From: tb <tb@openbsd.org>
Date: Thu, 9 May 2024 14:00:52 +0000 (+0000)
Subject: Further simplify X509_REQ_get_extensions()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=61ded4a7c8f13f6609674a85244e3a70246b3f83;p=openbsd

Further simplify X509_REQ_get_extensions()

Instead of inlining a poor version of ASN1_TYPE_unpack_sequence() with
missing error checks, just call the real thing. It's safer and simpler.

ok jsing
---

diff --git a/lib/libcrypto/x509/x509_req.c b/lib/libcrypto/x509/x509_req.c
index 34e052341d8..4e30b04d25c 100644
--- a/lib/libcrypto/x509/x509_req.c
+++ b/lib/libcrypto/x509/x509_req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_req.c,v 1.36 2024/05/08 08:20:08 tb Exp $ */
+/* $OpenBSD: x509_req.c,v 1.37 2024/05/09 14:00:52 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -70,6 +70,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 
+#include "asn1_local.h"
 #include "evp_local.h"
 #include "x509_local.h"
 
@@ -183,7 +184,6 @@ X509_REQ_get_extensions(X509_REQ *req)
 	X509_ATTRIBUTE *attr;
 	ASN1_TYPE *ext = NULL;
 	int idx;
-	const unsigned char *p;
 
 	if (req == NULL || req->req_info == NULL)
 		return NULL;
@@ -197,10 +197,8 @@ X509_REQ_get_extensions(X509_REQ *req)
 		return NULL;
 	if ((ext = X509_ATTRIBUTE_get0_type(attr, 0)) == NULL)
 		return NULL;
-	if (ext->type != V_ASN1_SEQUENCE)
-		return NULL;
-	p = ext->value.sequence->data;
-	return d2i_X509_EXTENSIONS(NULL, &p, ext->value.sequence->length);
+
+	return ASN1_TYPE_unpack_sequence(&X509_EXTENSIONS_it, ext);
 }
 LCRYPTO_ALIAS(X509_REQ_get_extensions);