Prepare to provide EVP_PKEY_security_bits()

This also provides a pkey_security_bits member to the PKEY ASN.1 methods and a corresponding setter EVP_PKEY_asn1_set_security_bits(). ok beck jsing
author: tb <> 2022-06-27 12:36:06 +0000
committer: tb <> 2022-06-27 12:36:06 +0000
commit: 89b19fa26965d5b4d261248d57a3cd0650dc01e1 (patch)
tree: 1ce3c6ef198c92eb3730b767a8f90f5a0e5f1ac1 /src/lib
parent: 1f814fdc3f1d1d90cbcbff70c5aadcf9da362c34 (diff)
download: openbsd-89b19fa26965d5b4d261248d57a3cd0650dc01e1.tar.gz
openbsd-89b19fa26965d5b4d261248d57a3cd0650dc01e1.tar.bz2
openbsd-89b19fa26965d5b4d261248d57a3cd0650dc01e1.zip
8 files changed, 75 insertions, 8 deletions
diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
index 8ff5a35d78..313440e06a 100644
--- a/src/lib/libcrypto/asn1/ameth_lib.c
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.25 2022/01/10 12:10:26 tb Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.26 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -431,6 +431,13 @@ EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 }
 void
+EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_security_bits)(const EVP_PKEY *pkey))
+{
+        ameth->pkey_security_bits = pkey_security_bits;
+}
+void
 EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
    int (*pkey_check)(const EVP_PKEY *pk))
 {
diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h
index 2d007061f2..a0a1842d99 100644
--- a/src/lib/libcrypto/asn1/asn1_locl.h
+++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_locl.h,v 1.33 2022/06/25 15:39:12 jsing Exp $ */
+/* $OpenBSD: asn1_locl.h,v 1.34 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -112,6 +112,7 @@ struct evp_pkey_asn1_method_st {
        int (*pkey_size)(const EVP_PKEY *pk);
        int (*pkey_bits)(const EVP_PKEY *pk);
+        int (*pkey_security_bits)(const EVP_PKEY *pk);
        int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,
            int derlen);
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index 0df7fbc739..3701946cef 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.23 2022/01/20 11:00:34 inoguchi Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.24 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -398,6 +398,12 @@ dh_bits(const EVP_PKEY *pkey)
 }
 static int
+dh_security_bits(const EVP_PKEY *pkey)
+{
+        return DH_security_bits(pkey->pkey.dh);
+}
+static int
 dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 {
        if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
@@ -512,6 +518,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
        .pkey_size = int_dh_size,
        .pkey_bits = dh_bits,
+        .pkey_security_bits = dh_security_bits,
        .param_decode = dh_param_decode,
        .param_encode = dh_param_encode,
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 0af17dbbe6..372966b3c3 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.36 2022/05/07 10:31:28 tb Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.37 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -306,6 +306,12 @@ dsa_bits(const EVP_PKEY *pkey)
 }
 static int
+dsa_security_bits(const EVP_PKEY *pkey)
+{
+        return DSA_security_bits(pkey->pkey.dsa);
+}
+static int
 dsa_missing_parameters(const EVP_PKEY *pkey)
 {
        DSA *dsa;
@@ -716,6 +722,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
                .pkey_size = int_dsa_size,
                .pkey_bits = dsa_bits,
+                .pkey_security_bits = dsa_security_bits,
                .param_decode = dsa_param_decode,
                .param_encode = dsa_param_encode,
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 59957afd3d..5c9a76c8be 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.32 2022/05/24 20:00:15 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.33 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -386,6 +386,25 @@ ec_bits(const EVP_PKEY * pkey)
        return ret;
 }
+static int
+ec_security_bits(const EVP_PKEY *pkey)
+{
+        int ecbits = ec_bits(pkey);
+        if (ecbits >= 512)
+                return 256;
+        if (ecbits >= 384)
+                return 192;
+        if (ecbits >= 256)
+                return 128;
+        if (ecbits >= 224)
+                return 112;
+        if (ecbits >= 160)
+                return 80;
+        return ecbits / 2;
+}
 static int 
 ec_missing_parameters(const EVP_PKEY * pkey)
 {
@@ -1006,6 +1025,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
        .pkey_size = int_ec_size,
        .pkey_bits = ec_bits,
+        .pkey_security_bits = ec_security_bits,
        .param_decode = eckey_param_decode,
        .param_encode = eckey_param_encode,
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index c7942cc12a..a48b81c915 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.100 2022/05/05 08:48:50 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.101 2022/06/27 12:36:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -769,6 +769,9 @@ int EVP_PKEY_type(int type);
 int EVP_PKEY_id(const EVP_PKEY *pkey);
 int EVP_PKEY_base_id(const EVP_PKEY *pkey);
 int EVP_PKEY_bits(const EVP_PKEY *pkey);
+#ifdef LIBRESSL_INTERNAL
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
+#endif
 int EVP_PKEY_size(const EVP_PKEY *pkey);
 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
 int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
@@ -931,6 +934,10 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
    void (*pkey_free)(EVP_PKEY *pkey));
 void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
    int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2));
+#ifdef LIBRESSL_INTERNAL
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_security_bits)(const EVP_PKEY *pkey));
+#endif
 void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
    int (*pkey_check)(const EVP_PKEY *pk));
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index cdd38e4e30..b6cef5a14c 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.28 2022/01/20 11:06:24 inoguchi Exp $ */
+/* $OpenBSD: p_lib.c,v 1.29 2022/06/27 12:36:05 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -95,6 +95,17 @@ EVP_PKEY_bits(const EVP_PKEY *pkey)
 }
 int
+EVP_PKEY_security_bits(const EVP_PKEY *pkey)
+{
+        if (pkey == NULL)
+                return 0;
+        if (pkey->ameth == NULL || pkey->ameth->pkey_security_bits == NULL)
+                return -2;
+        return pkey->ameth->pkey_security_bits(pkey);
+}
+int
 EVP_PKEY_size(const EVP_PKEY *pkey)
 {
        if (pkey && pkey->ameth && pkey->ameth->pkey_size)
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index 57fe46a976..448458f846 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.25 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.26 2022/06/27 12:36:06 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -271,6 +271,12 @@ rsa_bits(const EVP_PKEY *pkey)
        return BN_num_bits(pkey->pkey.rsa->n);
 }
+static int
+rsa_security_bits(const EVP_PKEY *pkey)
+{
+        return RSA_security_bits(pkey->pkey.rsa);
+}
 static void
 int_rsa_free(EVP_PKEY *pkey)
 {
@@ -1103,6 +1109,7 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
                .pkey_size = int_rsa_size,
                .pkey_bits = rsa_bits,
+                .pkey_security_bits = rsa_security_bits,
                .sig_print = rsa_sig_print,
author	tb <>	2022-06-27 12:36:06 +0000
committer	tb <>	2022-06-27 12:36:06 +0000
commit	89b19fa26965d5b4d261248d57a3cd0650dc01e1 (patch)
tree	1ce3c6ef198c92eb3730b767a8f90f5a0e5f1ac1 /src/lib
parent	1f814fdc3f1d1d90cbcbff70c5aadcf9da362c34 (diff)
download	openbsd-89b19fa26965d5b4d261248d57a3cd0650dc01e1.tar.gz openbsd-89b19fa26965d5b4d261248d57a3cd0650dc01e1.tar.bz2 openbsd-89b19fa26965d5b4d261248d57a3cd0650dc01e1.zip