Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0

Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25631)

diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 9628f0500ad564e6da19d7dd4be26612b0125a84..f57597b817f00926e044d05dad49b0d45765f36e 100644 (file)
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -330,7 +330,7 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
         != NULL
             && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans))
         goto err;
-    if (ctx->reqExtensions != NULL /* augment/override existing ones */
+    if (sk_X509_EXTENSION_num(ctx->reqExtensions) > 0 /* augment/override existing ones */
             && X509v3_add_extensions(&exts, ctx->reqExtensions) == NULL)
         goto err;
     if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0

diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index 50ab8f66ae040a464ff899d15b52e01c04bebc72..9c4ee2bf5fffa388488ab2b70ee7a7670f3b96af 100644 (file)
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -142,9 +142,9 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
     return NULL;
 }
 
-STACK_OF(X509_EXTENSION)
-     *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target,
-                            const STACK_OF(X509_EXTENSION) *exts)
+/* This returns NULL also in non-error case *target == NULL && sk_X509_EXTENSION_num(exts) <= 0 */
+STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target,
+                                                const STACK_OF(X509_EXTENSION) *exts)
 {
     int i;
 

diff --git a/doc/man3/X509v3_get_ext_by_NID.pod b/doc/man3/X509v3_get_ext_by_NID.pod
index d6dc085f00977428df4a57d8d3402ee0e8b675e3..38caf524a63a65c8e0e5b6018e457f7f2dcda9b4 100644 (file)
--- a/doc/man3/X509v3_get_ext_by_NID.pod
+++ b/doc/man3/X509v3_get_ext_by_NID.pod
@@ -141,8 +141,10 @@ the extension index or -1 if an error occurs.
 X509v3_get_ext_by_NID() returns the extension index or negative values if an
 error occurs.
 
-X509v3_add_ext() and X509v3_add_extensions()
-return a STACK of extensions or NULL on error.
+X509v3_add_ext() returns a STACK of extensions or NULL on error.
+
+X509v3_add_extensions() returns a STACK of extensions
+or NULL on error or if I<*target> is NULL and I<exts> is NULL or an empty list.
 
 X509_add_ext() returns 1 on success and 0 on error.
 

diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
index 2100790a2f51956a78decab6a3acf7746c425c47..809b9c645d43a18e3dda30788b591611edfa97e1 100644 (file)
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -904,9 +904,8 @@ X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
 X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
 STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
                                          X509_EXTENSION *ex, int loc);
-STACK_OF(X509_EXTENSION)
-    *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target,
-                           const STACK_OF(X509_EXTENSION) *exts);
+STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target,
+                                                const STACK_OF(X509_EXTENSION) *exts);
 
 int X509_get_ext_count(const X509 *x);
 int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);