From: Dr. David von Oheimb Date: Mon, 7 Oct 2024 20:08:08 +0000 (+0200) Subject: Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0 X-Git-Tag: openssl-3.5.0-alpha1~914 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=577ec498bd8106c022903dc90c9e30abe4accb3c;p=thirdparty%2Fopenssl.git Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0 Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25631) --- diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c index 9628f0500ad..f57597b817f 100644 --- a/crypto/cmp/cmp_msg.c +++ b/crypto/cmp/cmp_msg.c @@ -330,7 +330,7 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid) != NULL && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans)) goto err; - if (ctx->reqExtensions != NULL /* augment/override existing ones */ + if (sk_X509_EXTENSION_num(ctx->reqExtensions) > 0 /* augment/override existing ones */ && X509v3_add_extensions(&exts, ctx->reqExtensions) == NULL) goto err; if (sk_GENERAL_NAME_num(ctx->subjectAltNames) > 0 diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index 50ab8f66ae0..9c4ee2bf5ff 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -142,9 +142,9 @@ STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, return NULL; } -STACK_OF(X509_EXTENSION) - *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, - const STACK_OF(X509_EXTENSION) *exts) +/* This returns NULL also in non-error case *target == NULL && sk_X509_EXTENSION_num(exts) <= 0 */ +STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, + const STACK_OF(X509_EXTENSION) *exts) { int i; diff --git a/doc/man3/X509v3_get_ext_by_NID.pod b/doc/man3/X509v3_get_ext_by_NID.pod index d6dc085f009..38caf524a63 100644 --- a/doc/man3/X509v3_get_ext_by_NID.pod +++ b/doc/man3/X509v3_get_ext_by_NID.pod @@ -141,8 +141,10 @@ the extension index or -1 if an error occurs. X509v3_get_ext_by_NID() returns the extension index or negative values if an error occurs. -X509v3_add_ext() and X509v3_add_extensions() -return a STACK of extensions or NULL on error. +X509v3_add_ext() returns a STACK of extensions or NULL on error. + +X509v3_add_extensions() returns a STACK of extensions +or NULL on error or if I<*target> is NULL and I is NULL or an empty list. X509_add_ext() returns 1 on success and 0 on error. diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in index 2100790a2f5..809b9c645d4 100644 --- a/include/openssl/x509.h.in +++ b/include/openssl/x509.h.in @@ -904,9 +904,8 @@ X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc); -STACK_OF(X509_EXTENSION) - *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, - const STACK_OF(X509_EXTENSION) *exts); +STACK_OF(X509_EXTENSION) *X509v3_add_extensions(STACK_OF(X509_EXTENSION) **target, + const STACK_OF(X509_EXTENSION) *exts); int X509_get_ext_count(const X509 *x); int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);