refactor and constify X509_REQ_get_extensions()

siemens · Jul 4, 2024 · 9e36704 · 9e36704
1 parent 782f637
commit 9e36704
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 16 deletions.
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
@@ -117,26 +117,19 @@ void X509_REQ_set_extension_nids(int *nids)
     ext_nids = nids;
 }
 
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+static STACK_OF(X509_EXTENSION) *get_extensions_by_nid(const X509_REQ *req,
+                                                       int nid)
 {
     X509_ATTRIBUTE *attr;
     ASN1_TYPE *ext = NULL;
-    int idx, *pnid;
     const unsigned char *p;
+    int idx = X509_REQ_get_attr_by_NID(req, nid, -1);
 
-    if (req == NULL || !ext_nids)
-        return NULL;
-    for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
-        idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
-        if (idx < 0)
-            continue;
-        attr = X509_REQ_get_attr(req, idx);
-        ext = X509_ATTRIBUTE_get0_type(attr, 0);
-        break;
-    }
-    if (ext == NULL) /* no extensions is not an error */
+    if (idx < 0) /* no extensions is not an error */
         return sk_X509_EXTENSION_new_null();
-    if (ext->type != V_ASN1_SEQUENCE) {
+    attr = X509_REQ_get_attr(req, idx);
+    ext = X509_ATTRIBUTE_get0_type(attr, 0);
+    if (ext == NULL || ext->type != V_ASN1_SEQUENCE) {
         ERR_raise(ERR_LIB_X509, X509_R_WRONG_TYPE);
         return NULL;
     }
@@ -146,6 +139,25 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
                       ASN1_ITEM_rptr(X509_EXTENSIONS));
 }
 
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(const X509_REQ *req)
+{
+    STACK_OF(X509_EXTENSION) *exts = NULL;
+    int *pnid;
+
+    if (req == NULL || ext_nids == NULL)
+        return NULL;
+    for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
+        exts = get_extensions_by_nid(req, *pnid);
+        if (exts == NULL)
+            return NULL;
+        if (sk_X509_EXTENSION_num(exts) > 0)
+            return exts;
+        sk_X509_EXTENSION_free(exts);
+    }
+    /* no extensions is not an error */
+    return sk_X509_EXTENSION_new_null();
+}
+
 /*
  * Add a STACK_OF extensions to a certificate request: allow alternative OIDs
  * in case we want to create a non standard one.

diff --git a/doc/man3/X509_REQ_get_extensions.pod b/doc/man3/X509_REQ_get_extensions.pod
@@ -10,7 +10,7 @@ X509_REQ_add_extensions, X509_REQ_add_extensions_nid
 
  #include <openssl/x509.h>
 
- STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(const X509_REQ *req);
  int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts);
  int X509_REQ_add_extensions_nid(X509_REQ *req,
                                  const STACK_OF(X509_EXTENSION) *exts, int nid);

diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
@@ -710,7 +710,7 @@ X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
 int *X509_REQ_get_extension_nids(void);
 void X509_REQ_set_extension_nids(int *nids);
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(const X509_REQ *req);
 int X509_REQ_add_extensions_nid(X509_REQ *req,
                                 const STACK_OF(X509_EXTENSION) *exts, int nid);
 int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext);