From d19a50c9fbd5750f6e75dcca508034e558df7276 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Tue, 22 Sep 2015 15:19:32 +0100
Subject: [PATCH] New function X509_get0_subject_key_id()

Reviewed-by: Rich Salz <rsalz@openssl.org>
---
 crypto/cms/cms_lib.c     | 14 ++++++++------
 crypto/x509v3/v3_purp.c  |  7 +++++++
 include/openssl/x509v3.h |  1 +
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index ef18418ab6..157590d845 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -585,10 +585,11 @@ int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
 
 int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
 {
-    X509_check_purpose(cert, -1, -1);
-    if (!cert->skid)
+    const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
+
+    if (cert_keyid == NULL)
         return -1;
-    return ASN1_OCTET_STRING_cmp(keyid, cert->skid);
+    return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
 }
 
 int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
@@ -613,12 +614,13 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
 int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
 {
     ASN1_OCTET_STRING *keyid = NULL;
-    X509_check_purpose(cert, -1, -1);
-    if (!cert->skid) {
+    const ASN1_OCTET_STRING *cert_keyid;
+    cert_keyid = X509_get0_subject_key_id(cert);
+    if (cert_keyid == NULL) {
         CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
         return 0;
     }
-    keyid = ASN1_STRING_dup(cert->skid);
+    keyid = ASN1_STRING_dup(cert_keyid);
     if (!keyid) {
         CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
         return 0;
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index 61d97726dc..43f355100b 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -62,6 +62,7 @@
 #include "internal/numbers.h"
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
+#include "internal/x509_int.h"
 
 static void x509v3_cache_extensions(X509 *x);
 
@@ -868,3 +869,9 @@ uint32_t X509_get_extended_key_usage(X509 *x)
         return x->ex_xkusage;
     return UINT32_MAX;
 }
+
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
+{
+    X509_check_purpose(x, -1, -1);
+    return x->skid;
+}
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 280b9c143e..3898426b84 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -700,6 +700,7 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
 uint32_t X509_get_extension_flags(X509 *x);
 uint32_t X509_get_key_usage(X509 *x);
 uint32_t X509_get_extended_key_usage(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
 
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE *X509_PURPOSE_get0(int idx);
-- 
2.34.1