From: Jonathan M. Wilbur <jonathan@wilbur.space>
Date: Sun, 18 Jun 2023 12:57:25 +0000 (+0000)
Subject: fix: extension critical definition to default false
X-Git-Tag: openssl-3.4.0-alpha1~554
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=50f2e2146aa1092bdf3435a3543e8a5d0b4c4d4c;p=thirdparty%2Fopenssl.git

fix: extension critical definition to default false

Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21230)
---

diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index c29856e5b15..1bb0a4b037b 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -61,7 +61,7 @@ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
 int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
                                int lastpos)
 {
-    int n;
+    int n, c;
     X509_EXTENSION *ex;
 
     if (sk == NULL)
@@ -72,7 +72,9 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
     n = sk_X509_EXTENSION_num(sk);
     for (; lastpos < n; lastpos++) {
         ex = sk_X509_EXTENSION_value(sk, lastpos);
-        if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
+        c = X509_EXTENSION_get_critical(ex);
+        crit = crit != 0;
+        if (c == crit)
             return lastpos;
     }
     return -1;
@@ -201,7 +203,7 @@ int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
 {
     if (ex == NULL)
         return 0;
-    ex->critical = (crit) ? 0xFF : -1;
+    ex->critical = (crit) ? 0xFF : 0;
     return 1;
 }
 
diff --git a/crypto/x509/x_exten.c b/crypto/x509/x_exten.c
index 4e63b50caa6..f5655f02610 100644
--- a/crypto/x509/x_exten.c
+++ b/crypto/x509/x_exten.c
@@ -15,7 +15,7 @@
 
 ASN1_SEQUENCE(X509_EXTENSION) = {
         ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
-        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_FBOOLEAN),
         ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_EXTENSION)