early-access version 2698

externals/libressl/crypto/x509/x509_req.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_req.c,v 1.21 2018/05/13 06:48:00 tb Exp $ */
+/* $OpenBSD: x509_req.c,v 1.28 2022/01/22 00:34:48 inoguchi Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -70,6 +70,9 @@
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 
+#include "evp_locl.h"
+#include "x509_lcl.h"
+
 X509_REQ *
 X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 {
@@ -121,13 +124,23 @@ X509_REQ_get_pubkey(X509_REQ *req)
 	return (X509_PUBKEY_get(req->req_info->pubkey));
 }
 
+EVP_PKEY *
+X509_REQ_get0_pubkey(X509_REQ *req)
+{
+	if (req == NULL || req->req_info == NULL)
+		return NULL;
+	return X509_PUBKEY_get0(req->req_info->pubkey);
+}
+
 int
 X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
 {
 	EVP_PKEY *xk = NULL;
 	int ok = 0;
 
-	xk = X509_REQ_get_pubkey(x);
+	if ((xk = X509_REQ_get0_pubkey(x)) == NULL)
+		return 0;
+
 	switch (EVP_PKEY_cmp(xk, k)) {
 	case 1:
 		ok = 1;
@@ -155,7 +168,6 @@ X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
 		X509error(X509_R_UNKNOWN_KEY_TYPE);
 	}
 
-	EVP_PKEY_free(xk);
 	return (ok);
 }
 
@@ -202,66 +214,43 @@ X509_REQ_get_extensions(X509_REQ *req)
 	int idx, *pnid;
 	const unsigned char *p;
 
-	if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
-		return (NULL);
+	if (req == NULL || req->req_info == NULL || ext_nids == NULL)
+		return NULL;
 	for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
 		idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
 		if (idx == -1)
 			continue;
 		attr = X509_REQ_get_attr(req, idx);
-		if (attr->single)
-			ext = attr->value.single;
-		else if (sk_ASN1_TYPE_num(attr->value.set))
-			ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+		ext = X509_ATTRIBUTE_get0_type(attr, 0);
 		break;
 	}
-	if (!ext || (ext->type != V_ASN1_SEQUENCE))
+	if (ext == NULL || ext->type != V_ASN1_SEQUENCE)
 		return NULL;
 	p = ext->value.sequence->data;
-	return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p,
-	    ext->value.sequence->length, &X509_EXTENSIONS_it);
+	return d2i_X509_EXTENSIONS(NULL, &p, ext->value.sequence->length);
 }
 
-/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
- * in case we want to create a non standard one.
+/*
+ * Add a STACK_OF extensions to a certificate request: allow alternative OIDs
+ * in case we want to create a non-standard one.
  */
 
 int
 X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
     int nid)
 {
-	ASN1_TYPE *at = NULL;
-	X509_ATTRIBUTE *attr = NULL;
+	unsigned char *ext = NULL;
+	int extlen;
+	int rv;
 
-	if (!(at = ASN1_TYPE_new()) ||
-	    !(at->value.sequence = ASN1_STRING_new()))
-		goto err;
+	extlen = i2d_X509_EXTENSIONS(exts, &ext);
+	if (extlen <= 0)
+		return 0;
 
-	at->type = V_ASN1_SEQUENCE;
-	/* Generate encoding of extensions */
-	at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts,
-	    &at->value.sequence->data, &X509_EXTENSIONS_it);
-	if (!(attr = X509_ATTRIBUTE_new()))
-		goto err;
-	if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
-		goto err;
-	if (!sk_ASN1_TYPE_push(attr->value.set, at))
-		goto err;
-	at = NULL;
-	attr->single = 0;
-	attr->object = OBJ_nid2obj(nid);
-	if (!req->req_info->attributes) {
-		if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
-			goto err;
-	}
-	if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))
-		goto err;
-	return 1;
+	rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen);
+	free(ext);
 
-err:
-	X509_ATTRIBUTE_free(attr);
-	ASN1_TYPE_free(at);
-	return 0;
+	return rv;
 }
 
 /* This is the normal usage: use the "official" OID */
@@ -341,3 +330,10 @@ X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type,
 		return 1;
 	return 0;
 }
+
+int
+i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
+{
+	req->req_info->enc.modified = 1;
+	return i2d_X509_REQ_INFO(req->req_info, pp);
+}