From 0f05d2e668a45f821d72d781e0029e47d4ffe160 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sat, 31 Aug 2024 10:49:35 +0000
Subject: Expose X509_get_signature_info

To compensate for all the removals, a single, small, constructive piece
of this bump: expose X509_get_signature_info() so that libssl's security
level API can handle RSA-PSS certificates correctly.

ok beck jsing
---
 src/lib/libcrypto/Symbols.list | 1 +
 src/lib/libcrypto/x509/x509.h  | 4 +---
 2 files changed, 2 insertions(+), 3 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 44540e3cfb..8459316be1 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -2733,6 +2733,7 @@ X509_get_key_usage
 X509_get_pubkey
 X509_get_pubkey_parameters
 X509_get_serialNumber
+X509_get_signature_info
 X509_get_signature_nid
 X509_get_signature_type
 X509_get_subject_name
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 81c2111d02..d919881f86 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.118 2024/08/31 10:46:40 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.119 2024/08/31 10:49:35 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -603,13 +603,11 @@ X509 *		d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
 
 int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
 
-#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
 /* Flags returned by X509_get_signature_info(): valid and suitable for TLS. */
 #define X509_SIG_INFO_VALID	1
 #define X509_SIG_INFO_TLS	2
 int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
     uint32_t *flags);
-#endif
 
 void X509_get0_signature(const ASN1_BIT_STRING **psig,
     const X509_ALGOR **palg, const X509 *x);
-- 
cgit v1.2.3-55-g6feb