add checks and switch to x509v3_cache_extensions

aws · Mar 28, 2024 · d56c5bd · d56c5bd
1 parent bac806d
commit d56c5bd
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
@@ -60,6 +60,7 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
 
+#include "../x509v3/internal.h"
 #include "internal.h"
 #include "openssl/x509v3.h"
 
@@ -259,10 +260,14 @@ static int X509_SIG_INFO_get(const X509_SIG_INFO *sig_info, int *digest_nid,
 
 int X509_get_signature_info(X509 *x509, int *digest_nid, int *pubkey_nid,
                             int *sec_bits, uint32_t *flags) {
-  if (!X509_check_purpose(x509, -1, -1)) {
+  if (x509 == NULL) {
+    OPENSSL_PUT_ERROR(X509, ERR_R_PASSED_NULL_PARAMETER);
+  }
+  if(!x509v3_cache_extensions(x509)) {
     OPENSSL_PUT_ERROR(X509, X509_V_ERR_INVALID_PURPOSE);
     return 0;
   }
+
   return X509_SIG_INFO_get(&x509->sig_info, digest_nid, pubkey_nid, sec_bits,
                            flags);
 }

diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
@@ -132,7 +132,9 @@ static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b) {
 
 // As much as I'd like to make X509_check_purpose use a "const" X509* I
 // really can't because it does recalculate hashes and do other non-const
-// things.
+// things. If |id| is -1 it just calls |x509v3_cache_extensions| for its
+// side-effect.
+// Returns 1 on success, 0 if x does not allow purpose, -1 on (internal) error.
 int X509_check_purpose(X509 *x, int id, int ca) {
   int idx;
   const X509_PURPOSE *pt;