Implement X509_get_signature_info()

This is a slightly strange combination of OBJ_find_sigid_algs() and the
security level API necessary because OBJ_find_sigid_algs() on its own
isn't smart enough for the special needs of RSA-PSS and EdDSA.

The API extracts the hash's NID and the pubkey's NID from the certificate's
signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA
for retrieving the corresponding information. This isn't entirely free
for RSA-PSS, but for now we don't cache this information.

The security bits calculation is a bit hand-wavy, but that's something
that comes along with this sort of numerology.

ok jsing

1 files changed, 2 insertions, 1 deletions

diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 30c63be8e4..b4407d566c 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.202 2024/08/10 06:41:49 tb Exp $
+# $OpenBSD: Makefile,v 1.203 2024/08/28 07:15:04 tb Exp $
 
 LIB=    crypto
 LIBREBUILD=y
@@ -589,6 +589,7 @@ SRCS+= x509_purp.c
 SRCS+= x509_r2x.c
 SRCS+= x509_req.c
 SRCS+= x509_set.c
+SRCS+= x509_siginfo.c
 SRCS+= x509_skey.c
 SRCS+= x509_trs.c
 SRCS+= x509_txt.c