fix: extension critical definition to default false

Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21230)

diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index c29856e5b155115828d22117fb8bcfc605e2112d..1bb0a4b037bff670b6adc48abc508bda6f15853b 100644 (file)
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -61,7 +61,7 @@ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
 int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
                                int lastpos)
 {
-    int n;
+    int n, c;
     X509_EXTENSION *ex;
 
     if (sk == NULL)
@@ -72,7 +72,9 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
     n = sk_X509_EXTENSION_num(sk);
     for (; lastpos < n; lastpos++) {
         ex = sk_X509_EXTENSION_value(sk, lastpos);
-        if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
+        c = X509_EXTENSION_get_critical(ex);
+        crit = crit != 0;
+        if (c == crit)
             return lastpos;
     }
     return -1;
@@ -201,7 +203,7 @@ int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
 {
     if (ex == NULL)
         return 0;
-    ex->critical = (crit) ? 0xFF : -1;
+    ex->critical = (crit) ? 0xFF : 0;
     return 1;
 }
 

diff --git a/crypto/x509/x_exten.c b/crypto/x509/x_exten.c
index 4e63b50caa624c7181c0bbf0f8bb6be262ff08eb..f5655f02610b69bc382ec944b9727b05d256b9d3 100644 (file)
--- a/crypto/x509/x_exten.c
+++ b/crypto/x509/x_exten.c
@@ -15,7 +15,7 @@
 
 ASN1_SEQUENCE(X509_EXTENSION) = {
         ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
-        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_FBOOLEAN),
         ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_EXTENSION)