3 files changed, 32 insertions, 0 deletions

diff --git a/src/_cffi_src/openssl/x509.py b/src/_cffi_src/openssl/x509.py
index b5d461ab..0fc49ac5 100644
--- a/src/_cffi_src/openssl/x509.py
+++ b/src/_cffi_src/openssl/x509.py
@@ -43,9 +43,12 @@ typedef struct {
 } X509_EXTENSION;
 
 typedef ... X509_EXTENSIONS;
+typedef ... X509_REQ_INFO;
 
 typedef struct {
+    X509_REQ_INFO *req_info;
     X509_ALGOR *sig_alg;
+    ASN1_BIT_STRING *signature;
     ...;
 } X509_REQ;
 
@@ -267,6 +270,7 @@ void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *);
 MACROS = """
 int i2d_X509_CINF(X509_CINF *, unsigned char **);
 int i2d_X509_CRL_INFO(X509_CRL_INFO *, unsigned char **);
+int i2d_X509_REQ_INFO(X509_REQ_INFO *, unsigned char **);
 
 long X509_get_version(X509 *);
 
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 8fa43ea8..4e91bf43 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -921,6 +921,21 @@ class _CertificateSigningRequest(object):
         self._backend.openssl_assert(res == 1)
         return self._backend._read_mem_bio(bio)
 
+    @property
+    def tbs_certrequest_bytes(self):
+        pp = self._backend._ffi.new("unsigned char **")
+        # the X509_REQ_INFO struct holds the CertificateRequestInfo data
+        res = self._backend._lib.i2d_X509_REQ_INFO(self._x509_req.req_info, pp)
+        self._backend.openssl_assert(res > 0)
+        pp = self._backend._ffi.gc(
+            pp, lambda pointer: self._backend._lib.OPENSSL_free(pointer[0])
+        )
+        return self._backend._ffi.buffer(pp[0], res)[:]
+
+    @property
+    def signature(self):
+        return self._backend._asn1_string_to_bytes(self._x509_req.signature)
+
 
 _EXTENSION_HANDLERS = {
     ExtensionOID.BASIC_CONSTRAINTS: _decode_basic_constraints,
diff --git a/src/cryptography/x509/base.py b/src/cryptography/x509/base.py
index 6c2386f6..c56ca5ee 100644
--- a/src/cryptography/x509/base.py
+++ b/src/cryptography/x509/base.py
@@ -270,6 +270,19 @@ class CertificateSigningRequest(object):
         Encodes the request to PEM or DER format.
         """
 
+    @abc.abstractproperty
+    def signature(self):
+        """
+        Returns the signature bytes.
+        """
+
+    @abc.abstractproperty
+    def tbs_certrequest_bytes(self):
+        """
+        Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC
+        2986.
+        """
+
 
 @six.add_metaclass(abc.ABCMeta)
 class RevokedCertificate(object):