From a08222b8bebdd9bb3795304dce3e988df2c7595c Mon Sep 17 00:00:00 2001
From: job <>
Date: Thu, 23 Feb 2023 18:12:32 +0000
Subject: Introduce X509_get0_uids() accessor function

By introducing X509_get0_uids(), one can add RPKI profile compliance
checks to conform the absence of the issuerUID and subjectUID.

OK tb@ jsing@
---
 src/lib/libcrypto/x509/x509.h     |  6 +++++-
 src/lib/libcrypto/x509/x509_set.c | 13 ++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/x509')

diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 4ecad066c1..e31f7182d3 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.92 2022/12/26 16:00:36 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.93 2023/02/23 18:12:32 job Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -771,6 +771,10 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
 #endif
 
 const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+void		X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+		    const ASN1_BIT_STRING **psuid);
+#endif
 const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
 int 		X509_set_version(X509 *x, long version);
 long		X509_get_version(const X509 *x);
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
index e65ffb3b4d..19e0f2b55f 100644
--- a/src/lib/libcrypto/x509/x509_set.c
+++ b/src/lib/libcrypto/x509/x509_set.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_set.c,v 1.23 2023/02/16 08:38:17 tb Exp $ */
+/* $OpenBSD: x509_set.c,v 1.24 2023/02/23 18:12:32 job Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -242,3 +242,14 @@ X509_get_X509_PUBKEY(const X509 *x)
 	return x->cert_info->key;
 }
 LCRYPTO_ALIAS(X509_get_X509_PUBKEY);
+
+void
+X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+    const ASN1_BIT_STRING **psuid)
+{
+	if (piuid != NULL)
+		*piuid = x->cert_info->issuerUID;
+	if (psuid != NULL)
+		*psuid = x->cert_info->subjectUID;
+}
+LCRYPTO_ALIAS(X509_get0_uids);
-- 
cgit v1.2.3-55-g6feb