1 files changed, 32 insertions, 1 deletions
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index 6e828f1e74..599a744822 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lib.c,v 1.53 2021/12/27 15:12:22 jsing Exp $ */
+/* $OpenBSD: bn_lib.c,v 1.54 2022/06/27 12:25:49 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1105,6 +1105,37 @@ BN_is_negative(const BIGNUM *a)
        return a->neg != 0;
 }
+/*
+ * Bits of security, see SP800-57, section 5.6.11, table 2.
+ */
+int
+BN_security_bits(int L, int N)
+{
+        int secbits, bits;
+        if (L >= 15360)
+                secbits = 256;
+        else if (L >= 7680)
+                secbits = 192;
+        else if (L >= 3072)
+                secbits = 128;
+        else if (L >= 2048)
+                secbits = 112;
+        else if (L >= 1024)
+                secbits = 80;
+        else
+                return 0;
+        if (N == -1)
+                return secbits;
+        bits = N / 2;
+        if (bits < 80)
+                return 0;
+        return bits >= secbits ? secbits : bits;
+}
 BN_GENCB *
 BN_GENCB_new(void)
 {

diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c index 6e828f1e74..599a744822 100644 --- a/src/lib/libcrypto/bn/bn_lib.c +++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_lib.c,v 1.53 2021/12/27 15:12:22 jsing Exp $ */	1	/* $OpenBSD: bn_lib.c,v 1.54 2022/06/27 12:25:49 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1105,6 +1105,37 @@ BN_is_negative(const BIGNUM *a)
1105	return a->neg != 0;	1105	return a->neg != 0;
1106	}	1106	}
1107		1107
		1108	/*
		1109	* Bits of security, see SP800-57, section 5.6.11, table 2.
		1110	*/
		1111	int
		1112	BN_security_bits(int L, int N)
		1113	{
		1114	int secbits, bits;
		1115
		1116	if (L >= 15360)
		1117	secbits = 256;
		1118	else if (L >= 7680)
		1119	secbits = 192;
		1120	else if (L >= 3072)
		1121	secbits = 128;
		1122	else if (L >= 2048)
		1123	secbits = 112;
		1124	else if (L >= 1024)
		1125	secbits = 80;
		1126	else
		1127	return 0;
		1128
		1129	if (N == -1)
		1130	return secbits;
		1131
		1132	bits = N / 2;
		1133	if (bits < 80)
		1134	return 0;
		1135
		1136	return bits >= secbits ? secbits : bits;
		1137	}
		1138
1108	BN_GENCB *	1139	BN_GENCB *
1109	BN_GENCB_new(void)	1140	BN_GENCB_new(void)
1110	{	1141	{