Add functions returning security bits.

Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.

3 files changed, 20 insertions, 0 deletions

diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 0cbb32e336..8e8f87dfdc 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -202,6 +202,7 @@ DH *	DH_new(void);
 void	DH_free(DH *dh);
 int	DH_up_ref(DH *dh);
 int	DH_size(const DH *dh);
+int	DH_security_bits(const DH *dh);
 int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int DH_set_ex_data(DH *d, int idx, void *arg);
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index 2b0035cd0a..ce1edcb0d9 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -448,6 +448,11 @@ static int dh_bits(const EVP_PKEY *pkey)
 	return BN_num_bits(pkey->pkey.dh->p);
 	}
 
+static int dh_security_bits(const EVP_PKEY *pkey)
+	{
+	return DH_security_bits(pkey->pkey.dh);
+	}
+
 static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
 	{
 	if (	BN_cmp(a->pkey.dh->p,b->pkey.dh->p) ||
@@ -620,6 +625,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth =
 
 	int_dh_size,
 	dh_bits,
+	dh_security_bits,
 
 	dh_param_decode,
 	dh_param_encode,
@@ -653,6 +659,7 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth =
 
 	int_dh_size,
 	dh_bits,
+	dh_security_bits,
 
 	dh_param_decode,
 	dh_param_encode,
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 7aef080e7a..83b3dc50c1 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -245,3 +245,15 @@ int DH_size(const DH *dh)
 	{
 	return(BN_num_bytes(dh->p));
 	}
+
+int DH_security_bits(const DH *dh)
+	{
+	int N;
+	if (dh->q)
+		N = BN_num_bits(dh->q);
+	else if (dh->length)
+		N = dh->length;
+	else
+		N = -1;
+	return BN_security_bits(BN_num_bits(dh->p), N);
+	}