Updating legacy C code to use OpenSSL getters for opaque structures

Question

I've got this ancient C code that I didn't write, but I need to re-compile against newer OpenSSL with opaque structures. I've updated most of the direct struct access to use the getter functions. This is my first time working directly with the OpenSSL library in C.

I am struggling to complete the final portion of this work, which is to get the following struct members in ASN.1 format as another function needs ASN1_OBJECT passed to it:

cert->cert_info->signature->algorithm
cert->cert_info->key->algor->algorithm

I used X509_get0_tbs_sigalg(cert) to get the signature algorithm from cert, but I couldn't figure out from the i2d_* function manpage what the best practice for getting this to ASN.1 format is. I tried a couple things and felt I was just digging myself into a further hole by potentially doing it wrong.

And I couldn't find a direct way to get the key algorithm at all, I'm guessing I need to get something intermediate first?

I could potentially ditch the other function that requires an ASN1_OBJECT, although I'd like to leave that part of the code alone. Even if I did get rid of the other function that requires ASN1_OBJECT, I would still need the algorithms in string format.

Any suggestions? Thanks!

Answer 1

X509_get0_tbs_sigalg() returns an X509_ALGOR structure. From that you can get an ASN1_OBJECT from it using X509_ALGOR_get0.

https://www.openssl.org/docs/man1.1.1/man3/X509_ALGOR_get0.html

To get the key algorithm first get the key as an X509_PUBKEY object using X509_get_X509_PUBKEY():

https://www.openssl.org/docs/man1.1.1/man3/X509_get_X509_PUBKEY.html

From there you can use X509_PUBKEY_get0_param to get the key algorithm:

https://www.openssl.org/docs/man1.1.1/man3/X509_PUBKEY_get0_param.html