apps/openssl: add -propquery command line option

Fixes #13656. Right now all openssl commands use a NULL propq. This
patch adds a possibility to specify a custom propq.

The implementation follows the example of set_nameopt/get_nameopt.

Various tools had to be modified to call app_get0_propq after it has
been populated. Otherwise the -propquery has no effect.

The tests then verify the -propquery affects the tool behaviour by
requesting a non-existing property.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13707)

1 files changed, 12 insertions, 14 deletions

diff --git a/apps/cms.c b/apps/cms.c
index e8254cb85c..36fb88e15c 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -28,7 +28,7 @@ static int cms_cb(int ok, X509_STORE_CTX *ctx);
 static void receipt_request_print(CMS_ContentInfo *cms);
 static CMS_ReceiptRequest *make_receipt_request(
     STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
-    STACK_OF(OPENSSL_STRING) *rr_from, OSSL_LIB_CTX *libctx, const char *propq);
+    STACK_OF(OPENSSL_STRING) *rr_from, OSSL_LIB_CTX *libctx);
 static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
                               STACK_OF(OPENSSL_STRING) *param);
 
@@ -303,7 +303,6 @@ int cms_main(int argc, char **argv)
     const char *mime_eol = "\n";
     OPTION_CHOICE o;
     OSSL_LIB_CTX *libctx = app_get0_libctx();
-    const char *propq = app_get0_propq();
 
     if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
         return 1;
@@ -457,7 +456,7 @@ int cms_main(int argc, char **argv)
                     goto opthelp;
             } else {
                 rcms = load_content_info(rctformat, rctin, NULL, "recipient",
-                                         libctx, propq);
+                                         libctx, app_get0_propq());
             }
             break;
         case OPT_CERTFILE:
@@ -870,7 +869,7 @@ int cms_main(int argc, char **argv)
         goto end;
 
     if (operation & SMIME_IP) {
-        cms = load_content_info(informat, in, &indata, "SMIME", libctx, propq);
+        cms = load_content_info(informat, in, &indata, "SMIME", libctx, app_get0_propq());
         if (cms == NULL)
             goto end;
         if (contfile != NULL) {
@@ -901,7 +900,7 @@ int cms_main(int argc, char **argv)
         }
 
         rcms = load_content_info(rctformat, rctin, NULL, "recipient", libctx,
-                                 propq);
+                                 app_get0_propq());
         if (rcms == NULL)
             goto end;
     }
@@ -922,15 +921,15 @@ int cms_main(int argc, char **argv)
     ret = 3;
 
     if (operation == SMIME_DATA_CREATE) {
-        cms = CMS_data_create_ex(in, flags, libctx, propq);
+        cms = CMS_data_create_ex(in, flags, libctx, app_get0_propq());
     } else if (operation == SMIME_DIGEST_CREATE) {
-        cms = CMS_digest_create_ex(in, sign_md, flags, libctx, propq);
+        cms = CMS_digest_create_ex(in, sign_md, flags, libctx, app_get0_propq());
     } else if (operation == SMIME_COMPRESS) {
         cms = CMS_compress(in, -1, flags);
     } else if (operation == SMIME_ENCRYPT) {
         int i;
         flags |= CMS_PARTIAL;
-        cms = CMS_encrypt_ex(NULL, in, cipher, flags, libctx, propq);
+        cms = CMS_encrypt_ex(NULL, in, cipher, flags, libctx, app_get0_propq());
         if (cms == NULL)
             goto end;
         for (i = 0; i < sk_X509_num(encerts); i++) {
@@ -996,7 +995,7 @@ int cms_main(int argc, char **argv)
         }
     } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
         cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
-                                           secret_keylen, flags, libctx, propq);
+                                           secret_keylen, flags, libctx, app_get0_propq());
 
     } else if (operation == SMIME_SIGN_RECEIPT) {
         CMS_ContentInfo *srcms = NULL;
@@ -1024,15 +1023,14 @@ int cms_main(int argc, char **argv)
                     flags |= CMS_STREAM;
             }
             flags |= CMS_PARTIAL;
-            cms = CMS_sign_ex(NULL, NULL, other, in, flags, libctx, propq);
+            cms = CMS_sign_ex(NULL, NULL, other, in, flags, libctx, app_get0_propq());
             if (cms == NULL)
                 goto end;
             if (econtent_type != NULL)
                 CMS_set1_eContentType(cms, econtent_type);
 
             if (rr_to != NULL) {
-                rr = make_receipt_request(rr_to, rr_allorfirst, rr_from, libctx,
-                                          propq);
+                rr = make_receipt_request(rr_to, rr_allorfirst, rr_from, libctx);
                 if (rr == NULL) {
                     BIO_puts(bio_err,
                              "Signed Receipt Request Creation Error\n");
@@ -1389,7 +1387,7 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
 static CMS_ReceiptRequest *make_receipt_request(
    STACK_OF(OPENSSL_STRING) *rr_to, int rr_allorfirst,
    STACK_OF(OPENSSL_STRING) *rr_from,
-   OSSL_LIB_CTX *libctx, const char *propq)
+   OSSL_LIB_CTX *libctx)
 {
     STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
     CMS_ReceiptRequest *rr;
@@ -1404,7 +1402,7 @@ static CMS_ReceiptRequest *make_receipt_request(
         rct_from = NULL;
     }
     rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from,
-                                       rct_to, libctx, propq);
+                                       rct_to, libctx, app_get0_propq());
     return rr;
  err:
     sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);