diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 74d1d29938f3e..801ceea9e3892 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -117,26 +117,19 @@ void X509_REQ_set_extension_nids(int *nids) ext_nids = nids; } -STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) +static STACK_OF(X509_EXTENSION) *get_extensions_by_nid(const X509_REQ *req, + int nid) { X509_ATTRIBUTE *attr; ASN1_TYPE *ext = NULL; - int idx, *pnid; const unsigned char *p; + int idx = X509_REQ_get_attr_by_NID(req, nid, -1); - if (req == NULL || !ext_nids) - return NULL; - for (pnid = ext_nids; *pnid != NID_undef; pnid++) { - idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); - if (idx < 0) - continue; - attr = X509_REQ_get_attr(req, idx); - ext = X509_ATTRIBUTE_get0_type(attr, 0); - break; - } - if (ext == NULL) /* no extensions is not an error */ + if (idx < 0) /* no extensions is not an error */ return sk_X509_EXTENSION_new_null(); - if (ext->type != V_ASN1_SEQUENCE) { + attr = X509_REQ_get_attr(req, idx); + ext = X509_ATTRIBUTE_get0_type(attr, 0); + if (ext == NULL || ext->type != V_ASN1_SEQUENCE) { ERR_raise(ERR_LIB_X509, X509_R_WRONG_TYPE); return NULL; } @@ -146,6 +139,25 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) ASN1_ITEM_rptr(X509_EXTENSIONS)); } +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(const X509_REQ *req) +{ + STACK_OF(X509_EXTENSION) *exts = NULL; + int *pnid; + + if (req == NULL || ext_nids == NULL) + return NULL; + for (pnid = ext_nids; *pnid != NID_undef; pnid++) { + exts = get_extensions_by_nid(req, *pnid); + if (exts == NULL) + return NULL; + if (sk_X509_EXTENSION_num(exts) > 0) + return exts; + sk_X509_EXTENSION_free(exts); + } + /* no extensions is not an error */ + return sk_X509_EXTENSION_new_null(); +} + /* * Add a STACK_OF extensions to a certificate request: allow alternative OIDs * in case we want to create a non standard one. diff --git a/doc/man3/X509_REQ_get_extensions.pod b/doc/man3/X509_REQ_get_extensions.pod index 7a3932c3d62aa..73e2ea698a7b0 100644 --- a/doc/man3/X509_REQ_get_extensions.pod +++ b/doc/man3/X509_REQ_get_extensions.pod @@ -10,7 +10,7 @@ X509_REQ_add_extensions, X509_REQ_add_extensions_nid #include - STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); + STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(const X509_REQ *req); int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts); int X509_REQ_add_extensions_nid(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts, int nid); diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 7d7ffa27d08f5..838dc8cb28ec6 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -710,7 +710,7 @@ X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req); int X509_REQ_extension_nid(int nid); int *X509_REQ_get_extension_nids(void); void X509_REQ_set_extension_nids(int *nids); -STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); +STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(const X509_REQ *req); int X509_REQ_add_extensions_nid(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts, int nid); int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext);