Minor symbols to work with Ruby's mainline

crypto/fipsmodule/evp/digestsign.c

@@ -363,3 +363,15 @@ void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx) {
     ctx->flags &= ~EVP_MD_CTX_FLAG_KEEP_PKEY_CTX;
   }
 }
+
+EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx) {
+  SET_DIT_AUTO_RESET;
+  if(ctx == NULL) {
+    return NULL;
+  }
+  return ctx->pctx;
+}
+
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) {
+  return EVP_MD_CTX_get_pkey_ctx(ctx);
+}

include/openssl/digest.h

@@ -318,6 +318,12 @@ OPENSSL_EXPORT int EVP_MD_nid(const EVP_MD *md);
 OPENSSL_EXPORT void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx,
                                             EVP_PKEY_CTX *pctx);
 
+// EVP_MD_CTX_get_pkey_ctx returns the pointer of |ctx|'s |EVP_PKEY_CTX|.
+OPENSSL_EXPORT EVP_PKEY_CTX *EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx);
+
+// EVP_MD_CTX_pkey_ctx is a legacy alias of |EVP_MD_CTX_get_pkey_ctx|.
+OPENSSL_EXPORT EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+
 struct evp_md_pctx_ops;
 
 struct env_md_ctx_st {

include/openssl/x509.h

@@ -2731,6 +2731,11 @@ OPENSSL_EXPORT void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
 #define X509_V_ERR_INVALID_CALL 65
 #define X509_V_ERR_STORE_LOOKUP 66
 #define X509_V_ERR_NAME_CONSTRAINTS_WITHOUT_SANS 67
+// The following error codes are related to security levels in OpenSSL and are
+// unused in AWS-LC. See |SSL_CTX_set_security_level|.
+#define X509_V_ERR_EE_KEY_TOO_SMALL 68
+#define X509_V_ERR_CA_KEY_TOO_SMALL 69
+#define X509_V_ERR_CA_MD_TOO_WEAK 70
 
 // X509_STORE_CTX_get_error, after |X509_verify_cert| returns, returns
 // |X509_V_OK| if verification succeeded or an |X509_V_ERR_*| describing why