From 90a1f2d76f53effefafbae31e2f425a3508bda45 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Sat, 25 Jul 2020 19:11:03 +1000
Subject: Add libctx support to PKCS7.

-Public PKCS7 methods that create a PKCS7 object now have variants that also add a libctx and propq.
 This includes PKCS7_new_with_libctx(), PKCS7_sign_with_libctx() and PKCS7_encrypt_with_libctx()
-Added SMIME_read_PKCS7_ex() so that a created PKCS7 object can be passed to the read.
-d2i_PKCS7_bio() has been modified so that after it loads the PKCS7 object it then resolves any subobjects that require
 the libctx/propq (such as objects containing X509 certificates).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11884)
---
 apps/pkcs7.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'apps/pkcs7.c')

diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 2416584dd6..95d3ca0845 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -57,12 +57,14 @@ const OPTIONS pkcs7_options[] = {
 int pkcs7_main(int argc, char **argv)
 {
     ENGINE *e = NULL;
-    PKCS7 *p7 = NULL;
+    PKCS7 *p7 = NULL, *p7i;
     BIO *in = NULL, *out = NULL;
     int informat = FORMAT_PEM, outformat = FORMAT_PEM;
     char *infile = NULL, *outfile = NULL, *prog;
     int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
     OPTION_CHOICE o;
+    OPENSSL_CTX *libctx = app_get0_libctx();
+    const char *propq = app_get0_propq();
 
     prog = opt_init(argc, argv, pkcs7_options);
     while ((o = opt_next()) != OPT_EOF) {
@@ -119,11 +121,18 @@ int pkcs7_main(int argc, char **argv)
     if (in == NULL)
         goto end;
 
+    p7 = PKCS7_new_with_libctx(libctx, propq);
+    if (p7 == NULL) {
+        BIO_printf(bio_err, "unable to allocate PKCS7 object\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
     if (informat == FORMAT_ASN1)
-        p7 = d2i_PKCS7_bio(in, NULL);
+        p7i = d2i_PKCS7_bio(in, &p7);
     else
-        p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
-    if (p7 == NULL) {
+        p7i = PEM_read_bio_PKCS7(in, &p7, NULL, NULL);
+    if (p7i == NULL) {
         BIO_printf(bio_err, "unable to load PKCS7 object\n");
         ERR_print_errors(bio_err);
         goto end;
-- 
cgit v1.2.1