From f71d35faa208451802d265b92a613eaa54794efa Mon Sep 17 00:00:00 2001
From: samuel40791765 <sachiang@amazon.com>
Date: Tue, 14 May 2024 21:10:11 +0000
Subject: [PATCH] add support for X509_CRL_http_nbio

---
 crypto/ocsp/internal.h | 2 +-
 crypto/x509/x_all.c    | 6 ++++++
 include/openssl/x509.h | 6 ++++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/crypto/ocsp/internal.h b/crypto/ocsp/internal.h
index 1b1d86e7bb5..875f809d852 100644
--- a/crypto/ocsp/internal.h
+++ b/crypto/ocsp/internal.h
@@ -258,7 +258,7 @@ DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
 // Try exchanging request and response via HTTP on (non-)blocking BIO in rctx.
 OPENSSL_EXPORT int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
 
-// Tries to exchange the request and response with OCSP_REQ_CTX_nbio(), but on
+// Tries to exchange the request and response with |OCSP_REQ_CTX_nbio|, but on
 // success, it additionally parses the response, which must be a
 // DER-encoded ASN.1 structure.
 int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 23508c07f4f..5ea030c2564 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -67,6 +67,7 @@
 #include <openssl/stack.h>
 
 #include "../asn1/internal.h"
+#include "../ocsp/internal.h"
 #include "internal.h"
 
 
@@ -120,6 +121,11 @@ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) {
                             x->sig_alg, x->signature, x->crl, ctx);
 }
 
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl) {
+  return OCSP_REQ_CTX_nbio_d2i(rctx, (ASN1_VALUE **)pcrl,
+                               ASN1_ITEM_rptr(X509_CRL));
+}
+
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) {
   return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL,
                          x->signature, x->spkac, pkey, md));
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 09398b1c597..28419e290e3 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -86,6 +86,7 @@
 #include <openssl/stack.h>
 #include <openssl/thread.h>
 #include <openssl/x509v3_errors.h>  // IWYU pragma: export
+#include "ocsp.h"
 
 #if defined(__cplusplus)
 extern "C" {
@@ -808,6 +809,11 @@ OPENSSL_EXPORT int X509_CRL_set1_signature_value(X509_CRL *crl,
                                                  const uint8_t *sig,
                                                  size_t sig_len);
 
+// X509_CRL_http_nbio calls |OCSP_REQ_CTX_nbio_d2i| to exchange the request
+// via http. On success, it parses the response as a DER-encoded |X509_CRL|
+// ASN.1 structure.
+OPENSSL_EXPORT int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
+
 
 // CRL entries.
 //