diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_req.c | 35 |
1 files changed, 13 insertions, 22 deletions
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 1497b1ec16..34e052341d 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_req.c,v 1.35 2024/05/08 08:11:50 tb Exp $ */ | 1 | /* $OpenBSD: x509_req.c,v 1.36 2024/05/08 08:20:08 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -170,15 +170,6 @@ X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) | |||
| 170 | } | 170 | } |
| 171 | LCRYPTO_ALIAS(X509_REQ_check_private_key); | 171 | LCRYPTO_ALIAS(X509_REQ_check_private_key); |
| 172 | 172 | ||
| 173 | /* It seems several organisations had the same idea of including a list of | ||
| 174 | * extensions in a certificate request. There are at least two OIDs that are | ||
| 175 | * used and there may be more: so the list is configurable. | ||
| 176 | */ | ||
| 177 | |||
| 178 | static int ext_nid_list[] = {NID_ext_req, NID_ms_ext_req, NID_undef}; | ||
| 179 | |||
| 180 | static int *ext_nids = ext_nid_list; | ||
| 181 | |||
| 182 | int | 173 | int |
| 183 | X509_REQ_extension_nid(int nid) | 174 | X509_REQ_extension_nid(int nid) |
| 184 | { | 175 | { |
| @@ -191,21 +182,21 @@ X509_REQ_get_extensions(X509_REQ *req) | |||
| 191 | { | 182 | { |
| 192 | X509_ATTRIBUTE *attr; | 183 | X509_ATTRIBUTE *attr; |
| 193 | ASN1_TYPE *ext = NULL; | 184 | ASN1_TYPE *ext = NULL; |
| 194 | int idx, *pnid; | 185 | int idx; |
| 195 | const unsigned char *p; | 186 | const unsigned char *p; |
| 196 | 187 | ||
| 197 | if (req == NULL || req->req_info == NULL || ext_nids == NULL) | 188 | if (req == NULL || req->req_info == NULL) |
| 189 | return NULL; | ||
| 190 | |||
| 191 | if ((idx = X509_REQ_get_attr_by_NID(req, NID_ext_req, -1)) == -1) | ||
| 192 | idx = X509_REQ_get_attr_by_NID(req, NID_ms_ext_req, -1); | ||
| 193 | if (idx == -1) | ||
| 194 | return NULL; | ||
| 195 | |||
| 196 | if ((attr = X509_REQ_get_attr(req, idx)) == NULL) | ||
| 197 | return NULL; | ||
| 198 | if ((ext = X509_ATTRIBUTE_get0_type(attr, 0)) == NULL) | ||
| 198 | return NULL; | 199 | return NULL; |
| 199 | for (pnid = ext_nids; *pnid != NID_undef; pnid++) { | ||
| 200 | idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); | ||
| 201 | if (idx == -1) | ||
| 202 | continue; | ||
| 203 | attr = X509_REQ_get_attr(req, idx); | ||
| 204 | ext = X509_ATTRIBUTE_get0_type(attr, 0); | ||
| 205 | break; | ||
| 206 | } | ||
| 207 | if (ext == NULL) | ||
| 208 | return sk_X509_EXTENSION_new_null(); | ||
| 209 | if (ext->type != V_ASN1_SEQUENCE) | 200 | if (ext->type != V_ASN1_SEQUENCE) |
| 210 | return NULL; | 201 | return NULL; |
| 211 | p = ext->value.sequence->data; | 202 | p = ext->value.sequence->data; |