summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2024-08-31 10:49:35 +0000
committertb <>2024-08-31 10:49:35 +0000
commit0f05d2e668a45f821d72d781e0029e47d4ffe160 (patch)
tree32639e68ce9ec38e04394b28f2ed3a6d1b98ccb1
parent1d2f824e57591d47f461d3ef7afa58b19d2091e7 (diff)
downloadopenbsd-0f05d2e668a45f821d72d781e0029e47d4ffe160.tar.gz
openbsd-0f05d2e668a45f821d72d781e0029e47d4ffe160.tar.bz2
openbsd-0f05d2e668a45f821d72d781e0029e47d4ffe160.zip
Expose X509_get_signature_info
To compensate for all the removals, a single, small, constructive piece of this bump: expose X509_get_signature_info() so that libssl's security level API can handle RSA-PSS certificates correctly. ok beck jsing
Diffstat
-rw-r--r--src/lib/libcrypto/Symbols.list1
-rw-r--r--src/lib/libcrypto/x509/x509.h4
2 files changed, 2 insertions, 3 deletions
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 44540e3cfb..8459316be1 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -2733,6 +2733,7 @@ X509_get_key_usage
2733X509_get_pubkey 2733X509_get_pubkey
2734X509_get_pubkey_parameters 2734X509_get_pubkey_parameters
2735X509_get_serialNumber 2735X509_get_serialNumber
2736X509_get_signature_info
2736X509_get_signature_nid 2737X509_get_signature_nid
2737X509_get_signature_type 2738X509_get_signature_type
2738X509_get_subject_name 2739X509_get_subject_name
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 81c2111d02..d919881f86 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.h,v 1.118 2024/08/31 10:46:40 tb Exp $ */ 1/* $OpenBSD: x509.h,v 1.119 2024/08/31 10:49:35 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -603,13 +603,11 @@ X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
603 603
604int i2d_re_X509_tbs(X509 *x, unsigned char **pp); 604int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
605 605
606#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
607/* Flags returned by X509_get_signature_info(): valid and suitable for TLS. */ 606/* Flags returned by X509_get_signature_info(): valid and suitable for TLS. */
608#define X509_SIG_INFO_VALID 1 607#define X509_SIG_INFO_VALID 1
609#define X509_SIG_INFO_TLS 2 608#define X509_SIG_INFO_TLS 2
610int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits, 609int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
611 uint32_t *flags); 610 uint32_t *flags);
612#endif
613 611
614void X509_get0_signature(const ASN1_BIT_STRING **psig, 612void X509_get0_signature(const ASN1_BIT_STRING **psig,
615 const X509_ALGOR **palg, const X509 *x); 613 const X509_ALGOR **palg, const X509 *x);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 05:54:38 +0000