From a9732d04fa4ace9b4d86218e0818c47c68c08d4d Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Mon, 7 Sep 2015 16:51:05 +0100
Subject: [PATCH] Add accessors for request and CRL signatures
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
---
 crypto/x509/x509_req.c | 20 ++++++++++++++++++++
 crypto/x509/x509cset.c | 15 +++++++++++++--
 include/openssl/x509.h |  6 ++++++
 3 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 34336941e5..a2d70c013c 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -314,3 +314,23 @@ X509_NAME *X509_REQ_get_subject_name(X509_REQ *req)
 {
     return req->req_info.subject;
 }
+
+void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+                             X509_REQ *req)
+{
+    if (psig == NULL)
+        *psig = req->signature;
+    if (palg == NULL)
+        *palg = &req->sig_alg;
+}
+
+int X509_REQ_get_signature_nid(const X509_REQ *req)
+{
+    return OBJ_obj2nid(req->sig_alg.algorithm);
+}
+
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
+{
+    req->req_info.enc.modified = 1;
+    return i2d_X509_REQ_INFO(&req->req_info, pp);
+}
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
index 6215cf0123..4dbe6d087f 100644
--- a/crypto/x509/x509cset.c
+++ b/crypto/x509/x509cset.c
@@ -166,12 +166,17 @@ STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
 void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
                              X509_CRL *crl)
 {
-    if (psig)
+    if (psig == NULL)
         *psig = crl->signature;
-    if (palg)
+    if (palg == NULL)
         *palg = &crl->sig_alg;
 }
 
+int X509_CRL_get_signature_nid(const X509_CRL *crl)
+{
+    return OBJ_obj2nid(crl->sig_alg.algorithm);
+}
+
 int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
 {
     ASN1_TIME *in;
@@ -205,3 +210,9 @@ int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
     }
     return (in != NULL);
 }
+
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp)
+{
+    crl->crl.enc.modified = 1;
+    return i2d_X509_CRL_INFO(&crl->crl, pp);
+}
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index f809d38e1a..eb9e3b4453 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -753,6 +753,10 @@ long X509_REQ_get_version(X509_REQ *req);
 int X509_REQ_set_version(X509_REQ *x, long version);
 X509_NAME *X509_REQ_get_subject_name(X509_REQ *req);
 int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+void X509_REQ_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
+                             X509_REQ *req);
+int X509_REQ_get_signature_nid(const X509_REQ *req);
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
 int X509_REQ_extension_nid(int nid);
@@ -793,6 +797,8 @@ X509_NAME *X509_CRL_get_issuer(X509_CRL *crl);
 STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
 void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg,
                              X509_CRL *crl);
+int X509_CRL_get_signature_nid(const X509_CRL *crl);
+int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
 
 int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
 int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
-- 
GitLab