From b136a3e4186528672b8452c4cb65385b1fcf1f76 Mon Sep 17 00:00:00 2001 From: tb <> Date: Mon, 26 Dec 2022 16:00:36 +0000 Subject: Prepare to provide X509_CRL_get0_sigalg() This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which does not provide a way to access the tbs sigalg of a CRL. This is needed in security/pivy. From Alex Wilson ok jsing --- src/lib/libcrypto/asn1/x_crl.c | 8 +++++++- src/lib/libcrypto/x509/x509.h | 6 +++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c index 9c300af808..f637bddd36 100644 --- a/src/lib/libcrypto/asn1/x_crl.c +++ b/src/lib/libcrypto/asn1/x_crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x_crl.c,v 1.38 2022/11/26 16:08:50 tb Exp $ */ +/* $OpenBSD: x_crl.c,v 1.39 2022/12/26 16:00:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -755,3 +755,9 @@ X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, if (palg != NULL) *palg = crl->sig_alg; } + +const X509_ALGOR * +X509_CRL_get0_tbs_sigalg(const X509_CRL *crl) +{ + return crl->crl->sig_alg; +} diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index 0ff66587b9..4ecad066c1 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.h,v 1.91 2022/12/26 07:18:53 jmc Exp $ */ +/* $OpenBSD: x509.h,v 1.92 2022/12/26 16:00:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -400,6 +400,10 @@ STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); +#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API) +const X509_ALGOR *X509_CRL_get0_tbs_sigalg(const X509_CRL *crl); +#endif + int X509_REQ_get_signature_nid(const X509_REQ *req); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, -- cgit v1.2.3-55-g6feb