fix: extension critical definition to default false

Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21230)

crypto/x509/x509_v3.c

@@ -61,7 +61,7 @@ int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
 int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
                                int lastpos)
 {
-    int n;
+    int n, c;
     X509_EXTENSION *ex;
 
     if (sk == NULL)
@@ -72,7 +72,9 @@ int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
     n = sk_X509_EXTENSION_num(sk);
     for (; lastpos < n; lastpos++) {
         ex = sk_X509_EXTENSION_value(sk, lastpos);
-        if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
+        c = X509_EXTENSION_get_critical(ex);
+        crit = crit != 0;
+        if (c == crit)
             return lastpos;
     }
     return -1;
@@ -201,7 +203,7 @@ int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
 {
     if (ex == NULL)
         return 0;
-    ex->critical = (crit) ? 0xFF : -1;
+    ex->critical = (crit) ? 0xFF : 0;
     return 1;
 }
 

crypto/x509/x_exten.c

@@ -15,7 +15,7 @@
 
 ASN1_SEQUENCE(X509_EXTENSION) = {
         ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
-        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_FBOOLEAN),
         ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_EXTENSION)