Added X.509 accessor for signature.

cyassl/internal.h

@@ -1662,6 +1662,8 @@ struct CYASSL_X509 {
     byte             notBefore[MAX_DATE_SZ];
     int              notAfterSz;
     byte             notAfter[MAX_DATE_SZ];
+    int              sigOID;
+    buffer           sig;
     buffer           pubKey;
     buffer           derCert;                        /* may need  */
     DNS_entry*       altNames;                       /* alt names list */

cyassl/ssl.h

@@ -418,6 +418,8 @@ CYASSL_API int CyaSSL_X509_NAME_get_text_by_NID(
                                             CYASSL_X509_NAME*, int, char*, int);
 CYASSL_API int         CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX*);
 CYASSL_API const char* CyaSSL_X509_verify_cert_error_string(long);
+CYASSL_API int CyaSSL_X509_get_signature_type(CYASSL_X509*);
+CYASSL_API int CyaSSL_X509_get_signature(CYASSL_X509*, unsigned char*, int*);
 
 CYASSL_API int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP*,const char*,long);
 CYASSL_API int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP*, const char*,

src/internal.c

@@ -1266,6 +1266,7 @@ void InitX509(CYASSL_X509* x509, int dynamicFlag)
     InitX509Name(&x509->subject, 0);
     x509->version        = 0;
     x509->pubKey.buffer  = NULL;
+    x509->sig.buffer     = NULL;
     x509->derCert.buffer = NULL;
     x509->altNames       = NULL;
     x509->altNamesNext   = NULL;
@@ -1284,6 +1285,7 @@ void FreeX509(CYASSL_X509* x509)
     if (x509->pubKey.buffer)
         XFREE(x509->pubKey.buffer, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
     XFREE(x509->derCert.buffer, NULL, DYNAMIC_TYPE_SUBJECT_CN);
+    XFREE(x509->sig.buffer, NULL, 0);
     if (x509->altNames)
         FreeAltNames(x509->altNames, NULL);
     if (x509->dynamicMemory)
@@ -3128,6 +3130,17 @@ int CopyDecodedToX509(CYASSL_X509* x509, DecodedCert* dCert)
             ret = MEMORY_E;
     }
 
+    x509->sig.buffer = (byte*)XMALLOC(dCert->sigLength, NULL, 0);
+    if (x509->sig.buffer == NULL) {
+        ret = MEMORY_E;
+    }
+    else {
+        XMEMCPY(x509->sig.buffer,
+                             &dCert->source[dCert->sigIndex], dCert->sigLength);
+        x509->sig.length = dCert->sigLength;
+        x509->sigOID = dCert->signatureOID;
+    }
+
     /* store cert for potential retrieval */
     x509->derCert.buffer = (byte*)XMALLOC(dCert->maxIdx, NULL,
                                           DYNAMIC_TYPE_CERT);

src/ssl.c

@@ -7137,13 +7137,42 @@ int CyaSSL_set_compression(CYASSL* ssl)
     }
 
 
+    int CyaSSL_X509_get_signature_type(CYASSL_X509* x509)
+    {
+        int type = 0;
+
+        CYASSL_ENTER("CyaSSL_X509_get_signature_type");
+
+        if (x509 != NULL)
+            type = x509->sigOID;
+
+        return type;
+    }
+
+
+    int CyaSSL_X509_get_signature(CYASSL_X509* x509,
+                                                 unsigned char* buf, int* bufSz)
+    {
+        CYASSL_ENTER("CyaSSL_X509_get_signature");
+        if (x509 == NULL || bufSz == NULL || *bufSz < (int)x509->sig.length)
+            return SSL_FATAL_ERROR;
+
+        if (buf != NULL)
+            XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
+        *bufSz = x509->sig.length;
+
+        return SSL_SUCCESS;
+    }
+
+
     /* write X509 serial number in unsigned binary to buffer 
        buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
        return SSL_SUCCESS on success */
     int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
     {
         CYASSL_ENTER("CyaSSL_X509_get_serial_number");
-        if (x509 == NULL || in == NULL || *inOutSz < x509->serialSz)
+        if (x509 == NULL || in == NULL ||
+                                   inOutSz == NULL || *inOutSz < x509->serialSz)
             return BAD_FUNC_ARG;
 
         XMEMCPY(in, x509->serial, x509->serialSz);