diff --git a/crypto/fipsmodule/evp/digestsign.c b/crypto/fipsmodule/evp/digestsign.c index 3441949a01..794e452301 100644 --- a/crypto/fipsmodule/evp/digestsign.c +++ b/crypto/fipsmodule/evp/digestsign.c @@ -363,3 +363,15 @@ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) { ctx->flags &= ~EVP_MD_CTX_FLAG_KEEP_PKEY_CTX; } } + +EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx) { + SET_DIT_AUTO_RESET; + if(ctx == NULL) { + return NULL; + } + return ctx->pctx; +} + +EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) { + return EVP_MD_CTX_get_pkey_ctx(ctx); +} diff --git a/include/openssl/digest.h b/include/openssl/digest.h index 8aeea40085..83d4189b71 100644 --- a/include/openssl/digest.h +++ b/include/openssl/digest.h @@ -318,6 +318,12 @@ OPENSSL_EXPORT int EVP_MD_nid(const EVP_MD *md); OPENSSL_EXPORT void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx); +// EVP_MD_CTX_get_pkey_ctx returns the pointer of |ctx|'s |EVP_PKEY_CTX|. +OPENSSL_EXPORT EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx); + +// EVP_MD_CTX_pkey_ctx is a legacy alias of |EVP_MD_CTX_get_pkey_ctx|. +OPENSSL_EXPORT EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx); + struct evp_md_pctx_ops; struct env_md_ctx_st { diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 688be12e8e..185d29b9d8 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -2731,6 +2731,11 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x); #define X509_V_ERR_INVALID_CALL 65 #define X509_V_ERR_STORE_LOOKUP 66 #define X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS 67 +// The following error codes are related to security levels in OpenSSL and are +// unused in AWS-LC. See |SSL_CTX_set_security_level|. +#define X509_V_ERR_EE_KEY_TOO_SMALL 68 +#define X509_V_ERR_CA_KEY_TOO_SMALL 69 +#define X509_V_ERR_CA_MD_TOO_WEAK 70 // X509_STORE_CTX_get_error, after |X509_verify_cert| returns, returns // |X509_V_OK| if verification succeeded or an |X509_V_ERR_*| describing why