From 5f13aebd5f94dc92c82d4651ae13114f9e51da11 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Tue, 1 Apr 2025 17:36:44 +0200
Subject: [PATCH] Push/pop to/from the end of the list object

The last object pushed should be visible in the highest index
---
 src/ssl.c   |  4 ++--
 src/x509.c  | 58 +++++++----------------------------------------------
 tests/api.c | 36 ++++++++++++++++-----------------
 3 files changed, 27 insertions(+), 71 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index bdbd3ee26..2600858ef 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -14743,14 +14743,14 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
 {
     WOLFSSL_ENTER("wolfSSL_sk_push");
 
-    return wolfSSL_sk_insert(sk, data, 0);
+    return wolfSSL_sk_insert(sk, data, -1);
 }
 
 void* wolfSSL_sk_pop(WOLFSSL_STACK* sk)
 {
     WOLFSSL_ENTER("wolfSSL_sk_pop");
 
-    return wolfSSL_sk_pop_node(sk, 0);
+    return wolfSSL_sk_pop_node(sk, -1);
 }
 
 /* return number of elements on success 0 on fail */
diff --git a/src/x509.c b/src/x509.c
index dc87ab117..2a79e39a3 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -4230,38 +4230,7 @@ WOLFSSL_X509* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)* sk, int i)
 /* Return and remove the first x509 pushed on stack */
 WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)* sk)
 {
-    WOLFSSL_STACK* node;
-    WOLFSSL_X509*  x509;
-
-    if (sk == NULL) {
-        return NULL;
-    }
-
-    node = sk->next;
-    x509 = sk->data.x509;
-
-    if (node != NULL) {
-        /* walk to end of stack to first node pushed, and remove it */
-        WOLFSSL_STACK* prevNode = sk;
-
-        while (node->next != NULL) {
-            prevNode = node;
-            node = node->next;
-        }
-
-        x509 = node->data.x509;
-        prevNode->next = NULL;
-        XFREE(node, NULL, DYNAMIC_TYPE_X509);
-    }
-    else { /* only one x509 in stack */
-        sk->data.x509 = NULL;
-    }
-
-    if (sk->num > 0) {
-        sk->num -= 1;
-    }
-
-    return x509;
+    return wolfSSL_sk_pop_node(sk, 0);
 }
 
 #endif /* OPENSSL_EXTRA */
@@ -15318,7 +15287,6 @@ WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
 int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
         int nid, int lastpos)
 {
-    WOLFSSL_STACK* sk;
     int idx;
 
     WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID");
@@ -15329,26 +15297,14 @@ int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
     }
 
     /* search through stack for first matching nid */
-    idx = lastpos + 1;
-    do {
-        sk = wolfSSL_sk_get_node(req->reqAttributes, idx);
-        if (sk != NULL) {
-            WOLFSSL_X509_ATTRIBUTE* attr;
-            attr = (WOLFSSL_X509_ATTRIBUTE*)sk->data.generic;
-            if (nid == attr->object->nid) {
-                /* found a match */
-                break;
-            }
-        }
-        idx++;
-    } while (sk != NULL);
-
-    /* no matches found */
-    if (sk == NULL) {
-        idx = WOLFSSL_FATAL_ERROR;
+    for (idx = lastpos + 1; idx < wolfSSL_sk_num(req->reqAttributes); idx++) {
+        WOLFSSL_X509_ATTRIBUTE* attr =
+             (WOLFSSL_X509_ATTRIBUTE*)wolfSSL_sk_value(req->reqAttributes, idx);
+        if (attr != NULL && attr->object != NULL && attr->object->nid == nid)
+            return idx;
     }
 
-    return idx;
+    return WOLFSSL_FATAL_ERROR;
 }
 
 WOLFSSL_X509_ATTRIBUTE* wolfSSL_X509_ATTRIBUTE_new(void)
diff --git a/tests/api.c b/tests/api.c
index 680886b35..23695d1e9 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -22069,7 +22069,7 @@ static int test_wolfSSL_X509_INFO_multiple_info(void)
         ExpectNotNull(info = sk_X509_INFO_value(info_stack, i));
         ExpectNotNull(info->x509);
         ExpectNull(info->crl);
-        if (i != 0) {
+        if (i != 2) {
             ExpectNotNull(info->x_pkey);
             ExpectIntEQ(X509_check_private_key(info->x509,
                                                info->x_pkey->dec_pkey), 1);
@@ -36213,7 +36213,7 @@ static int test_GENERAL_NAME_set0_othername(void)
 
     ExpectNull(sk_GENERAL_NAME_value(NULL, 0));
     ExpectNull(sk_GENERAL_NAME_value(gns, 20));
-    ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 2));
+    ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 0));
     ExpectIntEQ(gn->type, 0);
 
     sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
@@ -46197,8 +46197,8 @@ static int test_sk_X509(void)
         sk_X509_push(s, &x2);
         ExpectIntEQ(sk_X509_num(s), 2);
         ExpectNull(sk_X509_value(s, 2));
-        ExpectIntEQ((sk_X509_value(s, 0) == &x2), 1);
-        ExpectIntEQ((sk_X509_value(s, 1) == &x1), 1);
+        ExpectIntEQ((sk_X509_value(s, 0) == &x1), 1);
+        ExpectIntEQ((sk_X509_value(s, 1) == &x2), 1);
         sk_X509_push(s, &x2);
 
         sk_X509_pop_free(s, free_x509);
@@ -46223,20 +46223,20 @@ static int test_sk_X509(void)
         for (i = 0; i < len; ++i) {
             sk_X509_push(s, xList[i]);
             ExpectIntEQ(sk_X509_num(s), i + 1);
-            ExpectIntEQ((sk_X509_value(s, 0) == xList[i]), 1);
-            ExpectIntEQ((sk_X509_value(s, i) == xList[0]), 1);
+            ExpectIntEQ((sk_X509_value(s, 0) == xList[0]), 1);
+            ExpectIntEQ((sk_X509_value(s, i) == xList[i]), 1);
         }
 
-        /* pop returns and removes last pushed on stack, which is index 0
+        /* pop returns and removes last pushed on stack, which is the last index
          * in sk_x509_value */
-        for (i = 0; i < len; ++i) {
-            X509 * x = sk_X509_value(s, 0);
+        for (i = len-1; i >= 0; --i) {
+            X509 * x = sk_X509_value(s, i);
             X509 * y = sk_X509_pop(s);
-            X509 * z = xList[len - 1 - i];
+            X509 * z = xList[i];
 
-            ExpectIntEQ((x == y), 1);
-            ExpectIntEQ((x == z), 1);
-            ExpectIntEQ(sk_X509_num(s), len - 1 - i);
+            ExpectPtrEq(x, y);
+            ExpectPtrEq(x, z);
+            ExpectIntEQ(sk_X509_num(s), i);
         }
 
         sk_free(s);
@@ -46248,14 +46248,14 @@ static int test_sk_X509(void)
         for (i = 0; i < len; ++i) {
             sk_X509_push(s, xList[i]);
             ExpectIntEQ(sk_X509_num(s), i + 1);
-            ExpectIntEQ((sk_X509_value(s, 0) == xList[i]), 1);
-            ExpectIntEQ((sk_X509_value(s, i) == xList[0]), 1);
+            ExpectIntEQ((sk_X509_value(s, 0) == xList[0]), 1);
+            ExpectIntEQ((sk_X509_value(s, i) == xList[i]), 1);
         }
 
         /* shift returns and removes first pushed on stack, which is index i
          * in sk_x509_value() */
         for (i = 0; i < len; ++i) {
-            X509 * x = sk_X509_value(s, len - 1 - i);
+            X509 * x = sk_X509_value(s, 0);
             X509 * y = sk_X509_shift(s);
             X509 * z = xList[i];
 
@@ -49234,12 +49234,12 @@ static int test_wolfSSL_d2i_X509_REQ(void)
         ExpectIntEQ(X509_REQ_get_attr_by_NID(NULL, NID_pkcs9_challengePassword,
             -1), -1);
         ExpectIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword,
-            -1), 1);
+            -1), 0);
         ExpectNull(X509_REQ_get_attr(NULL, 3));
         ExpectNull(X509_REQ_get_attr(req, 3));
         ExpectNull(X509_REQ_get_attr(NULL, 0));
         ExpectNull(X509_REQ_get_attr(empty, 0));
-        ExpectNotNull(attr = X509_REQ_get_attr(req, 1));
+        ExpectNotNull(attr = X509_REQ_get_attr(req, 0));
         ExpectNull(X509_ATTRIBUTE_get0_type(NULL, 1));
         ExpectNull(X509_ATTRIBUTE_get0_type(attr, 1));
         ExpectNull(X509_ATTRIBUTE_get0_type(NULL, 0));