Prepare to provide EVP_PKEY_security_bits()

This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().

ok beck jsing

diff --git a/lib/libcrypto/asn1/ameth_lib.c b/lib/libcrypto/asn1/ameth_lib.c
index 8ff5a35..313440e 100644 (file)
--- a/lib/libcrypto/asn1/ameth_lib.c
+++ b/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.25 2022/01/10 12:10:26 tb Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.26 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -430,6 +430,13 @@ EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
        ameth->pkey_ctrl = pkey_ctrl;
 }
 
+void
+EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_security_bits)(const EVP_PKEY *pkey))
+{
+       ameth->pkey_security_bits = pkey_security_bits;
+}
+
 void
 EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
     int (*pkey_check)(const EVP_PKEY *pk))

diff --git a/lib/libcrypto/asn1/asn1_locl.h b/lib/libcrypto/asn1/asn1_locl.h
index 2d00706..a0a1842 100644 (file)
--- a/lib/libcrypto/asn1/asn1_locl.h
+++ b/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_locl.h,v 1.33 2022/06/25 15:39:12 jsing Exp $ */
+/* $OpenBSD: asn1_locl.h,v 1.34 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -112,6 +112,7 @@ struct evp_pkey_asn1_method_st {
 
        int (*pkey_size)(const EVP_PKEY *pk);
        int (*pkey_bits)(const EVP_PKEY *pk);
+       int (*pkey_security_bits)(const EVP_PKEY *pk);
 
        int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,
            int derlen);

diff --git a/lib/libcrypto/dh/dh_ameth.c b/lib/libcrypto/dh/dh_ameth.c
index 0df7fbc..3701946 100644 (file)
--- a/lib/libcrypto/dh/dh_ameth.c
+++ b/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.23 2022/01/20 11:00:34 inoguchi Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.24 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -397,6 +397,12 @@ dh_bits(const EVP_PKEY *pkey)
        return BN_num_bits(pkey->pkey.dh->p);
 }
 
+static int
+dh_security_bits(const EVP_PKEY *pkey)
+{
+       return DH_security_bits(pkey->pkey.dh);
+}
+
 static int
 dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 {
@@ -512,6 +518,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
 
        .pkey_size = int_dh_size,
        .pkey_bits = dh_bits,
+       .pkey_security_bits = dh_security_bits,
 
        .param_decode = dh_param_decode,
        .param_encode = dh_param_encode,

diff --git a/lib/libcrypto/dsa/dsa_ameth.c b/lib/libcrypto/dsa/dsa_ameth.c
index 0af17db..372966b 100644 (file)
--- a/lib/libcrypto/dsa/dsa_ameth.c
+++ b/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.36 2022/05/07 10:31:28 tb Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.37 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -305,6 +305,12 @@ dsa_bits(const EVP_PKEY *pkey)
        return BN_num_bits(pkey->pkey.dsa->p);
 }
 
+static int
+dsa_security_bits(const EVP_PKEY *pkey)
+{
+       return DSA_security_bits(pkey->pkey.dsa);
+}
+
 static int
 dsa_missing_parameters(const EVP_PKEY *pkey)
 {
@@ -716,6 +722,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
 
                .pkey_size = int_dsa_size,
                .pkey_bits = dsa_bits,
+               .pkey_security_bits = dsa_security_bits,
 
                .param_decode = dsa_param_decode,
                .param_encode = dsa_param_encode,

diff --git a/lib/libcrypto/ec/ec_ameth.c b/lib/libcrypto/ec/ec_ameth.c
index 59957af..5c9a76c 100644 (file)
--- a/lib/libcrypto/ec/ec_ameth.c
+++ b/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.32 2022/05/24 20:00:15 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.33 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -386,6 +386,25 @@ ec_bits(const EVP_PKEY * pkey)
        return ret;
 }
 
+static int
+ec_security_bits(const EVP_PKEY *pkey)
+{
+       int ecbits = ec_bits(pkey);
+
+       if (ecbits >= 512)
+               return 256;
+       if (ecbits >= 384)
+               return 192;
+       if (ecbits >= 256)
+               return 128;
+       if (ecbits >= 224)
+               return 112;
+       if (ecbits >= 160)
+               return 80;
+
+       return ecbits / 2;
+}
+
 static int 
 ec_missing_parameters(const EVP_PKEY * pkey)
 {
@@ -1006,6 +1025,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
 
        .pkey_size = int_ec_size,
        .pkey_bits = ec_bits,
+       .pkey_security_bits = ec_security_bits,
 
        .param_decode = eckey_param_decode,
        .param_encode = eckey_param_encode,

diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h
index c7942cc..a48b81c 100644 (file)
--- a/lib/libcrypto/evp/evp.h
+++ b/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.100 2022/05/05 08:48:50 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.101 2022/06/27 12:36:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -769,6 +769,9 @@ int EVP_PKEY_type(int type);
 int EVP_PKEY_id(const EVP_PKEY *pkey);
 int EVP_PKEY_base_id(const EVP_PKEY *pkey);
 int EVP_PKEY_bits(const EVP_PKEY *pkey);
+#ifdef LIBRESSL_INTERNAL
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
+#endif
 int EVP_PKEY_size(const EVP_PKEY *pkey);
 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
@@ -931,6 +934,10 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
     void (*pkey_free)(EVP_PKEY *pkey));
 void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
     int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2));
+#ifdef LIBRESSL_INTERNAL
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_security_bits)(const EVP_PKEY *pkey));
+#endif
 
 void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
     int (*pkey_check)(const EVP_PKEY *pk));

diff --git a/lib/libcrypto/evp/p_lib.c b/lib/libcrypto/evp/p_lib.c
index cdd38e4..b6cef5a 100644 (file)
--- a/lib/libcrypto/evp/p_lib.c
+++ b/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.28 2022/01/20 11:06:24 inoguchi Exp $ */
+/* $OpenBSD: p_lib.c,v 1.29 2022/06/27 12:36:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -94,6 +94,17 @@ EVP_PKEY_bits(const EVP_PKEY *pkey)
        return 0;
 }
 
+int
+EVP_PKEY_security_bits(const EVP_PKEY *pkey)
+{
+       if (pkey == NULL)
+               return 0;
+       if (pkey->ameth == NULL || pkey->ameth->pkey_security_bits == NULL)
+               return -2;
+
+       return pkey->ameth->pkey_security_bits(pkey);
+}
+
 int
 EVP_PKEY_size(const EVP_PKEY *pkey)
 {

diff --git a/lib/libcrypto/rsa/rsa_ameth.c b/lib/libcrypto/rsa/rsa_ameth.c
index 57fe46a..448458f 100644 (file)
--- a/lib/libcrypto/rsa/rsa_ameth.c
+++ b/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.25 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.26 2022/06/27 12:36:06 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -271,6 +271,12 @@ rsa_bits(const EVP_PKEY *pkey)
        return BN_num_bits(pkey->pkey.rsa->n);
 }
 
+static int
+rsa_security_bits(const EVP_PKEY *pkey)
+{
+       return RSA_security_bits(pkey->pkey.rsa);
+}
+
 static void
 int_rsa_free(EVP_PKEY *pkey)
 {
@@ -1103,6 +1109,7 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
 
                .pkey_size = int_rsa_size,
                .pkey_bits = rsa_bits,
+               .pkey_security_bits = rsa_security_bits,
 
                .sig_print = rsa_sig_print,