Prepare to provide BN_security_bits()

ok beck jsing

diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h
index abf8cfc..5abd489 100644 (file)
--- a/lib/libcrypto/bn/bn.h
+++ b/lib/libcrypto/bn/bn.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn.h,v 1.52 2022/01/14 08:01:47 tb Exp $ */
+/* $OpenBSD: bn.h,v 1.53 2022/06/27 12:25:49 tb Exp $ */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -471,6 +471,10 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret,
 
 void   BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
 
+#ifdef LIBRESSL_INTERNAL
+int    BN_security_bits(int L, int N);
+#endif
+
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,

diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c
index 6e828f1..599a744 100644 (file)
--- a/lib/libcrypto/bn/bn_lib.c
+++ b/lib/libcrypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lib.c,v 1.53 2021/12/27 15:12:22 jsing Exp $ */
+/* $OpenBSD: bn_lib.c,v 1.54 2022/06/27 12:25:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1105,6 +1105,37 @@ BN_is_negative(const BIGNUM *a)
        return a->neg != 0;
 }
 
+/*
+ * Bits of security, see SP800-57, section 5.6.11, table 2.
+ */
+int
+BN_security_bits(int L, int N)
+{
+       int secbits, bits;
+
+       if (L >= 15360)
+               secbits = 256;
+       else if (L >= 7680)
+               secbits = 192;
+       else if (L >= 3072)
+               secbits = 128;
+       else if (L >= 2048)
+               secbits = 112;
+       else if (L >= 1024)
+               secbits = 80;
+       else
+               return 0;
+
+       if (N == -1)
+               return secbits;
+
+       bits = N / 2;
+       if (bits < 80)
+               return 0;
+
+       return bits >= secbits ? secbits : bits;
+}
+
 BN_GENCB *
 BN_GENCB_new(void)
 {