Fix more certificate related lib_ctx settings.

Fixes #13732

Fix a few places that were not using the '_ex' variants of
ASN1_item_sign/verify.

Added X509_CRL_new_ex().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14752)

1 files changed, 15 insertions, 2 deletions

diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c
index dfe3da37eb..4b90e5b756 100644
--- a/crypto/x509/x_crl.c
+++ b/crypto/x509/x_crl.c
@@ -340,6 +340,18 @@ static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
                             (ASN1_STRING *)&(*b)->serialNumber));
 }
 
+X509_CRL *X509_CRL_new_ex(OSSL_LIB_CTX *libctx, const char *propq)
+{
+    X509_CRL *crl = NULL;
+
+    crl = (X509_CRL *)ASN1_item_new((X509_CRL_it()));
+    if (!ossl_x509_crl_set0_libctx(crl, libctx, propq)) {
+        X509_CRL_free(crl);
+        crl = NULL;
+    }
+    return crl;
+}
+
 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
     X509_CRL_INFO *inf;
@@ -381,8 +393,9 @@ int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
 
 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
 {
-    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                             &crl->sig_alg, &crl->signature, &crl->crl, r));
+    return (ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CRL_INFO),
+                                &crl->sig_alg, &crl->signature, &crl->crl, NULL,
+                                r, crl->libctx, crl->propq));
 }
 
 static int crl_revoked_issuer_match(X509_CRL *crl, const X509_NAME *nm,