Add functions returning security bits.

Add functions to return the "bits of security" for various public key
algorithms. Based on SP800-57.

3 files changed, 12 insertions, 0 deletions

diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index 6010a954f0..add452b27c 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -234,6 +234,7 @@ void	DSA_free (DSA *r);
 /* "up" the DSA object's reference count */
 int	DSA_up_ref(DSA *r);
 int	DSA_size(const DSA *);
+int	DSA_security_bits(const DSA *d);
 	/* next 4 return -1 on error */
 int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
 int	DSA_sign(int type,const unsigned char *dgst,int dlen,
diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
index 6b1d52fab2..aa3f55e218 100644
--- a/crypto/dsa/dsa_ameth.c
+++ b/crypto/dsa/dsa_ameth.c
@@ -368,6 +368,11 @@ static int dsa_bits(const EVP_PKEY *pkey)
 	return BN_num_bits(pkey->pkey.dsa->p);
 	}
 
+static int dsa_security_bits(const EVP_PKEY *pkey)
+	{
+	return DSA_security_bits(pkey->pkey.dsa);
+	}
+
 static int dsa_missing_parameters(const EVP_PKEY *pkey)
 	{
 	DSA *dsa;
@@ -696,6 +701,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] =
 
 		int_dsa_size,
 		dsa_bits,
+		dsa_security_bits,
 
 		dsa_param_decode,
 		dsa_param_encode,
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index c9b25a0561..b78fadd467 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -272,6 +272,11 @@ void *DSA_get_ex_data(DSA *d, int idx)
 	return(CRYPTO_get_ex_data(&d->ex_data,idx));
 	}
 
+int DSA_security_bits(const DSA *d)
+	{
+	return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+	}
+
 #ifndef OPENSSL_NO_DH
 DH *DSA_dup_DH(const DSA *r)
 	{