From 89b19fa26965d5b4d261248d57a3cd0650dc01e1 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 27 Jun 2022 12:36:06 +0000
Subject: Prepare to provide EVP_PKEY_security_bits()

This also provides a pkey_security_bits member to the PKEY ASN.1 methods
and a corresponding setter EVP_PKEY_asn1_set_security_bits().

ok beck jsing
---
 src/lib/libcrypto/ec/ec_ameth.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

(limited to 'src/lib/libcrypto/ec/ec_ameth.c')

diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 59957afd3d..5c9a76c8be 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.32 2022/05/24 20:00:15 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.33 2022/06/27 12:36:05 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -386,6 +386,25 @@ ec_bits(const EVP_PKEY * pkey)
 	return ret;
 }
 
+static int
+ec_security_bits(const EVP_PKEY *pkey)
+{
+	int ecbits = ec_bits(pkey);
+
+	if (ecbits >= 512)
+		return 256;
+	if (ecbits >= 384)
+		return 192;
+	if (ecbits >= 256)
+		return 128;
+	if (ecbits >= 224)
+		return 112;
+	if (ecbits >= 160)
+		return 80;
+
+	return ecbits / 2;
+}
+
 static int 
 ec_missing_parameters(const EVP_PKEY * pkey)
 {
@@ -1006,6 +1025,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
 
 	.pkey_size = int_ec_size,
 	.pkey_bits = ec_bits,
+	.pkey_security_bits = ec_security_bits,
 
 	.param_decode = eckey_param_decode,
 	.param_encode = eckey_param_encode,
-- 
cgit v1.2.3-55-g6feb