diff options
| author | tb <> | 2022-06-27 12:36:06 +0000 |
|---|---|---|
| committer | tb <> | 2022-06-27 12:36:06 +0000 |
| commit | 3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc (patch) | |
| tree | 1ce3c6ef198c92eb3730b767a8f90f5a0e5f1ac1 /src | |
| parent | e9bc35a6d120c0aa1f30feafb92222df91771dbd (diff) | |
| download | openbsd-3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc.tar.gz openbsd-3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc.tar.bz2 openbsd-3a9b1012fb6b57946e4cf3ee7b795a4bdcb905cc.zip | |
Prepare to provide EVP_PKEY_security_bits()
This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().
ok beck jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/asn1/ameth_lib.c | 9 | ||||
| -rw-r--r-- | src/lib/libcrypto/asn1/asn1_locl.h | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/dh/dh_ameth.c | 9 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_ameth.c | 9 | ||||
| -rw-r--r-- | src/lib/libcrypto/ec/ec_ameth.c | 22 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/evp.h | 9 | ||||
| -rw-r--r-- | src/lib/libcrypto/evp/p_lib.c | 13 | ||||
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_ameth.c | 9 |
8 files changed, 75 insertions, 8 deletions
diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c index 8ff5a35d78..313440e06a 100644 --- a/src/lib/libcrypto/asn1/ameth_lib.c +++ b/src/lib/libcrypto/asn1/ameth_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ameth_lib.c,v 1.25 2022/01/10 12:10:26 tb Exp $ */ | 1 | /* $OpenBSD: ameth_lib.c,v 1.26 2022/06/27 12:36:05 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -431,6 +431,13 @@ EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, | |||
| 431 | } | 431 | } |
| 432 | 432 | ||
| 433 | void | 433 | void |
| 434 | EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, | ||
| 435 | int (*pkey_security_bits)(const EVP_PKEY *pkey)) | ||
| 436 | { | ||
| 437 | ameth->pkey_security_bits = pkey_security_bits; | ||
| 438 | } | ||
| 439 | |||
| 440 | void | ||
| 434 | EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, | 441 | EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, |
| 435 | int (*pkey_check)(const EVP_PKEY *pk)) | 442 | int (*pkey_check)(const EVP_PKEY *pk)) |
| 436 | { | 443 | { |
diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h index 2d007061f2..a0a1842d99 100644 --- a/src/lib/libcrypto/asn1/asn1_locl.h +++ b/src/lib/libcrypto/asn1/asn1_locl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: asn1_locl.h,v 1.33 2022/06/25 15:39:12 jsing Exp $ */ | 1 | /* $OpenBSD: asn1_locl.h,v 1.34 2022/06/27 12:36:05 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -112,6 +112,7 @@ struct evp_pkey_asn1_method_st { | |||
| 112 | 112 | ||
| 113 | int (*pkey_size)(const EVP_PKEY *pk); | 113 | int (*pkey_size)(const EVP_PKEY *pk); |
| 114 | int (*pkey_bits)(const EVP_PKEY *pk); | 114 | int (*pkey_bits)(const EVP_PKEY *pk); |
| 115 | int (*pkey_security_bits)(const EVP_PKEY *pk); | ||
| 115 | 116 | ||
| 116 | int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, | 117 | int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, |
| 117 | int derlen); | 118 | int derlen); |
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c index 0df7fbc739..3701946cef 100644 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ b/src/lib/libcrypto/dh/dh_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh_ameth.c,v 1.23 2022/01/20 11:00:34 inoguchi Exp $ */ | 1 | /* $OpenBSD: dh_ameth.c,v 1.24 2022/06/27 12:36:05 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -398,6 +398,12 @@ dh_bits(const EVP_PKEY *pkey) | |||
| 398 | } | 398 | } |
| 399 | 399 | ||
| 400 | static int | 400 | static int |
| 401 | dh_security_bits(const EVP_PKEY *pkey) | ||
| 402 | { | ||
| 403 | return DH_security_bits(pkey->pkey.dh); | ||
| 404 | } | ||
| 405 | |||
| 406 | static int | ||
| 401 | dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) | 407 | dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) |
| 402 | { | 408 | { |
| 403 | if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) || | 409 | if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) || |
| @@ -512,6 +518,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { | |||
| 512 | 518 | ||
| 513 | .pkey_size = int_dh_size, | 519 | .pkey_size = int_dh_size, |
| 514 | .pkey_bits = dh_bits, | 520 | .pkey_bits = dh_bits, |
| 521 | .pkey_security_bits = dh_security_bits, | ||
| 515 | 522 | ||
| 516 | .param_decode = dh_param_decode, | 523 | .param_decode = dh_param_decode, |
| 517 | .param_encode = dh_param_encode, | 524 | .param_encode = dh_param_encode, |
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c index 0af17dbbe6..372966b3c3 100644 --- a/src/lib/libcrypto/dsa/dsa_ameth.c +++ b/src/lib/libcrypto/dsa/dsa_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_ameth.c,v 1.36 2022/05/07 10:31:28 tb Exp $ */ | 1 | /* $OpenBSD: dsa_ameth.c,v 1.37 2022/06/27 12:36:05 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -306,6 +306,12 @@ dsa_bits(const EVP_PKEY *pkey) | |||
| 306 | } | 306 | } |
| 307 | 307 | ||
| 308 | static int | 308 | static int |
| 309 | dsa_security_bits(const EVP_PKEY *pkey) | ||
| 310 | { | ||
| 311 | return DSA_security_bits(pkey->pkey.dsa); | ||
| 312 | } | ||
| 313 | |||
| 314 | static int | ||
| 309 | dsa_missing_parameters(const EVP_PKEY *pkey) | 315 | dsa_missing_parameters(const EVP_PKEY *pkey) |
| 310 | { | 316 | { |
| 311 | DSA *dsa; | 317 | DSA *dsa; |
| @@ -716,6 +722,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = { | |||
| 716 | 722 | ||
| 717 | .pkey_size = int_dsa_size, | 723 | .pkey_size = int_dsa_size, |
| 718 | .pkey_bits = dsa_bits, | 724 | .pkey_bits = dsa_bits, |
| 725 | .pkey_security_bits = dsa_security_bits, | ||
| 719 | 726 | ||
| 720 | .param_decode = dsa_param_decode, | 727 | .param_decode = dsa_param_decode, |
| 721 | .param_encode = dsa_param_encode, | 728 | .param_encode = dsa_param_encode, |
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index 59957afd3d..5c9a76c8be 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ec_ameth.c,v 1.32 2022/05/24 20:00:15 tb Exp $ */ | 1 | /* $OpenBSD: ec_ameth.c,v 1.33 2022/06/27 12:36:05 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -386,6 +386,25 @@ ec_bits(const EVP_PKEY * pkey) | |||
| 386 | return ret; | 386 | return ret; |
| 387 | } | 387 | } |
| 388 | 388 | ||
| 389 | static int | ||
| 390 | ec_security_bits(const EVP_PKEY *pkey) | ||
| 391 | { | ||
| 392 | int ecbits = ec_bits(pkey); | ||
| 393 | |||
| 394 | if (ecbits >= 512) | ||
| 395 | return 256; | ||
| 396 | if (ecbits >= 384) | ||
| 397 | return 192; | ||
| 398 | if (ecbits >= 256) | ||
| 399 | return 128; | ||
| 400 | if (ecbits >= 224) | ||
| 401 | return 112; | ||
| 402 | if (ecbits >= 160) | ||
| 403 | return 80; | ||
| 404 | |||
| 405 | return ecbits / 2; | ||
| 406 | } | ||
| 407 | |||
| 389 | static int | 408 | static int |
| 390 | ec_missing_parameters(const EVP_PKEY * pkey) | 409 | ec_missing_parameters(const EVP_PKEY * pkey) |
| 391 | { | 410 | { |
| @@ -1006,6 +1025,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { | |||
| 1006 | 1025 | ||
| 1007 | .pkey_size = int_ec_size, | 1026 | .pkey_size = int_ec_size, |
| 1008 | .pkey_bits = ec_bits, | 1027 | .pkey_bits = ec_bits, |
| 1028 | .pkey_security_bits = ec_security_bits, | ||
| 1009 | 1029 | ||
| 1010 | .param_decode = eckey_param_decode, | 1030 | .param_decode = eckey_param_decode, |
| 1011 | .param_encode = eckey_param_encode, | 1031 | .param_encode = eckey_param_encode, |
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index c7942cc12a..a48b81c915 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: evp.h,v 1.100 2022/05/05 08:48:50 tb Exp $ */ | 1 | /* $OpenBSD: evp.h,v 1.101 2022/06/27 12:36:05 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -769,6 +769,9 @@ int EVP_PKEY_type(int type); | |||
| 769 | int EVP_PKEY_id(const EVP_PKEY *pkey); | 769 | int EVP_PKEY_id(const EVP_PKEY *pkey); |
| 770 | int EVP_PKEY_base_id(const EVP_PKEY *pkey); | 770 | int EVP_PKEY_base_id(const EVP_PKEY *pkey); |
| 771 | int EVP_PKEY_bits(const EVP_PKEY *pkey); | 771 | int EVP_PKEY_bits(const EVP_PKEY *pkey); |
| 772 | #ifdef LIBRESSL_INTERNAL | ||
| 773 | int EVP_PKEY_security_bits(const EVP_PKEY *pkey); | ||
| 774 | #endif | ||
| 772 | int EVP_PKEY_size(const EVP_PKEY *pkey); | 775 | int EVP_PKEY_size(const EVP_PKEY *pkey); |
| 773 | int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); | 776 | int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); |
| 774 | int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); | 777 | int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); |
| @@ -931,6 +934,10 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, | |||
| 931 | void (*pkey_free)(EVP_PKEY *pkey)); | 934 | void (*pkey_free)(EVP_PKEY *pkey)); |
| 932 | void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, | 935 | void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, |
| 933 | int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)); | 936 | int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)); |
| 937 | #ifdef LIBRESSL_INTERNAL | ||
| 938 | void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, | ||
| 939 | int (*pkey_security_bits)(const EVP_PKEY *pkey)); | ||
| 940 | #endif | ||
| 934 | 941 | ||
| 935 | void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, | 942 | void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth, |
| 936 | int (*pkey_check)(const EVP_PKEY *pk)); | 943 | int (*pkey_check)(const EVP_PKEY *pk)); |
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index cdd38e4e30..b6cef5a14c 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: p_lib.c,v 1.28 2022/01/20 11:06:24 inoguchi Exp $ */ | 1 | /* $OpenBSD: p_lib.c,v 1.29 2022/06/27 12:36:05 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -95,6 +95,17 @@ EVP_PKEY_bits(const EVP_PKEY *pkey) | |||
| 95 | } | 95 | } |
| 96 | 96 | ||
| 97 | int | 97 | int |
| 98 | EVP_PKEY_security_bits(const EVP_PKEY *pkey) | ||
| 99 | { | ||
| 100 | if (pkey == NULL) | ||
| 101 | return 0; | ||
| 102 | if (pkey->ameth == NULL || pkey->ameth->pkey_security_bits == NULL) | ||
| 103 | return -2; | ||
| 104 | |||
| 105 | return pkey->ameth->pkey_security_bits(pkey); | ||
| 106 | } | ||
| 107 | |||
| 108 | int | ||
| 98 | EVP_PKEY_size(const EVP_PKEY *pkey) | 109 | EVP_PKEY_size(const EVP_PKEY *pkey) |
| 99 | { | 110 | { |
| 100 | if (pkey && pkey->ameth && pkey->ameth->pkey_size) | 111 | if (pkey && pkey->ameth && pkey->ameth->pkey_size) |
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c index 57fe46a976..448458f846 100644 --- a/src/lib/libcrypto/rsa/rsa_ameth.c +++ b/src/lib/libcrypto/rsa/rsa_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_ameth.c,v 1.25 2022/01/10 11:52:43 tb Exp $ */ | 1 | /* $OpenBSD: rsa_ameth.c,v 1.26 2022/06/27 12:36:06 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -271,6 +271,12 @@ rsa_bits(const EVP_PKEY *pkey) | |||
| 271 | return BN_num_bits(pkey->pkey.rsa->n); | 271 | return BN_num_bits(pkey->pkey.rsa->n); |
| 272 | } | 272 | } |
| 273 | 273 | ||
| 274 | static int | ||
| 275 | rsa_security_bits(const EVP_PKEY *pkey) | ||
| 276 | { | ||
| 277 | return RSA_security_bits(pkey->pkey.rsa); | ||
| 278 | } | ||
| 279 | |||
| 274 | static void | 280 | static void |
| 275 | int_rsa_free(EVP_PKEY *pkey) | 281 | int_rsa_free(EVP_PKEY *pkey) |
| 276 | { | 282 | { |
| @@ -1103,6 +1109,7 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { | |||
| 1103 | 1109 | ||
| 1104 | .pkey_size = int_rsa_size, | 1110 | .pkey_size = int_rsa_size, |
| 1105 | .pkey_bits = rsa_bits, | 1111 | .pkey_bits = rsa_bits, |
| 1112 | .pkey_security_bits = rsa_security_bits, | ||
| 1106 | 1113 | ||
| 1107 | .sig_print = rsa_sig_print, | 1114 | .sig_print = rsa_sig_print, |
| 1108 | 1115 | ||