sync with OpenBSD -current

lib/libcrypto/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.202 2024/08/10 06:41:49 tb Exp $
+# $OpenBSD: Makefile,v 1.203 2024/08/28 07:15:04 tb Exp $
 
 LIB=	crypto
 LIBREBUILD=y
@@ -589,6 +589,7 @@ SRCS+= x509_purp.c
 SRCS+= x509_r2x.c
 SRCS+= x509_req.c
 SRCS+= x509_set.c
+SRCS+= x509_siginfo.c
 SRCS+= x509_skey.c
 SRCS+= x509_trs.c
 SRCS+= x509_txt.c

lib/libcrypto/arch/aarch64/arm64cap.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: arm64cap.c,v 1.3 2023/07/26 09:57:34 jsing Exp $ */
+/* $OpenBSD: arm64cap.c,v 1.4 2024/08/29 03:30:05 deraadt Exp $ */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -63,7 +63,11 @@ OPENSSL_cpuid_setup(void)
 static sigset_t all_masked;
 
 static sigjmp_buf ill_jmp;
-	static void ill_handler (int sig) { siglongjmp(ill_jmp, sig);
+
+static void
+ill_handler(int sig)
+{
+	siglongjmp(ill_jmp, sig);
 }
 
 /*

lib/libcrypto/arch/arm/armcap.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: armcap.c,v 1.2 2023/07/26 09:57:34 jsing Exp $ */
+/* $OpenBSD: armcap.c,v 1.3 2024/08/29 03:30:05 deraadt Exp $ */
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -14,7 +14,11 @@ unsigned int OPENSSL_armcap_P;
 static sigset_t all_masked;
 
 static sigjmp_buf ill_jmp;
-	static void ill_handler (int sig) { siglongjmp(ill_jmp, sig);
+
+static void
+ill_handler(int sig)
+{
+	siglongjmp(ill_jmp, sig);
 }
 
 /*

lib/libcrypto/asn1/t_x509.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: t_x509.c,v 1.45 2024/04/09 13:55:02 beck Exp $ */
+/* $OpenBSD: t_x509.c,v 1.46 2024/08/28 06:17:06 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <limits.h>
 #include <stdio.h>
 
 #include <openssl/opensslconf.h>
@@ -155,8 +156,21 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 
 		bs = X509_get_serialNumber(x);
 		l = -1;
-		if (bs->length <= (int)sizeof(long))
-			l = ASN1_INTEGER_get(bs);
+
+		/*
+		 * For historical reasons, non-negative serial numbers are
+		 * printed in decimal as long as they fit into a long. Using
+		 * ASN1_INTEGER_get_uint64() avoids an error on the stack for
+		 * numbers between LONG_MAX and ULONG_MAX. Otherwise fall back
+		 * to hexadecimal, also for numbers that are non-conformant
+		 * (negative or larger than 2^159 - 1).
+		 */
+		if (bs->length <= sizeof(long) && bs->type == V_ASN1_INTEGER) {
+			uint64_t u64;
+
+			if (ASN1_INTEGER_get_uint64(&u64, bs) && u64 <= LONG_MAX)
+				l = (long)u64;
+		}
 		if (l >= 0) {
 			if (BIO_printf(bp, " %ld (0x%lx)\n", l, l) <= 0)
 				goto err;

lib/libcrypto/conf/conf_def.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_def.c,v 1.36 2024/08/24 12:08:49 tb Exp $ */
+/* $OpenBSD: conf_def.c,v 1.37 2024/08/28 15:48:33 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -85,7 +85,7 @@ def_create(CONF_METHOD *meth)
 {
 	CONF *ret;
 
-	ret = malloc(sizeof(CONF) + sizeof(unsigned short *));
+	ret = calloc(1, sizeof(CONF) + sizeof(unsigned short *));
 	if (ret)
 		if (meth->init(ret) == 0) {
 			free(ret);

lib/libcrypto/dh/dh_ameth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.40 2024/01/04 17:01:26 tb Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.41 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -496,32 +496,6 @@ DHparams_print_fp(FILE *fp, const DH *x)
 }
 LCRYPTO_ALIAS(DHparams_print_fp);
 
-static int
-dh_pkey_public_check(const EVP_PKEY *pkey)
-{
-	DH *dh = pkey->pkey.dh;
-
-	if (dh->pub_key == NULL) {
-		DHerror(DH_R_MISSING_PUBKEY);
-		return 0;
-	}
-
-	return DH_check_pub_key_ex(dh, dh->pub_key);
-}
-
-static int
-dh_pkey_param_check(const EVP_PKEY *pkey)
-{
-	DH *dh = pkey->pkey.dh;
-
-	/*
-	 * It would have made more sense to support EVP_PKEY_check() for DH
-	 * keys and call DH_check_ex() there and keeping this as a wrapper
-	 * for DH_param_check_ex(). We follow OpenSSL's choice.
-	 */
-	return DH_check_ex(dh);
-}
-
 const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
 	.base_method = &dh_asn1_meth,
 	.pkey_id = EVP_PKEY_DH,
@@ -550,8 +524,4 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
 	.param_print = dh_param_print,
 
 	.pkey_free = dh_free,
-
-	.pkey_check = NULL,
-	.pkey_public_check = dh_pkey_public_check,
-	.pkey_param_check = dh_pkey_param_check,
 };

lib/libcrypto/ec/ec_ameth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.68 2024/05/10 05:12:03 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.69 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -689,41 +689,6 @@ ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 
 }
 
-static int
-ec_pkey_check(const EVP_PKEY *pkey)
-{
-	EC_KEY *eckey = pkey->pkey.ec;
-
-	if (eckey->priv_key == NULL) {
-		ECerror(EC_R_MISSING_PRIVATE_KEY);
-		return 0;
-	}
-
-	return EC_KEY_check_key(eckey);
-}
-
-static int
-ec_pkey_public_check(const EVP_PKEY *pkey)
-{
-	EC_KEY *eckey = pkey->pkey.ec;
-
-	/* This also checks the private key, but oh, well... */
-	return EC_KEY_check_key(eckey);
-}
-
-static int
-ec_pkey_param_check(const EVP_PKEY *pkey)
-{
-	EC_KEY *eckey = pkey->pkey.ec;
-
-	if (eckey->group == NULL) {
-		ECerror(EC_R_MISSING_PARAMETERS);
-		return 0;
-	}
-
-	return EC_GROUP_check(eckey->group, NULL);
-}
-
 #ifndef OPENSSL_NO_CMS
 
 static int
@@ -1092,8 +1057,4 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
 	.pkey_ctrl = ec_pkey_ctrl,
 	.old_priv_decode = old_ec_priv_decode,
 	.old_priv_encode = old_ec_priv_encode,
-
-	.pkey_check = ec_pkey_check,
-	.pkey_public_check = ec_pkey_public_check,
-	.pkey_param_check = ec_pkey_param_check,
 };

lib/libcrypto/ec/ecx_methods.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ecx_methods.c,v 1.13 2024/04/02 04:04:07 tb Exp $ */
+/*	$OpenBSD: ecx_methods.c,v 1.14 2024/08/28 07:15:04 tb Exp $ */
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
  *
@@ -509,6 +509,24 @@ ecx_security_bits(const EVP_PKEY *pkey)
 	return 0;
 }
 
+static int
+ecx_signature_info(const X509_ALGOR *algor, int *md_nid, int *pkey_nid,
+    int *security_bits, uint32_t *flags)
+{
+	const ASN1_OBJECT *aobj;
+
+	X509_ALGOR_get0(&aobj, NULL, NULL, algor);
+	if (OBJ_obj2nid(aobj) != EVP_PKEY_ED25519)
+		return 0;
+
+	*md_nid = NID_undef;
+	*pkey_nid = NID_ED25519;
+	*security_bits = ED25519_SECURITY_BITS;
+	*flags = X509_SIG_INFO_TLS | X509_SIG_INFO_VALID;
+
+	return 1;
+}
+
 static int
 ecx_param_cmp(const EVP_PKEY *pkey1, const EVP_PKEY *pkey2)
 {
@@ -929,6 +947,8 @@ const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
 	.pkey_bits = ecx_bits,
 	.pkey_security_bits = ecx_security_bits,
 
+	.signature_info = ecx_signature_info,
+
 	.param_cmp = ecx_param_cmp,
 
 	.pkey_free = ecx_free,

lib/libcrypto/evp/evp_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.23 2024/08/22 12:24:24 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.25 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -112,6 +112,9 @@ struct evp_pkey_asn1_method_st {
 	int (*pkey_bits)(const EVP_PKEY *pk);
 	int (*pkey_security_bits)(const EVP_PKEY *pk);
 
+	int (*signature_info)(const X509_ALGOR *sig_alg, int *out_md_nid,
+	    int *out_pkey_nid, int *out_security_bits, uint32_t *out_flags);
+
 	int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,
 	    int derlen);
 	int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
@@ -137,10 +140,6 @@ struct evp_pkey_asn1_method_st {
 	int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
 	    X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig);
 
-	int (*pkey_check)(const EVP_PKEY *pk);
-	int (*pkey_public_check)(const EVP_PKEY *pk);
-	int (*pkey_param_check)(const EVP_PKEY *pk);
-
 	int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key,
 	    size_t len);
 	int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key,
@@ -319,10 +318,6 @@ struct evp_pkey_method_st {
 	    const unsigned char *tbs, size_t tbslen);
 	int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
 	    size_t siglen, const unsigned char *tbs, size_t tbslen);
-
-	int (*check)(EVP_PKEY *pkey);
-	int (*public_check)(EVP_PKEY *pkey);
-	int (*param_check)(EVP_PKEY *pkey);
 } /* EVP_PKEY_METHOD */;
 
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);

lib/libcrypto/evp/pmeth_gn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.19 2024/04/17 08:24:11 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.20 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -226,68 +226,30 @@ merr:
 }
 LCRYPTO_ALIAS(EVP_PKEY_new_mac_key);
 
+/*
+ * XXX - remove the API below in the next bump.
+ */
+
 int
 EVP_PKEY_check(EVP_PKEY_CTX *ctx)
 {
-	EVP_PKEY *pkey;
-
-	if ((pkey = ctx->pkey) == NULL) {
-		EVPerror(EVP_R_NO_KEY_SET);
-		return 0;
-	}
-
-	if (ctx->pmeth->check != NULL)
-		return ctx->pmeth->check(pkey);
-
-	if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) {
-		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-	}
-
-	return pkey->ameth->pkey_check(pkey);
+	EVPerror(ERR_R_DISABLED);
+	return -2;
 }
 LCRYPTO_ALIAS(EVP_PKEY_check);
 
 int
 EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
 {
-	EVP_PKEY *pkey;
-
-	if ((pkey = ctx->pkey) == NULL) {
-		EVPerror(EVP_R_NO_KEY_SET);
-		return 0;
-	}
-
-	if (ctx->pmeth->public_check != NULL)
-		return ctx->pmeth->public_check(pkey);
-
-	if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
-		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-	}
-
-	return pkey->ameth->pkey_public_check(pkey);
+	EVPerror(ERR_R_DISABLED);
+	return -2;
 }
 LCRYPTO_ALIAS(EVP_PKEY_public_check);
 
 int
 EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
 {
-	EVP_PKEY *pkey;
-
-	if ((pkey = ctx->pkey) == NULL) {
-		EVPerror(EVP_R_NO_KEY_SET);
-		return 0;
-	}
-
-	if (ctx->pmeth->param_check != NULL)
-		return ctx->pmeth->param_check(pkey);
-
-	if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
-		EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-		return -2;
-	}
-
-	return pkey->ameth->pkey_param_check(pkey);
+	EVPerror(ERR_R_DISABLED);
+	return -2;
 }
 LCRYPTO_ALIAS(EVP_PKEY_param_check);

lib/libcrypto/hidden/openssl/x509.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.9 2024/07/26 13:34:56 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.10 2024/08/28 08:41:18 tb Exp $ */
 /*
  * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
  *
@@ -387,6 +387,7 @@ LCRYPTO_USED(X509_get_ex_data);
 LCRYPTO_USED(i2d_X509_AUX);
 LCRYPTO_USED(d2i_X509_AUX);
 LCRYPTO_USED(i2d_re_X509_tbs);
+LCRYPTO_USED(X509_get_signature_info);
 LCRYPTO_USED(X509_get0_signature);
 LCRYPTO_USED(X509_get_signature_nid);
 LCRYPTO_USED(X509_alias_set1);

lib/libcrypto/hidden/openssl/x509v3.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.9 2024/07/08 17:01:54 beck Exp $ */
+/* $OpenBSD: x509v3.h,v 1.12 2024/08/28 08:59:03 tb Exp $ */
 /*
  * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
  *
@@ -139,17 +139,17 @@ LCRYPTO_USED(X509V3_EXT_REQ_add_nconf);
 LCRYPTO_USED(X509V3_EXT_CRL_add_nconf);
 LCRYPTO_USED(X509V3_EXT_conf_nid);
 LCRYPTO_USED(X509V3_EXT_conf);
-LCRYPTO_USED(X509V3_EXT_add_conf);
-LCRYPTO_USED(X509V3_EXT_REQ_add_conf);
-LCRYPTO_USED(X509V3_EXT_CRL_add_conf);
+LCRYPTO_UNUSED(X509V3_EXT_add_conf);
+LCRYPTO_UNUSED(X509V3_EXT_REQ_add_conf);
+LCRYPTO_UNUSED(X509V3_EXT_CRL_add_conf);
 LCRYPTO_USED(X509V3_add_value_bool_nf);
 LCRYPTO_USED(X509V3_get_value_bool);
 LCRYPTO_USED(X509V3_get_value_int);
 LCRYPTO_USED(X509V3_set_nconf);
-LCRYPTO_USED(X509V3_set_conf_lhash);
-LCRYPTO_USED(X509V3_get_string);
+LCRYPTO_UNUSED(X509V3_set_conf_lhash);
+LCRYPTO_UNUSED(X509V3_get_string);
 LCRYPTO_USED(X509V3_get_section);
-LCRYPTO_USED(X509V3_string_free);
+LCRYPTO_UNUSED(X509V3_string_free);
 LCRYPTO_USED(X509V3_section_free);
 LCRYPTO_USED(X509V3_set_ctx);
 LCRYPTO_USED(X509V3_add_value);

lib/libcrypto/man/X509_get0_signature.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_get0_signature.3,v 1.8 2023/03/16 12:01:47 job Exp $
+.\" $OpenBSD: X509_get0_signature.3,v 1.9 2024/08/28 07:18:55 tb Exp $
 .\" selective merge up to:
 .\" OpenSSL man3/X509_get0_signature 2f7a2520 Apr 25 17:28:08 2017 +0100
 .\"
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 16 2023 $
+.Dd $Mdocdate: August 28 2024 $
 .Dt X509_GET0_SIGNATURE 3
 .Os
 .Sh NAME
@@ -78,7 +78,8 @@
 .Nm X509_get_signature_type ,
 .Nm X509_get_signature_nid ,
 .Nm X509_REQ_get_signature_nid ,
-.Nm X509_CRL_get_signature_nid
+.Nm X509_CRL_get_signature_nid ,
+.Nm X509_get_signature_info
 .Nd signature information
 .Sh SYNOPSIS
 .In openssl/x509.h
@@ -124,6 +125,14 @@
 .Fo X509_CRL_get_signature_nid
 .Fa "const X509_CRL *crl"
 .Fc
+.Ft int
+.Fo X509_get_signature_info
+.Fa "X509 *x"
+.Fa "int *md_nid"
+.Fa "int *pkey_nid"
+.Fa "int *security_bits"
+.Fa "uint32_t *flags"
+.Fc
 .Sh DESCRIPTION
 .Fn X509_get0_signature ,
 .Fn X509_REQ_get0_signature ,
@@ -170,6 +179,51 @@ respectively, just like
 .Xr EVP_PKEY_id 3
 does.
 .Pp
+.Fn X509_get_signature_info
+retrieves information about the signature of certificate
+.Fa x .
+The NID of the digest algorithm is written to
+.Pf * Fa md_nid ,
+the public key algorithm to
+.Pf * Fa pkey_nid ,
+the effective security bits to
+.Pf * Fa security_bits ,
+and flag details to
+.Pf * Fa flags .
+Any of the output parameters can be set to
+.Dv NULL
+if the information is not required.
+If
+.Fa flags
+is not a
+.Dv NULL
+pointer,
+.Pf * Fa flags
+is set to the bitwise OR of:
+.Bl -tag -width 1n -offset 3n
+.It Dv X509_SIG_INFO_VALID
+No error occurred.
+This flag is set if
+.Fn X509_get_signature_info
+returns 1.
+.It Dv X509_SIG_INFO_TLS
+The signature algorithm is appropriate for use in TLS.
+For a supported EdDSA algorithm (in LibreSSL this is Ed25519)
+this flag is always set.
+For an RSASSA-PSS PSS algorithm this flag is set if
+the parameters are DER encoded,
+the digest algorithm is one of SHA256, SHA384, or SHA512,
+the same digest algorithm is used in the mask generation function,
+and the salt length is equal to the digest algorithm's output length.
+For all other signature algorithms this flag is set if the digest
+algorithm is one of SHA1, SHA256, SHA384, or SHA512.
+.El
+.Pp
+.Fn X509_get_signature_info
+returns 1 on success and 0 on failure.
+Failure conditions include unsupported signature algorithms,
+certificate parsing errors and memory allocation failure.
+.Pp
 These functions provide lower level access to the signature
 for cases where an application wishes to analyse or generate a
 signature in a form where
@@ -211,3 +265,16 @@ All these functions have been available since
 .Fn X509_CRL_get0_tbs_sigalg
 first appeared in LibreSSL 3.7.1 and has been available since
 .Ox 7.3 .
+.Pp
+.Fn X509_get_signature_info
+first appeared in OpenSSL 1.1.1 and has been available since
+.Ox 7.6 .
+.Sh CAVEATS
+The security bits returned by
+.Fn X509_get_signature_info
+refer to the information available from the certificate signature
+(such as the signing digest).
+In some cases the actual security of the signature is smaller
+because the signing key is less secure.
+For example in a certificate signed using SHA512
+and a 1024-bit RSA key.

lib/libcrypto/objects/obj_xref.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: obj_xref.c,v 1.14 2024/01/27 16:08:43 tb Exp $ */
+/*	$OpenBSD: obj_xref.c,v 1.15 2024/08/28 06:53:24 tb Exp $ */
 
 /*
  * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@@ -178,7 +178,7 @@ static const struct {
 	{
 		.sign_nid = NID_rsassaPss,
 		.hash_nid = NID_undef,
-		.pkey_nid = NID_rsaEncryption,
+		.pkey_nid = NID_rsassaPss,
 	},
 	{
 		.sign_nid = NID_id_tc26_signwithdigest_gost3410_2012_256,

lib/libcrypto/ocsp/ocsp_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_lib.c,v 1.26 2023/07/08 10:44:00 beck Exp $ */
+/* $OpenBSD: ocsp_lib.c,v 1.28 2024/08/28 06:27:19 tb Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
  * project. */
 
@@ -75,6 +75,7 @@
 #include <openssl/x509v3.h>
 
 #include "ocsp_local.h"
+#include "x509_local.h"
 
 /* Convert a certificate and its issuer to an OCSP_CERTID */
 
@@ -109,50 +110,44 @@ OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName,
 {
 	int nid;
 	unsigned int i;
-	X509_ALGOR *alg;
 	OCSP_CERTID *cid = NULL;
 	unsigned char md[EVP_MAX_MD_SIZE];
 
-	if (!(cid = OCSP_CERTID_new()))
+	if ((cid = OCSP_CERTID_new()) == NULL)
 		goto err;
 
-	alg = cid->hashAlgorithm;
-	if (alg->algorithm != NULL)
-		ASN1_OBJECT_free(alg->algorithm);
 	if ((nid = EVP_MD_type(dgst)) == NID_undef) {
 		OCSPerror(OCSP_R_UNKNOWN_NID);
 		goto err;
 	}
-	if (!(alg->algorithm = OBJ_nid2obj(nid)))
+	if (!X509_ALGOR_set0_by_nid(cid->hashAlgorithm, nid, V_ASN1_NULL, NULL))
 		goto err;
-	if ((alg->parameter = ASN1_TYPE_new()) == NULL)
-		goto err;
-	alg->parameter->type = V_ASN1_NULL;
 
-	if (!X509_NAME_digest(issuerName, dgst, md, &i))
-		goto digerr;
-	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))
+	if (!X509_NAME_digest(issuerName, dgst, md, &i)) {
+		OCSPerror(OCSP_R_DIGEST_ERR);
+		goto err;
+	}
+	if (!ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))
 		goto err;
 
 	/* Calculate the issuerKey hash, excluding tag and length */
 	if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
 		goto err;
 
-	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))
+	if (!ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))
 		goto err;
 
-	if (serialNumber) {
+	if (serialNumber != NULL) {
 		ASN1_INTEGER_free(cid->serialNumber);
-		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
+		if ((cid->serialNumber = ASN1_INTEGER_dup(serialNumber)) == NULL)
 			goto err;
 	}
+
 	return cid;
 
-digerr:
-	OCSPerror(OCSP_R_DIGEST_ERR);
-err:
-	if (cid)
-		OCSP_CERTID_free(cid);
+ err:
+	OCSP_CERTID_free(cid);
+
 	return NULL;
 }
 LCRYPTO_ALIAS(OCSP_cert_id_new);
@@ -162,6 +157,11 @@ OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
 {
 	int ret;
 
+	/*
+	 * XXX - should we really ignore parameters here? We probably need to
+	 * consider omitted parameters and explicit ASN.1 NULL as equal for
+	 * the SHAs, so don't blindly switch to X509_ALGOR_cmp().
+	 */
 	ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
 	if (ret)
 		return ret;

lib/libcrypto/ocsp/ocsp_prn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_prn.c,v 1.10 2023/07/08 10:44:00 beck Exp $ */
+/* $OpenBSD: ocsp_prn.c,v 1.11 2024/08/28 06:18:44 tb Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
  * project. */
 
@@ -65,16 +65,20 @@
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
 #include <openssl/pem.h>
+#include <openssl/x509.h>
 
 #include "ocsp_local.h"
 
 static int
 ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
 {
+	const ASN1_OBJECT *aobj;
+
 	BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
 	indent += 2;
 	BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
-	i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+	X509_ALGOR_get0(&aobj, NULL, NULL, a->hashAlgorithm);
+	i2a_ASN1_OBJECT(bp, aobj);
 	BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
 	i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
 	BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");

lib/libcrypto/rsa/rsa_ameth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.58 2024/03/17 07:10:00 tb Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.60 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -845,6 +845,58 @@ rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
 	return 1;
 }
 
+static int
+rsa_pss_signature_info(const X509_ALGOR *alg, int *out_md_nid,
+    int *out_pkey_nid, int *out_security_bits, uint32_t *out_flags)
+{
+	RSA_PSS_PARAMS *pss = NULL;
+	const ASN1_OBJECT *aobj;
+	const EVP_MD *md, *mgf1md;
+	int md_len, salt_len;
+	int md_nid = NID_undef, pkey_nid = NID_undef;
+	int security_bits = -1;
+	uint32_t flags = 0;
+
+	X509_ALGOR_get0(&aobj, NULL, NULL, alg);
+	if (OBJ_obj2nid(aobj) != EVP_PKEY_RSA_PSS)
+		goto err;
+
+	if ((pss = rsa_pss_decode(alg)) == NULL)
+		goto err;
+	if (!rsa_pss_get_param(pss, &md, &mgf1md, &salt_len))
+		goto err;
+
+	if ((md_nid = EVP_MD_type(md)) == NID_undef)
+		goto err;
+	if ((md_len = EVP_MD_size(md)) <= 0)
+		goto err;
+
+	/*
+	 * RFC 8446, section 4.2.3 - restricts the digest algorithm:
+	 * - it must be one of SHA256, SHA384, and SHA512;
+	 * - the same digest must be used in the mask generation function;
+	 * - the salt length must match the output length of the digest.
+	 * XXX - consider separate flags for these checks.
+	 */
+	if (md_nid == NID_sha256 || md_nid == NID_sha384 || md_nid == NID_sha512) {
+		if (md_nid == EVP_MD_type(mgf1md) && salt_len == md_len)
+			flags |= X509_SIG_INFO_TLS;
+	}
+
+	security_bits = md_len * 4;
+	flags |= X509_SIG_INFO_VALID;
+
+	*out_md_nid = md_nid;
+	*out_pkey_nid = pkey_nid;
+	*out_security_bits = security_bits;
+	*out_flags = flags;
+
+ err:
+	RSA_PSS_PARAMS_free(pss);
+
+	return (flags & X509_SIG_INFO_VALID) != 0;
+}
+
 #ifndef OPENSSL_NO_CMS
 static int
 rsa_cms_verify(CMS_SignerInfo *si)
@@ -1030,12 +1082,6 @@ rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
 	return 2;
 }
 
-static int
-rsa_pkey_check(const EVP_PKEY *pkey)
-{
-	return RSA_check_key(pkey->pkey.rsa);
-}
-
 #ifndef OPENSSL_NO_CMS
 static RSA_OAEP_PARAMS *
 rsa_oaep_decode(const X509_ALGOR *alg)
@@ -1183,16 +1229,12 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meth = {
 	.old_priv_encode = old_rsa_priv_encode,
 	.item_verify = rsa_item_verify,
 	.item_sign = rsa_item_sign,
-
-	.pkey_check = rsa_pkey_check,
 };
 
 const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth = {
 	.base_method = &rsa_asn1_meth,
 	.pkey_id = EVP_PKEY_RSA2,
 	.pkey_flags = ASN1_PKEY_ALIAS,
-
-	.pkey_check = rsa_pkey_check,
 };
 
 const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
@@ -1216,6 +1258,8 @@ const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
 	.pkey_bits = rsa_bits,
 	.pkey_security_bits = rsa_security_bits,
 
+	.signature_info = rsa_pss_signature_info,
+
 	.sig_print = rsa_sig_print,
 
 	.pkey_free = rsa_free,

lib/libcrypto/x509/x509.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.112 2024/06/12 03:55:46 tb Exp $ */
+/* $OpenBSD: x509.h,v 1.113 2024/08/28 07:15:04 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -622,6 +622,14 @@ X509 *		d2i_X509_AUX(X509 **a,const unsigned char **pp,long length);
 
 int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
 
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+/* Flags returned by X509_get_signature_info(): valid and suitable for TLS. */
+#define X509_SIG_INFO_VALID	1
+#define X509_SIG_INFO_TLS	2
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+    uint32_t *flags);
+#endif
+
 void X509_get0_signature(const ASN1_BIT_STRING **psig,
     const X509_ALGOR **palg, const X509 *x);
 int X509_get_signature_nid(const X509 *x);

lib/libcrypto/x509/x509_conf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_conf.c,v 1.18 2024/06/24 06:32:04 tb Exp $ */
+/* $OpenBSD: x509_conf.c,v 1.22 2024/08/28 08:59:03 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -74,18 +74,11 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int nid,
     int crit, const char *value);
 static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
     int crit, int type, X509V3_CTX *ctx);
-static char *conf_lhash_get_string(void *db, const char *section,
-    const char *value);
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db,
-    const char *section);
 static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int nid,
     int crit, void *ext_struct);
 static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
     long *ext_len);
 
-/* CONF *conf:  Config file    */
-/* char *name:  Name    */
-/* char *value:  Value    */
 X509_EXTENSION *
 X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
     const char *value)
@@ -106,11 +99,8 @@ X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
 }
 LCRYPTO_ALIAS(X509V3_EXT_nconf);
 
-/* CONF *conf:  Config file    */
-/* char *value:  Value    */
 X509_EXTENSION *
-X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int nid,
-    const char *value)
+X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int nid, const char *value)
 {
 	int crit;
 	int ext_type;
@@ -123,11 +113,8 @@ X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int nid,
 }
 LCRYPTO_ALIAS(X509V3_EXT_nconf_nid);
 
-/* CONF *conf:  Config file    */
-/* char *value:  Value    */
 static X509_EXTENSION *
-do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int nid, int crit,
-    const char *value)
+do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int nid, int crit, const char *value)
 {
 	const X509V3_EXT_METHOD *method;
 	X509_EXTENSION *ext;
@@ -163,7 +150,7 @@ do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int nid, int crit,
 	} else if (method->s2i) {
 		ext_struct = method->s2i(method, ctx, value);
 	} else if (method->r2i) {
-		if (!ctx->db || !ctx->db_meth) {
+		if (ctx->db == NULL) {
 			X509V3error(X509V3_R_NO_CONFIG_DATABASE);
 			return NULL;
 		}
@@ -232,7 +219,6 @@ do_ext_i2d(const X509V3_EXT_METHOD *method, int nid, int crit,
 }
 
 /* Given an internal structure, nid and critical flag create an extension */
-
 X509_EXTENSION *
 X509V3_EXT_i2d(int nid, int crit, void *ext_struct)
 {
@@ -347,7 +333,8 @@ generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len)
 	return ext_der;
 }
 
-/* This is the main function: add a bunch of extensions based on a config file
+/*
+ * This is the main function: add a bunch of extensions based on a config file
  * section to an extension STACK.
  */
 
@@ -374,8 +361,6 @@ X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
 }
 LCRYPTO_ALIAS(X509V3_EXT_add_nconf_sk);
 
-/* Convenience functions to add extensions to a certificate, CRL and request */
-
 int
 X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
     X509 *cert)
@@ -388,8 +373,6 @@ X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
 }
 LCRYPTO_ALIAS(X509V3_EXT_add_nconf);
 
-/* Same as above but for a CRL */
-
 int
 X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
     X509_CRL *crl)
@@ -402,8 +385,6 @@ X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
 }
 LCRYPTO_ALIAS(X509V3_EXT_CRL_add_nconf);
 
-/* Add extensions to certificate request */
-
 int
 X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
     X509_REQ *req)
@@ -422,73 +403,44 @@ X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
 }
 LCRYPTO_ALIAS(X509V3_EXT_REQ_add_nconf);
 
-/* Config database functions */
-
+/* XXX - remove in next bump. */
 char *
 X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
 {
-	if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
-		X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
-		return NULL;
-	}
-	return ctx->db_meth->get_string(ctx->db, name, section);
+	X509V3error(ERR_R_DISABLED);
+	return NULL;
 }
 LCRYPTO_ALIAS(X509V3_get_string);
 
 STACK_OF(CONF_VALUE) *
 X509V3_get_section(X509V3_CTX *ctx, const char *section)
 {
-	if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
+	if (ctx->db == NULL) {
 		X509V3error(X509V3_R_OPERATION_NOT_DEFINED);
 		return NULL;
 	}
-	return ctx->db_meth->get_section(ctx->db, section);
+	return NCONF_get_section(ctx->db, section);
 }
 LCRYPTO_ALIAS(X509V3_get_section);
 
+/* XXX - remove in next bump. */
 void
 X509V3_string_free(X509V3_CTX *ctx, char *str)
 {
-	if (!str)
-		return;
-	if (ctx->db_meth->free_string)
-		ctx->db_meth->free_string(ctx->db, str);
+	return;
 }
 LCRYPTO_ALIAS(X509V3_string_free);
 
 void
 X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
 {
-	if (!section)
-		return;
-	if (ctx->db_meth->free_section)
-		ctx->db_meth->free_section(ctx->db, section);
+	return;
 }
 LCRYPTO_ALIAS(X509V3_section_free);
 
-static char *
-nconf_get_string(void *db, const char *section, const char *value)
-{
-	return NCONF_get_string(db, section, value);
-}
-
-static STACK_OF(CONF_VALUE) *
-nconf_get_section(void *db, const char *section)
-{
-	return NCONF_get_section(db, section);
-}
-
-static X509V3_CONF_METHOD nconf_method = {
-	nconf_get_string,
-	nconf_get_section,
-	NULL,
-	NULL
-};
-
 void
 X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
 {
-	ctx->db_meth = &nconf_method;
 	ctx->db = conf;
 }
 LCRYPTO_ALIAS(X509V3_set_nconf);
@@ -505,8 +457,6 @@ X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
 }
 LCRYPTO_ALIAS(X509V3_set_ctx);
 
-/* Old conf compatibility functions */
-
 X509_EXTENSION *
 X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name,
     const char *value)
@@ -518,8 +468,6 @@ X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name,
 }
 LCRYPTO_ALIAS(X509V3_EXT_conf);
 
-/* LHASH *conf:  Config file    */
-/* char *value:  Value    */
 X509_EXTENSION *
 X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int nid,
     const char *value)
@@ -531,30 +479,13 @@ X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int nid,
 }
 LCRYPTO_ALIAS(X509V3_EXT_conf_nid);
 
-static char *
-conf_lhash_get_string(void *db, const char *section, const char *value)
-{
-	return CONF_get_string(db, section, value);
-}
-
-static STACK_OF(CONF_VALUE) *
-conf_lhash_get_section(void *db, const char *section)
-{
-	return CONF_get_section(db, section);
-}
-
-static X509V3_CONF_METHOD conf_lhash_method = {
-	conf_lhash_get_string,
-	conf_lhash_get_section,
-	NULL,
-	NULL
-};
+/*
+ * XXX - remove everything below in the next bump.
+ */
 
 void
 X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
 {
-	ctx->db_meth = &conf_lhash_method;
-	ctx->db = lhash;
 }
 LCRYPTO_ALIAS(X509V3_set_conf_lhash);
 
@@ -562,35 +493,25 @@ int
 X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
     const char *section, X509 *cert)
 {
-	CONF ctmp;
-
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+	X509V3error(ERR_R_DISABLED);
+	return 0;
 }
 LCRYPTO_ALIAS(X509V3_EXT_add_conf);
 
-/* Same as above but for a CRL */
-
 int
 X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
     const char *section, X509_CRL *crl)
 {
-	CONF ctmp;
-
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+	X509V3error(ERR_R_DISABLED);
+	return 0;
 }
 LCRYPTO_ALIAS(X509V3_EXT_CRL_add_conf);
 
-/* Add extensions to certificate request */
-
 int
 X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
     const char *section, X509_REQ *req)
 {
-	CONF ctmp;
-
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+	X509V3error(ERR_R_DISABLED);
+	return 0;
 }
 LCRYPTO_ALIAS(X509V3_EXT_REQ_add_conf);

lib/libcrypto/x509/x509_siginfo.c

@@ -0,0 +1,113 @@
+/*	$OpenBSD: x509_siginfo.c,v 1.1 2024/08/28 07:15:04 tb Exp $ */
+
+/*
+ * Copyright (c) 2024 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+#include "evp_local.h"
+
+#include "x509_internal.h"
+
+static int
+x509_find_sigid_algs(const X509 *x509, int *out_md_nid, int *out_pkey_nid)
+{
+	const ASN1_OBJECT *aobj;
+	int nid;
+
+	*out_md_nid = NID_undef;
+	*out_pkey_nid = NID_undef;
+
+	X509_ALGOR_get0(&aobj, NULL, NULL, x509->sig_alg);
+	if ((nid = OBJ_obj2nid(aobj)) == NID_undef)
+		return 0;
+
+	return OBJ_find_sigid_algs(nid, out_md_nid, out_pkey_nid);
+}
+
+int
+X509_get_signature_info(X509 *x509, int *out_md_nid, int *out_pkey_nid,
+    int *out_security_bits, uint32_t *out_flags)
+{
+	const EVP_MD *md;
+	int md_nid = NID_undef, pkey_nid = NID_undef, security_bits = -1;
+	uint32_t flags = 0;
+
+	if (out_md_nid != NULL)
+		*out_md_nid = md_nid;
+	if (out_pkey_nid != NULL)
+		*out_pkey_nid = pkey_nid;
+	if (out_security_bits != NULL)
+		*out_security_bits = security_bits;
+	if (out_flags != NULL)
+		*out_flags = flags;
+
+	if (!x509v3_cache_extensions(x509))
+		goto err;
+
+	if (!x509_find_sigid_algs(x509, &md_nid, &pkey_nid))
+		goto err;
+
+	/*
+	 * If md_nid == NID_undef, this means we need to consult the ameth.
+	 * Handlers are available for EdDSA and RSA-PSS. No other signature
+	 * algorithm with NID_undef should appear in a certificate.
+	 */
+	if (md_nid == NID_undef) {
+		const EVP_PKEY_ASN1_METHOD *ameth;
+
+		if ((ameth = EVP_PKEY_asn1_find(NULL, pkey_nid)) == NULL ||
+		    ameth->signature_info == NULL)
+			goto err;
+
+		if (!ameth->signature_info(x509->sig_alg, &md_nid, &pkey_nid,
+		    &security_bits, &flags))
+			goto err;
+
+		goto done;
+	}
+
+	/* XXX - OpenSSL 3 special cases SHA-1 (63 bits) and MD5 (39 bits). */
+	if ((md = EVP_get_digestbynid(md_nid)) == NULL)
+		goto err;
+
+	/* Assume 4 bits of collision resistance per octet. */
+	if ((security_bits = EVP_MD_size(md)) <= 0)
+		goto err;
+	security_bits *= 4;
+
+	if (md_nid == NID_sha1 || md_nid == NID_sha256 ||
+	    md_nid == NID_sha384 || md_nid == NID_sha512)
+		flags |= X509_SIG_INFO_TLS;
+
+	flags |= X509_SIG_INFO_VALID;
+
+ done:
+	if (out_md_nid != NULL)
+		*out_md_nid = md_nid;
+	if (out_pkey_nid != NULL)
+		*out_pkey_nid = pkey_nid;
+	if (out_security_bits != NULL)
+		*out_security_bits = security_bits;
+	if (out_flags != NULL)
+		*out_flags = flags;
+
+ err:
+	return (flags & X509_SIG_INFO_VALID) != 0;
+}
+LCRYPTO_ALIAS(X509_get_signature_info);

lib/libcrypto/x509/x509_vfy.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.144 2024/08/04 08:15:36 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.145 2024/08/28 07:37:50 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2541,28 +2541,11 @@ check_key_level(X509_STORE_CTX *ctx, X509 *cert)
 static int
 check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
 {
-	const EVP_MD *md;
-	int bits, nid, md_nid;
+	int bits;
 
-	if ((nid = X509_get_signature_nid(cert)) == NID_undef)
+	if (!X509_get_signature_info(cert, NULL, NULL, &bits, NULL))
 		return 0;
 
-	/*
-	 * Look up signature algorithm digest.
-	 */
-
-	if (!OBJ_find_sigid_algs(nid, &md_nid, NULL))
-		return 0;
-
-	if (md_nid == NID_undef)
-		return 0;
-
-	if ((md = EVP_get_digestbynid(md_nid)) == NULL)
-		return 0;
-
-	/* Assume 4 bits of collision resistance for each hash octet. */
-	bits = EVP_MD_size(md) * 4;
-
 	return enough_bits_for_security_level(bits, ctx->param->security_level);
 }
 

lib/libcrypto/x509/x509v3.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509v3.h,v 1.29 2024/03/02 10:43:52 tb Exp $ */
+/* $OpenBSD: x509v3.h,v 1.30 2024/08/28 08:22:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -120,6 +120,7 @@ struct v3_ext_method {
 	void *usr_data;	/* Any extension specific data */
 };
 
+/* XXX - remove in next bump. */
 typedef struct X509V3_CONF_METHOD_st {
 	char *(*get_string)(void *db, const char *section, const char *value);
 	STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section);
@@ -127,7 +128,6 @@ typedef struct X509V3_CONF_METHOD_st {
 	void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
 } X509V3_CONF_METHOD;
 
-/* Context specific info */
 struct v3_ext_ctx {
 	#define CTX_TEST 0x1
 	int flags;
@@ -135,9 +135,8 @@ struct v3_ext_ctx {
 	X509 *subject_cert;
 	X509_REQ *subject_req;
 	X509_CRL *crl;
-	X509V3_CONF_METHOD *db_meth;
+	X509V3_CONF_METHOD *db_meth;	/* XXX - remove in next bump. */
 	void *db;
-	/* Maybe more here */
 };
 
 typedef struct v3_ext_method X509V3_EXT_METHOD;