Add X509_get0_serialNumber() and constify OCSP_cert_to_id()

Reviewed-by: Matt Caswell <matt@openssl.org>

2 files changed, 12 insertions, 6 deletions

diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 5ff2f318b3..8edd70ac8d 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -19,16 +19,17 @@
 
 /* Convert a certificate and its issuer to an OCSP_CERTID */
 
-OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+                             const X509 *issuer)
 {
     X509_NAME *iname;
-    ASN1_INTEGER *serial;
+    const ASN1_INTEGER *serial;
     ASN1_BIT_STRING *ikey;
     if (!dgst)
         dgst = EVP_sha1();
     if (subject) {
         iname = X509_get_issuer_name(subject);
-        serial = X509_get_serialNumber(subject);
+        serial = X509_get0_serialNumber(subject);
     } else {
         iname = X509_get_subject_name(issuer);
         serial = NULL;
@@ -38,9 +39,9 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
 }
 
 OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
-                              X509_NAME *issuerName,
-                              ASN1_BIT_STRING *issuerKey,
-                              ASN1_INTEGER *serialNumber)
+                              const X509_NAME *issuerName,
+                              const ASN1_BIT_STRING *issuerKey,
+                              const ASN1_INTEGER *serialNumber)
 {
     int nid;
     unsigned int i;
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index a33fd4779d..01056356c5 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -107,6 +107,11 @@ ASN1_INTEGER *X509_get_serialNumber(X509 *a)
     return &a->cert_info.serialNumber;
 }
 
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
+{
+    return &a->cert_info.serialNumber;
+}
+
 unsigned long X509_subject_name_hash(X509 *x)
 {
     return (X509_NAME_hash(x->cert_info.subject));