Add functions returning security bits. (2514fa79) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/asn1/ameth_lib.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -462,3 +462,10 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
		{
		ameth->pkey_ctrl = pkey_ctrl;
		}

		void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
		int (pkey_security_bits)(const EVP_PKEY pk))
		{
		ameth->pkey_security_bits = pkey_security_bits;
		}

+1 −0

Original line number	Diff line number	Diff line
		@@ -122,6 +122,7 @@ struct evp_pkey_asn1_method_st

		int (pkey_size)(const EVP_PKEY pk);
		int (pkey_bits)(const EVP_PKEY pk);
		int (pkey_security_bits)(const EVP_PKEY pk);

		int (param_decode)(EVP_PKEY pkey,
		const unsigned char **pder, int derlen);

+1 −0

Original line number	Diff line number	Diff line
		@@ -420,6 +420,7 @@ int BN_rand_range(BIGNUM rnd, const BIGNUM range);
		int BN_pseudo_rand_range(BIGNUM rnd, const BIGNUM range);
		int BN_num_bits(const BIGNUM *a);
		int BN_num_bits_word(BN_ULONG l);
		int BN_security_bits(int L, int N);
		BIGNUM *BN_new(void);
		void BN_init(BIGNUM *);
		void BN_clear_free(BIGNUM *a);

+25 −0

Original line number	Diff line number	Diff line
		@@ -880,3 +880,28 @@ void BN_consttime_swap(BN_ULONG condition, BIGNUM a, BIGNUM b, int nwords)
		}
		#undef BN_CONSTTIME_SWAP
		}

		/* Bits of security, see SP800-57 */

		int BN_security_bits(int L, int N)
		{
		int secbits, bits;
		if (L >= 15360)
		secbits = 256;
		else if (L >= 7690)
		secbits = 192;
		else if (L >= 3072)
		secbits = 128;
		else if (L >= 2048)
		secbits = 112;
		else if (L >= 1024)
		secbits = 80;
		else
		return 0;
		if (N == -1)
		return secbits;
		bits = N / 2;
		if (bits < 80)
		return 0;
		return bits >= secbits ? secbits : bits;
		}

+1 −1

Original line number	Diff line number	Diff line
		@@ -87,7 +87,7 @@ const EVP_PKEY_ASN1_METHOD cmac_asn1_meth =
		0,0,0,

		cmac_size,
		0,
		0, 0,
		0,0,0,0,0,0,0,

		cmac_key_free,