CVSROOT: /cvs
Module name: src
Changes by: t...@cvs.openbsd.org 2024/08/28 01:15:04
Modified files:
lib/libcrypto : Makefile
lib/libcrypto/ec: ecx_methods.c
lib/libcrypto/evp: evp_local.h
lib/libcrypto/rsa: rsa_ameth.c
lib/libcrypto/x509: x509.h
Added files:
lib/libcrypto/x509: x509_siginfo.c
Log message:
Implement X509_get_signature_info()
This is a slightly strange combination of OBJ_find_sigid_algs() and the
security level API necessary because OBJ_find_sigid_algs() on its own
isn't smart enough for the special needs of RSA-PSS and EdDSA.
The API extracts the hash's NID and the pubkey's NID from the certificate's
signatureAlgorithm and invokes special handlers for RSA-PSS and EdDSA
for retrieving the corresponding information. This isn't entirely free
for RSA-PSS, but for now we don't cache this information.
The security bits calculation is a bit hand-wavy, but that's something
that comes along with this sort of numerology.
ok jsing
