From 2688c6a61bb735e6642cdcc206d1226cd81a1816 Mon Sep 17 00:00:00 2001 From: tb Date: Mon, 27 Jun 2022 12:25:49 +0000 Subject: [PATCH] Prepare to provide BN_security_bits() ok beck jsing --- lib/libcrypto/bn/bn.h | 6 +++++- lib/libcrypto/bn/bn_lib.c | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/lib/libcrypto/bn/bn.h b/lib/libcrypto/bn/bn.h index abf8cfcf700..5abd4890033 100644 --- a/lib/libcrypto/bn/bn.h +++ b/lib/libcrypto/bn/bn.h @@ -1,4 +1,4 @@ -/* $OpenBSD: bn.h,v 1.52 2022/01/14 08:01:47 tb Exp $ */ +/* $OpenBSD: bn.h,v 1.53 2022/06/27 12:25:49 tb Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -471,6 +471,10 @@ BIGNUM *BN_mod_sqrt(BIGNUM *ret, void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); +#ifdef LIBRESSL_INTERNAL +int BN_security_bits(int L, int N); +#endif + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, diff --git a/lib/libcrypto/bn/bn_lib.c b/lib/libcrypto/bn/bn_lib.c index 6e828f1e74e..599a7448226 100644 --- a/lib/libcrypto/bn/bn_lib.c +++ b/lib/libcrypto/bn/bn_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bn_lib.c,v 1.53 2021/12/27 15:12:22 jsing Exp $ */ +/* $OpenBSD: bn_lib.c,v 1.54 2022/06/27 12:25:49 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1105,6 +1105,37 @@ BN_is_negative(const BIGNUM *a) return a->neg != 0; } +/* + * Bits of security, see SP800-57, section 5.6.11, table 2. + */ +int +BN_security_bits(int L, int N) +{ + int secbits, bits; + + if (L >= 15360) + secbits = 256; + else if (L >= 7680) + secbits = 192; + else if (L >= 3072) + secbits = 128; + else if (L >= 2048) + secbits = 112; + else if (L >= 1024) + secbits = 80; + else + return 0; + + if (N == -1) + return secbits; + + bits = N / 2; + if (bits < 80) + return 0; + + return bits >= secbits ? secbits : bits; +} + BN_GENCB * BN_GENCB_new(void) { -- 2.20.1