Introduce X509_get0_uids() accessor function

By introducing X509_get0_uids(), one can add RPKI profile compliance
checks to conform the absence of the issuerUID and subjectUID.

OK tb@ jsing@

2 files changed, 17 insertions, 2 deletions

diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 4ecad066c1..e31f7182d3 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.92 2022/12/26 16:00:36 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.93 2023/02/23 18:12:32 job Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -771,6 +771,10 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
 #endif
 
 const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+void            X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid);
+#endif
 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
 int             X509_set_version(X509 *x, long version);
 long            X509_get_version(const X509 *x);
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
index e65ffb3b4d..19e0f2b55f 100644
--- a/src/lib/libcrypto/x509/x509_set.c
+++ b/src/lib/libcrypto/x509/x509_set.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_set.c,v 1.23 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_set.c,v 1.24 2023/02/23 18:12:32 job Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -242,3 +242,14 @@ X509_get_X509_PUBKEY(const X509 *x)
         return x->cert_info->key;
 }
 LCRYPTO_ALIAS(X509_get_X509_PUBKEY);
+
+void
+X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+    const ASN1_BIT_STRING **psuid)
+{
+        if (piuid != NULL)
+                *piuid = x->cert_info->issuerUID;
+        if (psuid != NULL)
+                *psuid = x->cert_info->subjectUID;
+}
+LCRYPTO_ALIAS(X509_get0_uids);