On 2/6/22 22:06, Theo Buehler wrote:
For now I'd suggest you send a patch for X509_CRL_get0_tbs_sigalg() with the prototype gated with #if defined(LIBRESSL_CRYPTO_INTERNAL). We would then expose that with the next library bump, which will almost certainly happen before 3.6 goes -stable.
I totally dropped the ball on this, sorry! At risk of becoming a necro-bump, please find attached. I haven't added the regress -- as you suggested it seems like quite a lot ends up needed to test a 3 line accessor that's under LIBRESSL_CRYPTO_INTERNAL.
From: Alex Wilson <[email protected]> Date: Tue, 20 Dec 2022 10:00:41 +1000 Subject: [PATCH] libcrypto: add accessor for tbs sigalg on X509_CRL This is under LIBRESSL_CRYPTO_INTERNAL for now but should be exposed at the next library bump. --- lib/libcrypto/asn1/x_crl.c | 6 ++++++ lib/libcrypto/x509/x509.h | 4 ++++ 2 files changed, 10 insertions(+) diff a/lib/libcrypto/asn1/x_crl.c b/lib/libcrypto/asn1/x_crl.c --- a/lib/libcrypto/asn1/x_crl.c +++ b/lib/libcrypto/asn1/x_crl.c @@ -755,3 +755,9 @@ X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, if (palg != NULL) *palg = crl->sig_alg; } + +const X509_ALGOR * +X509_CRL_get0_tbs_sigalg(const X509_CRL *crl) +{ + return crl->crl->sig_alg; +} diff a/lib/libcrypto/x509/x509.h b/lib/libcrypto/x509/x509.h --- a/lib/libcrypto/x509/x509.h +++ b/lib/libcrypto/x509/x509.h @@ -400,6 +400,10 @@ STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg); +#if defined(LIBRESSL_CRYPTO_INTERNAL) +const X509_ALGOR *X509_CRL_get0_tbs_sigalg(const X509_CRL *crl); +#endif /* LIBRESSL_CRYPTO_INTERNAL */ + int X509_REQ_get_signature_nid(const X509_REQ *req); void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
