From c0f6792b81784be05c5e51156767a873bca1b374 Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Mon, 1 Aug 2022 16:47:04 +0200
Subject: [PATCH] add missing CRMF API function
 OSSL_CRMF_CERTTEMPLATE_get0_publicKey()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18930)
---
 crypto/crmf/crmf_lib.c               |  6 ++++++
 doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod | 15 ++++++++++-----
 include/openssl/crmf.h.in            |  6 ++++--
 util/libcrypto.num                   |  1 +
 4 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index 11351e33d16..e28c7fe9beb 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -530,6 +530,12 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
     return 1;
 }
 
+const X509_PUBKEY
+    *OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl)
+{
+    return tmpl != NULL ? tmpl->publicKey : NULL;
+}
+
 /* retrieves the serialNumber of the given cert template or NULL on error */
 const ASN1_INTEGER
 *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl)
diff --git a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
index 51296599e5c..6260b33fc28 100644
--- a/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
+++ b/doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod
@@ -3,9 +3,10 @@
 =head1 NAME
 
 OSSL_CRMF_MSG_get0_tmpl,
-OSSL_CRMF_CERTTEMPLATE_get0_serialNumber,
+OSSL_CRMF_CERTTEMPLATE_get0_publicKey,
 OSSL_CRMF_CERTTEMPLATE_get0_subject,
 OSSL_CRMF_CERTTEMPLATE_get0_issuer,
+OSSL_CRMF_CERTTEMPLATE_get0_serialNumber,
 OSSL_CRMF_CERTTEMPLATE_get0_extensions,
 OSSL_CRMF_CERTID_get0_serialNumber,
 OSSL_CRMF_CERTID_get0_issuer,
@@ -18,12 +19,14 @@ OSSL_CRMF_MSG_get_certReqId
  #include <openssl/crmf.h>
 
  OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
- const ASN1_INTEGER
- *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+ const X509_PUBKEY
+ *OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
  const X509_NAME
  *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
  const X509_NAME
  *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+ const ASN1_INTEGER
+ *OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
  X509_EXTENSIONS
  *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 
@@ -43,7 +46,7 @@ OSSL_CRMF_MSG_get_certReqId
 
 OSSL_CRMF_MSG_get0_tmpl() retrieves the certificate template of I<crm>.
 
-OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the
+OSSL_CRMF_CERTTEMPLATE_get0_publicKey() retrieves the public key of the
 given certificate template I<tmpl>.
 
 OSSL_CRMF_CERTTEMPLATE_get0_subject() retrieves the subject name of the
@@ -52,6 +55,9 @@ given certificate template I<tmpl>.
 OSSL_CRMF_CERTTEMPLATE_get0_issuer() retrieves the issuer name of the
 given certificate template I<tmpl>.
 
+OSSL_CRMF_CERTTEMPLATE_get0_serialNumber() retrieves the serialNumber of the
+given certificate template I<tmpl>.
+
 OSSL_CRMF_CERTTEMPLATE_get0_extensions() retrieves the X.509 extensions
 of the given certificate template I<tmpl>, or NULL if not present.
 
@@ -70,7 +76,6 @@ with the caller, who is responsible for freeing it.
 
 OSSL_CRMF_MSG_get_certReqId() retrieves the certReqId of I<crm>.
 
-
 =head1 RETURN VALUES
 
 OSSL_CRMF_MSG_get_certReqId() returns the certificate request ID as a
diff --git a/include/openssl/crmf.h.in b/include/openssl/crmf.h.in
index 4d37ea6d943..2b77607dd1b 100644
--- a/include/openssl/crmf.h.in
+++ b/include/openssl/crmf.h.in
@@ -151,12 +151,14 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
                                int rid, int acceptRAVerified,
                                OSSL_LIB_CTX *libctx, const char *propq);
 OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
-const ASN1_INTEGER
-*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const X509_PUBKEY
+*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
 *OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
+const ASN1_INTEGER
+*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 X509_EXTENSIONS
 *OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
 const X509_NAME
diff --git a/util/libcrypto.num b/util/libcrypto.num
index a078f5c5493..c5d2e9a07ef 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5439,6 +5439,7 @@ ASYNC_set_mem_functions                 ?	3_1_0	EXIST::FUNCTION:
 ASYNC_get_mem_functions                 ?	3_1_0	EXIST::FUNCTION:
 BIO_ADDR_dup                            ?	3_1_0	EXIST::FUNCTION:SOCK
 OSSL_CMP_CTX_get0_validatedSrvCert      ?	3_1_0	EXIST::FUNCTION:CMP
+OSSL_CRMF_CERTTEMPLATE_get0_publicKey   ?	3_1_0	EXIST::FUNCTION:CRMF
 CMS_final_digest                        ?	3_1_0	EXIST::FUNCTION:CMS
 CMS_EnvelopedData_it                    ?	3_1_0	EXIST::FUNCTION:CMS
 CMS_EnvelopedData_decrypt               ?	3_1_0	EXIST::FUNCTION:CMS
-- 
2.47.2