From d30c34e060a042aae030e865db45d8d09a72bba6 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Thu, 7 Jul 2022 13:01:28 +0000
Subject: [PATCH] Expose new API in headers.

These are mostly security-level related, but there are also ASN1_TIME
and ASN_INTEGER functions here, as well as some missing accessors.

ok jsing
---
 lib/libcrypto/asn1/asn1.h     | 8 +-------
 lib/libcrypto/bn/bn.h         | 4 +---
 lib/libcrypto/dh/dh.h         | 4 +---
 lib/libcrypto/dsa/dsa.h       | 6 +-----
 lib/libcrypto/evp/evp.h       | 6 +-----
 lib/libcrypto/rsa/rsa.h       | 4 +---
 lib/libcrypto/x509/x509_vfy.h | 6 +-----
 7 files changed, 7 insertions(+), 31 deletions(-)

diff --git a/lib/libcrypto/asn1/asn1.h b/lib/libcrypto/asn1/asn1.h
index 3f9645a1394..00634a6e829 100644
--- a/lib/libcrypto/asn1/asn1.h
+++ b/lib/libcrypto/asn1/asn1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.66 2022/07/04 14:39:43 tb Exp $ */
+/* $OpenBSD: asn1.h,v 1.67 2022/07/07 13:01:28 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -719,13 +719,11 @@ ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len);
 int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out);
 extern const ASN1_ITEM ASN1_TIME_it;
 
-#ifdef LIBRESSL_INTERNAL
 int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
 int ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2);
 int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t2);
 int ASN1_TIME_normalize(ASN1_TIME *t);
 int ASN1_TIME_set_string_X509(ASN1_TIME *time, const char *str);
-#endif
 int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from,
     const ASN1_TIME *to);
 
@@ -755,21 +753,17 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
     const char *sn, const char *ln);
 
-#ifdef LIBRESSL_INTERNAL
 int ASN1_INTEGER_get_uint64(uint64_t *out_val, const ASN1_INTEGER *aint);
 int ASN1_INTEGER_set_uint64(ASN1_INTEGER *aint, uint64_t val);
 int ASN1_INTEGER_get_int64(int64_t *out_val, const ASN1_INTEGER *aint);
 int ASN1_INTEGER_set_int64(ASN1_INTEGER *aint, int64_t val);
-#endif
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
 long ASN1_INTEGER_get(const ASN1_INTEGER *a);
 ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
 BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
 
-#ifdef LIBRESSL_INTERNAL
 int ASN1_ENUMERATED_get_int64(int64_t *out_val, const ASN1_ENUMERATED *aenum);
 int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *aenum, int64_t val);
-#endif
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
 long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
 ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h
index 5abd4890033..436be593bf7 100644
--- a/lib/libcrypto/bn/bn.h
+++ b/lib/libcrypto/bn/bn.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn.h,v 1.53 2022/06/27 12:25:49 tb Exp $ */
+/* $OpenBSD: bn.h,v 1.54 2022/07/07 13:01:28 tb Exp $ */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -471,9 +471,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret,
 
 void	BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
 
-#ifdef LIBRESSL_INTERNAL
 int	BN_security_bits(int L, int N);
-#endif
 
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
diff --git a/lib/libcrypto/dh/dh.h b/lib/libcrypto/dh/dh.h
index c7f4d3fdd0f..4e4fdcd982d 100644
--- a/lib/libcrypto/dh/dh.h
+++ b/lib/libcrypto/dh/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.33 2022/06/27 12:31:38 tb Exp $ */
+/* $OpenBSD: dh.h,v 1.34 2022/07/07 13:01:28 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -143,9 +143,7 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int DH_set_ex_data(DH *d, int idx, void *arg);
 void *DH_get_ex_data(DH *d, int idx);
-#ifdef LIBRESSL_INTERNAL
 int DH_security_bits(const DH *dh);
-#endif
 
 ENGINE *DH_get0_engine(DH *d);
 void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
diff --git a/lib/libcrypto/dsa/dsa.h b/lib/libcrypto/dsa/dsa.h
index 12b1faadf3d..75fb2d004b3 100644
--- a/lib/libcrypto/dsa/dsa.h
+++ b/lib/libcrypto/dsa/dsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa.h,v 1.37 2022/07/04 12:22:32 tb Exp $ */
+/* $OpenBSD: dsa.h,v 1.38 2022/07/07 13:01:28 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -151,9 +151,7 @@ int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int DSA_set_ex_data(DSA *d, int idx, void *arg);
 void *DSA_get_ex_data(DSA *d, int idx);
-#ifdef LIBRESSL_INTERNAL
 int DSA_security_bits(const DSA *d);
-#endif
 
 DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
 int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
@@ -222,10 +220,8 @@ ENGINE *DSA_get0_engine(DSA *d);
 DSA_METHOD *DSA_meth_new(const char *name, int flags);
 void DSA_meth_free(DSA_METHOD *meth);
 DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth);
-#ifdef LIBRESSL_INTERNAL
 const char *DSA_meth_get0_name(const DSA_METHOD *meth);
 int DSA_meth_set1_name(DSA_METHOD *meth, const char *name);
-#endif
 int DSA_meth_set_sign(DSA_METHOD *meth,
     DSA_SIG *(*sign)(const unsigned char *, int, DSA *));
 int DSA_meth_set_finish(DSA_METHOD *meth, int (*finish)(DSA *));
diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h
index a48b81c915f..0574556b630 100644
--- a/lib/libcrypto/evp/evp.h
+++ b/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.101 2022/06/27 12:36:05 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.102 2022/07/07 13:01:28 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -769,9 +769,7 @@ int EVP_PKEY_type(int type);
 int EVP_PKEY_id(const EVP_PKEY *pkey);
 int EVP_PKEY_base_id(const EVP_PKEY *pkey);
 int EVP_PKEY_bits(const EVP_PKEY *pkey);
-#ifdef LIBRESSL_INTERNAL
 int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
-#endif
 int EVP_PKEY_size(const EVP_PKEY *pkey);
 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
@@ -934,10 +932,8 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
     void (*pkey_free)(EVP_PKEY *pkey));
 void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
     int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2));
-#ifdef LIBRESSL_INTERNAL
 void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
     int (*pkey_security_bits)(const EVP_PKEY *pkey));
-#endif
 
 void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
     int (*pkey_check)(const EVP_PKEY *pk));
diff --git a/lib/libcrypto/rsa/rsa.h b/lib/libcrypto/rsa/rsa.h
index 8e19da2c7f4..888902d18cd 100644
--- a/lib/libcrypto/rsa/rsa.h
+++ b/lib/libcrypto/rsa/rsa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa.h,v 1.56 2022/06/27 12:30:28 tb Exp $ */
+/* $OpenBSD: rsa.h,v 1.57 2022/07/07 13:01:28 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -372,9 +372,7 @@ int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 int RSA_set_ex_data(RSA *r, int idx, void *arg);
 void *RSA_get_ex_data(const RSA *r, int idx);
 
-#ifdef LIBRESSL_INTERNAL
 int RSA_security_bits(const RSA *rsa);
-#endif
 
 void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
     const BIGNUM **d);
diff --git a/lib/libcrypto/x509/x509_vfy.h b/lib/libcrypto/x509/x509_vfy.h
index b18dd02fc0a..98b1cf5e928 100644
--- a/lib/libcrypto/x509/x509_vfy.h
+++ b/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.53 2022/07/04 12:17:32 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.54 2022/07/07 13:01:28 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -205,12 +205,10 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 /* Issuer lookup error */
 #define		X509_V_ERR_STORE_LOOKUP				66
 
-#if defined(LIBRESSL_INTERNAL)
 /* Security level errors */
 #define		X509_V_ERR_EE_KEY_TOO_SMALL                     67
 #define		X509_V_ERR_CA_KEY_TOO_SMALL                     68
 #define		X509_V_ERR_CA_MD_TOO_WEAK                       69
-#endif
 
 /* Certificate verify flags */
 
@@ -433,10 +431,8 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
-#if defined(LIBRESSL_INTERNAL)
 void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level);
 time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
-#endif
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
 int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
 						ASN1_OBJECT *policy);
-- 
2.20.1