diff options
| author | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2021-11-03 12:53:26 +0000 |
|---|---|---|
| committer | Ingo Schwarze <schwarze@cvs.openbsd.org> | 2021-11-03 12:53:26 +0000 |
| commit | c691147ec19c4cc7e84eee7bfaf0bbd81936058c (patch) | |
| tree | 5e9ccb8071fc7339aac6826bc6a33094a99fc631 /lib | |
| parent | 938142c6c32768a3eed407699cac7e679d5e1fdb (diff) | |
Fix two bugs in X509_REQ_add_extensions_nid(3)
that i noticed while documneting the function:
* missing return value check for ASN1_item_i2d(3) and
* missing return value check for OBJ_nid2obj(3).
In the function X509_REQ_add_extensions_nid(3), merge everything
that is worth merging from the OpenSSL 1.1.1 branch, which is still
under a free license; that's mostly parts of the commit 9b0a4531
Mar 14 23:48:47 2015 +0000 (containing the bugfix, even though the
OpenSSL commit message did not mention the bugs) and some minor
stylistic changes from 0f113f3e and 26a7d938.
While here, use i2d_X509_EXTENSIONS(3) instead of the layer-violating
call to ASN1_item_i2d(3), and include a few stylistic tweaks from tb@.
OK tb@, and jsing@ agreed on the general direction.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libcrypto/x509/x509_req.c | 45 |
1 files changed, 13 insertions, 32 deletions
diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c index 556e32b317b..cbf731cc5a0 100644 --- a/lib/libcrypto/x509/x509_req.c +++ b/lib/libcrypto/x509/x509_req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_req.c,v 1.24 2021/11/01 20:53:08 tb Exp $ */ +/* $OpenBSD: x509_req.c,v 1.25 2021/11/03 12:53:25 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -232,46 +232,27 @@ X509_REQ_get_extensions(X509_REQ *req) ext->value.sequence->length, &X509_EXTENSIONS_it); } -/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs - * in case we want to create a non standard one. +/* + * Add a STACK_OF extensions to a certificate request: allow alternative OIDs + * in case we want to create a non-standard one. */ int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, int nid) { - ASN1_TYPE *at = NULL; - X509_ATTRIBUTE *attr = NULL; + unsigned char *ext = NULL; + int extlen; + int rv; - if (!(at = ASN1_TYPE_new()) || - !(at->value.sequence = ASN1_STRING_new())) - goto err; + extlen = i2d_X509_EXTENSIONS(exts, &ext); + if (extlen <= 0) + return 0; - at->type = V_ASN1_SEQUENCE; - /* Generate encoding of extensions */ - at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts, - &at->value.sequence->data, &X509_EXTENSIONS_it); - if (!(attr = X509_ATTRIBUTE_new())) - goto err; - if (!(attr->value.set = sk_ASN1_TYPE_new_null())) - goto err; - if (!sk_ASN1_TYPE_push(attr->value.set, at)) - goto err; - at = NULL; - attr->single = 0; - attr->object = OBJ_nid2obj(nid); - if (!req->req_info->attributes) { - if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) - goto err; - } - if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) - goto err; - return 1; + rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen); + free(ext); -err: - X509_ATTRIBUTE_free(attr); - ASN1_TYPE_free(at); - return 0; + return rv; } /* This is the normal usage: use the "official" OID */ |