From: tb <tb@openbsd.org>
Date: Mon, 26 Dec 2022 16:00:36 +0000 (+0000)
Subject: Prepare to provide X509_CRL_get0_sigalg()
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=53971c370f12f03ad37d92f18bfe4c8c949f4c6a;p=openbsd

Prepare to provide X509_CRL_get0_sigalg()

This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which
does not provide a way to access the tbs sigalg of a CRL. This is needed
in security/pivy.

From Alex Wilson
ok jsing
---

diff --git a/lib/libcrypto/asn1/x_crl.c b/lib/libcrypto/asn1/x_crl.c
index 9c300af808a..f637bddd365 100644
--- a/lib/libcrypto/asn1/x_crl.c
+++ b/lib/libcrypto/asn1/x_crl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x_crl.c,v 1.38 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: x_crl.c,v 1.39 2022/12/26 16:00:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -755,3 +755,9 @@ X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
 	if (palg != NULL)
 		*palg = crl->sig_alg;
 }
+
+const X509_ALGOR *
+X509_CRL_get0_tbs_sigalg(const X509_CRL *crl)
+{
+	return crl->crl->sig_alg;
+}
diff --git a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h
index 0ff66587b99..4ecad066c16 100644
--- a/lib/libcrypto/x509/x509.h
+++ b/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.91 2022/12/26 07:18:53 jmc Exp $ */
+/* $OpenBSD: x509.h,v 1.92 2022/12/26 16:00:36 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -400,6 +400,10 @@ STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
 void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
     const X509_ALGOR **palg);
 
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+const X509_ALGOR *X509_CRL_get0_tbs_sigalg(const X509_CRL *crl);
+#endif
+
 int X509_REQ_get_signature_nid(const X509_REQ *req);
 
 void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,