From: tb Date: Mon, 27 Jun 2022 12:36:05 +0000 (+0000) Subject: Prepare to provide EVP_PKEY_security_bits() X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5cdf039891a30c7ea5f55bf9ee0f46abc4409746;p=openbsd Prepare to provide EVP_PKEY_security_bits() This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing --- diff --git a/lib/libcrypto/asn1/ameth_lib.c b/lib/libcrypto/asn1/ameth_lib.c index 8ff5a35d786..313440e06a4 100644 --- a/lib/libcrypto/asn1/ameth_lib.c +++ b/lib/libcrypto/asn1/ameth_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ameth_lib.c,v 1.25 2022/01/10 12:10:26 tb Exp $ */ +/* $OpenBSD: ameth_lib.c,v 1.26 2022/06/27 12:36:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -430,6 +430,13 @@ EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, ameth->pkey_ctrl = pkey_ctrl; } +void +EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits)(const EVP_PKEY *pkey)) +{ + ameth->pkey_security_bits = pkey_security_bits; +} + void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_check)(const EVP_PKEY *pk)) diff --git a/lib/libcrypto/asn1/asn1_locl.h b/lib/libcrypto/asn1/asn1_locl.h index 2d007061f21..a0a1842d991 100644 --- a/lib/libcrypto/asn1/asn1_locl.h +++ b/lib/libcrypto/asn1/asn1_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1_locl.h,v 1.33 2022/06/25 15:39:12 jsing Exp $ */ +/* $OpenBSD: asn1_locl.h,v 1.34 2022/06/27 12:36:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -112,6 +112,7 @@ struct evp_pkey_asn1_method_st { int (*pkey_size)(const EVP_PKEY *pk); int (*pkey_bits)(const EVP_PKEY *pk); + int (*pkey_security_bits)(const EVP_PKEY *pk); int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, int derlen); diff --git a/lib/libcrypto/dh/dh_ameth.c b/lib/libcrypto/dh/dh_ameth.c index 0df7fbc7391..3701946cef2 100644 --- a/lib/libcrypto/dh/dh_ameth.c +++ b/lib/libcrypto/dh/dh_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dh_ameth.c,v 1.23 2022/01/20 11:00:34 inoguchi Exp $ */ +/* $OpenBSD: dh_ameth.c,v 1.24 2022/06/27 12:36:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -397,6 +397,12 @@ dh_bits(const EVP_PKEY *pkey) return BN_num_bits(pkey->pkey.dh->p); } +static int +dh_security_bits(const EVP_PKEY *pkey) +{ + return DH_security_bits(pkey->pkey.dh); +} + static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) { @@ -512,6 +518,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { .pkey_size = int_dh_size, .pkey_bits = dh_bits, + .pkey_security_bits = dh_security_bits, .param_decode = dh_param_decode, .param_encode = dh_param_encode, diff --git a/lib/libcrypto/dsa/dsa_ameth.c b/lib/libcrypto/dsa/dsa_ameth.c index 0af17dbbe60..372966b3c36 100644 --- a/lib/libcrypto/dsa/dsa_ameth.c +++ b/lib/libcrypto/dsa/dsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsa_ameth.c,v 1.36 2022/05/07 10:31:28 tb Exp $ */ +/* $OpenBSD: dsa_ameth.c,v 1.37 2022/06/27 12:36:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -305,6 +305,12 @@ dsa_bits(const EVP_PKEY *pkey) return BN_num_bits(pkey->pkey.dsa->p); } +static int +dsa_security_bits(const EVP_PKEY *pkey) +{ + return DSA_security_bits(pkey->pkey.dsa); +} + static int dsa_missing_parameters(const EVP_PKEY *pkey) { @@ -716,6 +722,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = { .pkey_size = int_dsa_size, .pkey_bits = dsa_bits, + .pkey_security_bits = dsa_security_bits, .param_decode = dsa_param_decode, .param_encode = dsa_param_encode, diff --git a/lib/libcrypto/ec/ec_ameth.c b/lib/libcrypto/ec/ec_ameth.c index 59957afd3d3..5c9a76c8bee 100644 --- a/lib/libcrypto/ec/ec_ameth.c +++ b/lib/libcrypto/ec/ec_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_ameth.c,v 1.32 2022/05/24 20:00:15 tb Exp $ */ +/* $OpenBSD: ec_ameth.c,v 1.33 2022/06/27 12:36:05 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -386,6 +386,25 @@ ec_bits(const EVP_PKEY * pkey) return ret; } +static int +ec_security_bits(const EVP_PKEY *pkey) +{ + int ecbits = ec_bits(pkey); + + if (ecbits >= 512) + return 256; + if (ecbits >= 384) + return 192; + if (ecbits >= 256) + return 128; + if (ecbits >= 224) + return 112; + if (ecbits >= 160) + return 80; + + return ecbits / 2; +} + static int ec_missing_parameters(const EVP_PKEY * pkey) { @@ -1006,6 +1025,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { .pkey_size = int_ec_size, .pkey_bits = ec_bits, + .pkey_security_bits = ec_security_bits, .param_decode = eckey_param_decode, .param_encode = eckey_param_encode, diff --git a/lib/libcrypto/evp/evp.h b/lib/libcrypto/evp/evp.h index c7942cc12a5..a48b81c915f 100644 --- a/lib/libcrypto/evp/evp.h +++ b/lib/libcrypto/evp/evp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: evp.h,v 1.100 2022/05/05 08:48:50 tb Exp $ */ +/* $OpenBSD: evp.h,v 1.101 2022/06/27 12:36:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -769,6 +769,9 @@ int EVP_PKEY_type(int type); int EVP_PKEY_id(const EVP_PKEY *pkey); int EVP_PKEY_base_id(const EVP_PKEY *pkey); int EVP_PKEY_bits(const EVP_PKEY *pkey); +#ifdef LIBRESSL_INTERNAL +int EVP_PKEY_security_bits(const EVP_PKEY *pkey); +#endif int EVP_PKEY_size(const EVP_PKEY *pkey); int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); @@ -931,6 +934,10 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, void (*pkey_free)(EVP_PKEY *pkey)); void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)); +#ifdef LIBRESSL_INTERNAL +void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_security_bits)(const EVP_PKEY *pkey)); +#endif void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, int (*pkey_check)(const EVP_PKEY *pk)); diff --git a/lib/libcrypto/evp/p_lib.c b/lib/libcrypto/evp/p_lib.c index cdd38e4e30d..b6cef5a14c3 100644 --- a/lib/libcrypto/evp/p_lib.c +++ b/lib/libcrypto/evp/p_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: p_lib.c,v 1.28 2022/01/20 11:06:24 inoguchi Exp $ */ +/* $OpenBSD: p_lib.c,v 1.29 2022/06/27 12:36:05 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -94,6 +94,17 @@ EVP_PKEY_bits(const EVP_PKEY *pkey) return 0; } +int +EVP_PKEY_security_bits(const EVP_PKEY *pkey) +{ + if (pkey == NULL) + return 0; + if (pkey->ameth == NULL || pkey->ameth->pkey_security_bits == NULL) + return -2; + + return pkey->ameth->pkey_security_bits(pkey); +} + int EVP_PKEY_size(const EVP_PKEY *pkey) { diff --git a/lib/libcrypto/rsa/rsa_ameth.c b/lib/libcrypto/rsa/rsa_ameth.c index 57fe46a9760..448458f8462 100644 --- a/lib/libcrypto/rsa/rsa_ameth.c +++ b/lib/libcrypto/rsa/rsa_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_ameth.c,v 1.25 2022/01/10 11:52:43 tb Exp $ */ +/* $OpenBSD: rsa_ameth.c,v 1.26 2022/06/27 12:36:06 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -271,6 +271,12 @@ rsa_bits(const EVP_PKEY *pkey) return BN_num_bits(pkey->pkey.rsa->n); } +static int +rsa_security_bits(const EVP_PKEY *pkey) +{ + return RSA_security_bits(pkey->pkey.rsa); +} + static void int_rsa_free(EVP_PKEY *pkey) { @@ -1103,6 +1109,7 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { .pkey_size = int_rsa_size, .pkey_bits = rsa_bits, + .pkey_security_bits = rsa_security_bits, .sig_print = rsa_sig_print,