Prepare to provide EVP_PKEY_security_bits()

This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing
author: tb <> 2022-06-27 12:36:06 +0000
committer: tb <> 2022-06-27 12:36:06 +0000
commit: 3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc (patch)
tree: 1ce3c6ef198c92eb3730b767a8f90f5a0e5f1ac1 /src/lib/libcrypto/ec/ec_ameth.c
parent: e9bc35a6d120c0aa1f30feafb92222df91771dbd (diff)
download: openbsd-3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc.tar.gz
openbsd-3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc.tar.bz2
openbsd-3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc.zip
1 files changed, 21 insertions, 1 deletions
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 59957afd3d..5c9a76c8be 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.32 2022/05/24 20:00:15 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.33 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -386,6 +386,25 @@ ec_bits(const EVP_PKEY * pkey)
        return ret;
 }
+static int
+ec_security_bits(const EVP_PKEY *pkey)
+{
+        int ecbits = ec_bits(pkey);
+        if (ecbits >= 512)
+                return 256;
+        if (ecbits >= 384)
+                return 192;
+        if (ecbits >= 256)
+                return 128;
+        if (ecbits >= 224)
+                return 112;
+        if (ecbits >= 160)
+                return 80;
+        return ecbits / 2;
+}
 static int 
 ec_missing_parameters(const EVP_PKEY * pkey)
 {
@@ -1006,6 +1025,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
        .pkey_size = int_ec_size,
        .pkey_bits = ec_bits,
+        .pkey_security_bits = ec_security_bits,
        .param_decode = eckey_param_decode,
        .param_encode = eckey_param_encode,
author	tb <>	2022-06-27 12:36:06 +0000
committer	tb <>	2022-06-27 12:36:06 +0000
commit	3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc (patch)
tree	1ce3c6ef198c92eb3730b767a8f90f5a0e5f1ac1 /src/lib/libcrypto/ec/ec_ameth.c
parent	e9bc35a6d120c0aa1f30feafb92222df91771dbd (diff)
download	openbsd-3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc.tar.gz openbsd-3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc.tar.bz2 openbsd-3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc.zip

diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index 59957afd3d..5c9a76c8be 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_ameth.c,v 1.32 2022/05/24 20:00:15 tb Exp $ */	1	/* $OpenBSD: ec_ameth.c,v 1.33 2022/06/27 12:36:05 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -386,6 +386,25 @@ ec_bits(const EVP_PKEY * pkey)
386	return ret;	386	return ret;
387	}	387	}
388		388
		389	static int
		390	ec_security_bits(const EVP_PKEY *pkey)
		391	{
		392	int ecbits = ec_bits(pkey);
		393
		394	if (ecbits >= 512)
		395	return 256;
		396	if (ecbits >= 384)
		397	return 192;
		398	if (ecbits >= 256)
		399	return 128;
		400	if (ecbits >= 224)
		401	return 112;
		402	if (ecbits >= 160)
		403	return 80;
		404
		405	return ecbits / 2;
		406	}
		407
389	static int	408	static int
390	ec_missing_parameters(const EVP_PKEY * pkey)	409	ec_missing_parameters(const EVP_PKEY * pkey)
391	{	410	{
@@ -1006,6 +1025,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
1006		1025
1007	.pkey_size = int_ec_size,	1026	.pkey_size = int_ec_size,
1008	.pkey_bits = ec_bits,	1027	.pkey_bits = ec_bits,
		1028	.pkey_security_bits = ec_security_bits,
1009		1029
1010	.param_decode = eckey_param_decode,	1030	.param_decode = eckey_param_decode,
1011	.param_encode = eckey_param_encode,	1031	.param_encode = eckey_param_encode,