1 files changed, 18 insertions, 17 deletions
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c
index 0affa3bf30..59fc6ca548 100644
--- a/src/lib/libcrypto/x509/x509_req.c
+++ b/src/lib/libcrypto/x509/x509_req.c
@@ -118,7 +118,7 @@ EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
 * used and there may be more: so the list is configurable.
 */
-static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
+static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
 static int *ext_nids = ext_nid_list;
@@ -143,32 +143,33 @@ void X509_REQ_set_extension_nids(int *nids)
 }
 STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
-{
+        {
        X509_ATTRIBUTE *attr;
-        STACK_OF(X509_ATTRIBUTE) *sk;
        ASN1_TYPE *ext = NULL;
-        int i;
+        int idx, *pnid;
        unsigned char *p;
-        if ((req == NULL) || (req->req_info == NULL))
+        if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
                return(NULL);
-        sk=req->req_info->attributes;
+        for (pnid = ext_nids; *pnid != NID_undef; pnid++)
-        if (!sk) return NULL;
+                {
-        for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+                idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
-                attr = sk_X509_ATTRIBUTE_value(sk, i);
+                if (idx == -1)
-                if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
+                        continue;
-                        if(attr->single) ext = attr->value.single;
+                attr = X509_REQ_get_attr(req, idx);
-                        else if(sk_ASN1_TYPE_num(attr->value.set))
+                if(attr->single) ext = attr->value.single;
-                                ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+                else if(sk_ASN1_TYPE_num(attr->value.set))
-                        break;
+                        ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+                break;
                }
-        }
+        if(!ext || (ext->type != V_ASN1_SEQUENCE))
-        if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL;
+                return NULL;
        p = ext->value.sequence->data;
        return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
                        ext->value.sequence->length,
                        d2i_X509_EXTENSION, X509_EXTENSION_free,
                        V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-}
+        }
 /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
 * in case we want to create a non standard one.

diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 0affa3bf30..59fc6ca548 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c
@@ -118,7 +118,7 @@ EVP_PKEY X509_REQ_get_pubkey(X509_REQ req)
118	* used and there may be more: so the list is configurable.	118	* used and there may be more: so the list is configurable.
119	*/	119	*/
120		120
121	static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};	121	static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
122		122
123	static int *ext_nids = ext_nid_list;	123	static int *ext_nids = ext_nid_list;
124		124
@@ -143,32 +143,33 @@ void X509_REQ_set_extension_nids(int *nids)
143	}	143	}
144		144
145	STACK_OF(X509_EXTENSION) X509_REQ_get_extensions(X509_REQ req)	145	STACK_OF(X509_EXTENSION) X509_REQ_get_extensions(X509_REQ req)
146	{	146	{
147	X509_ATTRIBUTE *attr;	147	X509_ATTRIBUTE *attr;
148	STACK_OF(X509_ATTRIBUTE) *sk;
149	ASN1_TYPE *ext = NULL;	148	ASN1_TYPE *ext = NULL;
150	int i;	149	int idx, *pnid;
151	unsigned char *p;	150	unsigned char *p;
152	if ((req == NULL) \|\| (req->req_info == NULL))	151
		152	if ((req == NULL) \|\| (req->req_info == NULL) \|\| !ext_nids)
153	return(NULL);	153	return(NULL);
154	sk=req->req_info->attributes;	154	for (pnid = ext_nids; *pnid != NID_undef; pnid++)
155	if (!sk) return NULL;	155	{
156	for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {	156	idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
157	attr = sk_X509_ATTRIBUTE_value(sk, i);	157	if (idx == -1)
158	if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {	158	continue;
159	if(attr->single) ext = attr->value.single;	159	attr = X509_REQ_get_attr(req, idx);
160	else if(sk_ASN1_TYPE_num(attr->value.set))	160	if(attr->single) ext = attr->value.single;
161	ext = sk_ASN1_TYPE_value(attr->value.set, 0);	161	else if(sk_ASN1_TYPE_num(attr->value.set))
162	break;	162	ext = sk_ASN1_TYPE_value(attr->value.set, 0);
		163	break;
163	}	164	}
164	}	165	if(!ext \|\| (ext->type != V_ASN1_SEQUENCE))
165	if(!ext \|\| (ext->type != V_ASN1_SEQUENCE)) return NULL;	166	return NULL;
166	p = ext->value.sequence->data;	167	p = ext->value.sequence->data;
167	return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,	168	return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
168	ext->value.sequence->length,	169	ext->value.sequence->length,
169	d2i_X509_EXTENSION, X509_EXTENSION_free,	170	d2i_X509_EXTENSION, X509_EXTENSION_free,
170	V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);	171	V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
171	}	172	}
172		173
173	/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs	174	/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
174	* in case we want to create a non standard one.	175	* in case we want to create a non standard one.