cert)))) {
         tear_down(fixture);
         fixture = NULL;
     }
@@ -405,7 +395,7 @@ static int execute_certrep_create(CMP_MSG_TEST_FIXTURE *fixture)
     cresp->certifiedKeyPair->certOrEncCert->type =
         OSSL_CMP_CERTORENCCERT_CERTIFICATE;
     if ((cresp->certifiedKeyPair->certOrEncCert->value.certificate =
-         X509_dup_ex(cert)) == NULL
+         X509_dup(cert)) == NULL
             || !sk_OSSL_CMP_CERTRESPONSE_push(crepmsg->response, cresp))
         goto err;
     cresp = NULL;
author	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-08-19 20:16:53 +0200
committer	Dr. David von Oheimb <David.von.Oheimb@siemens.com>	2020-11-27 16:53:32 +0100
commit	ee46dfbf2c117a9532f887b478c9c65d8f30d50c (patch)
tree	1106cecd9a6cd196961caa1ccf7730508ee48d37
parent	4f7e08c83eca6667722f3d5848f28d37c821dc37 (diff)