From 075c048b99cefdce1245c13c4aa449b28ce8366c Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 28 Aug 2024 07:15:04 +0000
Subject: Implement X509_get_signature_info()

This is a slightly strange combination of OBJ_find_sigid_algs() and the
security level API necessary because OBJ_find_sigid_algs() on its own
isn't smart enough for the special needs of RSA-PSS and EdDSA.

The API extracts the hash's NID and the pubkey's NID from the certificate's
signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA
for retrieving the corresponding information. This isn't entirely free
for RSA-PSS, but for now we don't cache this information.

The security bits calculation is a bit hand-wavy, but that's something
that comes along with this sort of numerology.

ok jsing
---
 src/lib/libcrypto/evp/evp_local.h | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/lib/libcrypto/evp')

diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
index 3e90e068e6..5d541ffec4 100644
--- a/src/lib/libcrypto/evp/evp_local.h
+++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.23 2024/08/22 12:24:24 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.24 2024/08/28 07:15:04 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -112,6 +112,9 @@ struct evp_pkey_asn1_method_st {
 	int (*pkey_bits)(const EVP_PKEY *pk);
 	int (*pkey_security_bits)(const EVP_PKEY *pk);
 
+	int (*signature_info)(const X509_ALGOR *sig_alg, int *out_md_nid,
+	    int *out_pkey_nid, int *out_security_bits, uint32_t *out_flags);
+
 	int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,
 	    int derlen);
 	int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
-- 
cgit v1.2.3-55-g6feb