Prepare to provide DH_security_bits()

ok beck jsing

2 files changed, 18 insertions, 2 deletions

diff --git a/lib/libcrypto/dh/dh.h b/lib/libcrypto/dh/dh.h
index ef104950294..c7f4d3fdd0f 100644
--- a/lib/libcrypto/dh/dh.h
+++ b/lib/libcrypto/dh/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.32 2022/01/14 08:25:44 tb Exp $ */
+/* $OpenBSD: dh.h,v 1.33 2022/06/27 12:31:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -143,6 +143,9 @@ int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int DH_set_ex_data(DH *d, int idx, void *arg);
 void *DH_get_ex_data(DH *d, int idx);
+#ifdef LIBRESSL_INTERNAL
+int DH_security_bits(const DH *dh);
+#endif
 
 ENGINE *DH_get0_engine(DH *d);
 void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
diff --git a/lib/libcrypto/dh/dh_lib.c b/lib/libcrypto/dh/dh_lib.c
index d4d0c9dda33..35a22d1ec82 100644
--- a/lib/libcrypto/dh/dh_lib.c
+++ b/lib/libcrypto/dh/dh_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_lib.c,v 1.36 2022/01/07 09:27:13 tb Exp $ */
+/* $OpenBSD: dh_lib.c,v 1.37 2022/06/27 12:31:38 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -245,6 +245,19 @@ DH_bits(const DH *dh)
 	return BN_num_bits(dh->p);
 }
 
+int
+DH_security_bits(const DH *dh)
+{
+	int N = -1;
+
+	if (dh->q != NULL)
+		N = BN_num_bits(dh->q);
+	else if (dh->length > 0)
+		N = dh->length;
+
+	return BN_security_bits(BN_num_bits(dh->p), N);
+}
+
 ENGINE *
 DH_get0_engine(DH *dh)
 {