Expose X509_get_signature_info
authortb <tb@openbsd.org>
Sat, 31 Aug 2024 10:49:35 +0000 (10:49 +0000)
committertb <tb@openbsd.org>
Sat, 31 Aug 2024 10:49:35 +0000 (10:49 +0000)
To compensate for all the removals, a single, small, constructive piece
of this bump: expose X509_get_signature_info() so that libssl's security
level API can handle RSA-PSS certificates correctly.

ok beck jsing

lib/libcrypto/Symbols.list
lib/libcrypto/x509/x509.h

index 44540e3..8459316 100644 (file)
@@ -2733,6 +2733,7 @@ X509_get_key_usage
 X509_get_pubkey
 X509_get_pubkey_parameters
 X509_get_serialNumber
+X509_get_signature_info
 X509_get_signature_nid
 X509_get_signature_type
 X509_get_subject_name
index 81c2111..d919881 100644 (file)
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.118 2024/08/31 10:46:40 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.119 2024/08/31 10:49:35 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -603,13 +603,11 @@ X509 *            d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
 
 int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
 
-#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
 /* Flags returned by X509_get_signature_info(): valid and suitable for TLS. */
 #define X509_SIG_INFO_VALID    1
 #define X509_SIG_INFO_TLS      2
 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
     uint32_t *flags);
-#endif
 
 void X509_get0_signature(const ASN1_BIT_STRING **psig,
     const X509_ALGOR **palg, const X509 *x);