Implement X509_get_signature_info()
authortb <tb@openbsd.org>
Wed, 28 Aug 2024 07:15:04 +0000 (07:15 +0000)
committertb <tb@openbsd.org>
Wed, 28 Aug 2024 07:15:04 +0000 (07:15 +0000)
commitc5d7bed5dd774f32fe3ef5eeee814d3acfe35920
tree469afc5033d56a7c41117bc2c55f5878f39a1a98
parent9c6dcd480f58952c1ea6a18d41996d522349812f
Implement X509_get_signature_info()

This is a slightly strange combination of OBJ_find_sigid_algs() and the
security level API necessary because OBJ_find_sigid_algs() on its own
isn't smart enough for the special needs of RSA-PSS and EdDSA.

The API extracts the hash's NID and the pubkey's NID from the certificate's
signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA
for retrieving the corresponding information. This isn't entirely free
for RSA-PSS, but for now we don't cache this information.

The security bits calculation is a bit hand-wavy, but that's something
that comes along with this sort of numerology.

ok jsing
lib/libcrypto/Makefile
lib/libcrypto/ec/ecx_methods.c
lib/libcrypto/evp/evp_local.h
lib/libcrypto/rsa/rsa_ameth.c
lib/libcrypto/x509/x509.h
lib/libcrypto/x509/x509_siginfo.c [new file with mode: 0644]