refactor and constify X509_REQ_get_extensions()

author Dr. David von Oheimb <dev@ddvo.net>

Thu, 4 Jul 2024 07:33:42 +0000 (09:33 +0200)

committer Tomas Mraz <tomas@openssl.org>

Wed, 10 Jul 2024 14:19:26 +0000 (16:19 +0200)
author Dr. David von Oheimb <dev@ddvo.net>
Thu, 4 Jul 2024 07:33:42 +0000 (09:33 +0200)
committer Tomas Mraz <tomas@openssl.org>
Wed, 10 Jul 2024 14:19:26 +0000 (16:19 +0200)
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c

index 74d1d29938f3efcf171a6387b33fbb9200716af9..f96a89d6713655a8e4d8bbd8c47fe8e68a8f5fad 100644 (file)
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -117,26 +117,19 @@ void X509_REQ_set_extension_nids(int *nids)
      ext_nids = nids;
  }
  
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+static STACK_OF(X509_EXTENSION) *get_extensions_by_nid(const X509_REQ *req,
+                                                       int nid)
  {
      X509_ATTRIBUTE *attr;
      ASN1_TYPE *ext = NULL;
-    int idx, *pnid;
      const unsigned char *p;
+    int idx = X509_REQ_get_attr_by_NID(req, nid, -1);
  
-    if (req == NULL || !ext_nids)
-        return NULL;
-    for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
-        idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
-        if (idx < 0)
-            continue;
-        attr = X509_REQ_get_attr(req, idx);
-        ext = X509_ATTRIBUTE_get0_type(attr, 0);
-        break;
-    }
-    if (ext == NULL) /* no extensions is not an error */
+    if (idx < 0) /* no extensions is not an error */
          return sk_X509_EXTENSION_new_null();
-    if (ext->type != V_ASN1_SEQUENCE) {
+    attr = X509_REQ_get_attr(req, idx);
+    ext = X509_ATTRIBUTE_get0_type(attr, 0);
+    if (ext == NULL || ext->type != V_ASN1_SEQUENCE) {
          ERR_raise(ERR_LIB_X509, X509_R_WRONG_TYPE);
          return NULL;
      }
@@ -146,6 +139,25 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
                        ASN1_ITEM_rptr(X509_EXTENSIONS));
  }
  
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(OSSL_FUTURE_CONST X509_REQ *req)
+{
+    STACK_OF(X509_EXTENSION) *exts = NULL;
+    int *pnid;
+
+    if (req == NULL || ext_nids == NULL)
+        return NULL;
+    for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
+        exts = get_extensions_by_nid(req, *pnid);
+        if (exts == NULL)
+            return NULL;
+        if (sk_X509_EXTENSION_num(exts) > 0)
+            return exts;
+        sk_X509_EXTENSION_free(exts);
+    }
+    /* no extensions is not an error */
+    return sk_X509_EXTENSION_new_null();
+}
+
  /*
   * Add a STACK_OF extensions to a certificate request: allow alternative OIDs
   * in case we want to create a non standard one.
diff --git a/doc/man3/X509_REQ_get_extensions.pod b/doc/man3/X509_REQ_get_extensions.pod

index 7a3932c3d62aafe18a885e5687ea176478939678..73e2ea698a7b030de522fd6ce692563ac82a1275 100644 (file)
--- a/doc/man3/X509_REQ_get_extensions.pod
+++ b/doc/man3/X509_REQ_get_extensions.pod
@@ -10,7 +10,7 @@ X509_REQ_add_extensions, X509_REQ_add_extensions_nid
  
   #include <openssl/x509.h>
  
- STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(const X509_REQ *req);
   int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts);
   int X509_REQ_add_extensions_nid(X509_REQ *req,
                                   const STACK_OF(X509_EXTENSION) *exts, int nid);
diff --git a/include/openssl/types.h b/include/openssl/types.h

index c28028681fcefafae966a71696d1b73ccc9020e6..91c70813655d711552ee575078495e67a2cdf3ed 100644 (file)
--- a/include/openssl/types.h
+++ b/include/openssl/types.h
@@ -33,6 +33,12 @@ extern "C" {
  # include <openssl/safestack.h>
  # include <openssl/macros.h>
  
+# if OPENSSL_VERSION_MAJOR >= 4
+#  define OSSL_FUTURE_CONST const
+# else
+#  define OSSL_FUTURE_CONST
+# endif
+
  typedef struct ossl_provider_st OSSL_PROVIDER; /* Provider Object */
  
  # ifdef NO_ASN1_TYPEDEFS
diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in

index 7d7ffa27d08f5de1b077e40d84a8bb33726fafaa..fb755ce452598cc26c9dae92975db8941b53e262 100644 (file)
--- a/include/openssl/x509.h.in
+++ b/include/openssl/x509.h.in
@@ -710,7 +710,7 @@ X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
  int X509_REQ_extension_nid(int nid);
  int *X509_REQ_get_extension_nids(void);
  void X509_REQ_set_extension_nids(int *nids);
-STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(OSSL_FUTURE_CONST X509_REQ *req);
  int X509_REQ_add_extensions_nid(X509_REQ *req,
                                  const STACK_OF(X509_EXTENSION) *exts, int nid);
  int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *ext);
author	Dr. David von Oheimb <dev@ddvo.net>
	Thu, 4 Jul 2024 07:33:42 +0000 (09:33 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 10 Jul 2024 14:19:26 +0000 (16:19 +0200)
crypto/x509/x509_req.c		patch \| blob \| blame \| history
doc/man3/X509_REQ_get_extensions.pod		patch \| blob \| blame \| history
include/openssl/types.h		patch \| blob \| blame \| history
include/openssl/x509.h.in		patch \| blob \| blame \| history