From 6ed54976ab988ec7cfdbaf1ac00396b0eea716ba Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 27 Jun 2022 14:00:09 +0000
Subject: Prepare to provide X509_VERIFY_PARAM_set_auth_level()

For some unknown reason this needed a different name than security_level,
both internally and in the public API. Obviously it is exactly the same
garbage.

ok beck jsing
---
 src/lib/libcrypto/x509/x509_lcl.h | 1 +
 src/lib/libcrypto/x509/x509_vfy.h | 5 ++++-
 src/lib/libcrypto/x509/x509_vpm.c | 8 +++++++-
 3 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/x509/x509_lcl.h b/src/lib/libcrypto/x509/x509_lcl.h
index 5beef8a94d..d42fa4ad8b 100644
--- a/src/lib/libcrypto/x509/x509_lcl.h
+++ b/src/lib/libcrypto/x509/x509_lcl.h
@@ -272,6 +272,7 @@ struct X509_VERIFY_PARAM_st {
 	int purpose;		/* purpose to check untrusted certificates */
 	int trust;		/* trust setting to check */
 	int depth;		/* Verify depth */
+	int security_level;	/* 'Security level', see SP800-57. */
 	STACK_OF(ASN1_OBJECT) *policies;	/* Permissible policies */
 	X509_VERIFY_PARAM_ID *id;	/* opaque ID data */
 } /* X509_VERIFY_PARAM */;
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index 9a649cbbad..a007fe4795 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.50 2022/01/14 07:53:45 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.51 2022/06/27 14:00:09 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -426,6 +426,9 @@ unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+#if defined(LIBRESSL_INTERNAL)
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level);
+#endif
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
 int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
 						ASN1_OBJECT *policy);
diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c
index 13171e40f5..d4ec2c597f 100644
--- a/src/lib/libcrypto/x509/x509_vpm.c
+++ b/src/lib/libcrypto/x509/x509_vpm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vpm.c,v 1.28 2021/11/01 20:53:08 tb Exp $ */
+/* $OpenBSD: x509_vpm.c,v 1.29 2022/06/27 14:00:09 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
@@ -453,6 +453,12 @@ X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
 	param->depth = depth;
 }
 
+void
+X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level)
+{
+	param->security_level = auth_level;
+}
+
 void
 X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
 {
-- 
cgit v1.2.3-55-g6feb