Add functions returning security bits.

[openssl.git] / crypto / evp / p_lib.c
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c

index 939857fdb000b2b07694b1ddde47e3638a3d516d..42a8be1bb8afd6c4bc94d9936309e92abb133bdc 100644 (file)
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -89,6 +89,15 @@ int EVP_PKEY_bits(EVP_PKEY *pkey)
         return 0;
         }
  
         return 0;
         }
  
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey)
+       {
+       if (pkey == NULL)
+               return 0;
+       if (!pkey->ameth || !pkey->ameth->pkey_security_bits)
+               return -2;
+       return pkey->ameth->pkey_security_bits(pkey);
+       }
+
  int EVP_PKEY_size(EVP_PKEY *pkey)
         {
         if (pkey && pkey->ameth && pkey->ameth->pkey_size)
  int EVP_PKEY_size(EVP_PKEY *pkey)
         {
         if (pkey && pkey->ameth && pkey->ameth->pkey_size)
@@ -161,11 +170,20 @@ int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
         if (a->type != b->type)
                 return -1;
  
         if (a->type != b->type)
                 return -1;
  
-       if (EVP_PKEY_cmp_parameters(a, b) == 0)
-               return 0;
-
-       if (a->ameth && a->ameth->pub_cmp)
-               return a->ameth->pub_cmp(a, b);
+       if (a->ameth)
+               {
+               int ret;
+               /* Compare parameters if the algorithm has them */
+               if (a->ameth->param_cmp)
+                       {
+                       ret = a->ameth->param_cmp(a, b);
+                       if (ret <= 0)
+                               return ret;
+                       }
+
+               if (a->ameth->pub_cmp)
+                       return a->ameth->pub_cmp(a, b);
+               }
  
         return -2;
         }
  
         return -2;
         }
@@ -211,7 +229,10 @@ static int pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
  #ifndef OPENSSL_NO_ENGINE
                 /* If we have an ENGINE release it */
                 if (pkey->engine)
  #ifndef OPENSSL_NO_ENGINE
                 /* If we have an ENGINE release it */
                 if (pkey->engine)
+                       {
                         ENGINE_finish(pkey->engine);
                         ENGINE_finish(pkey->engine);
+                       pkey->engine = NULL;
+                       }
  #endif
                 }
         if (str)
  #endif
                 }
         if (str)
@@ -336,7 +357,7 @@ int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
  
  DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
         {
  
  DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
         {
-       if(pkey->type != EVP_PKEY_DH) {
+       if(pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
                 EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
                 return NULL;
         }
                 EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
                 return NULL;
         }
@@ -399,7 +420,10 @@ void EVP_PKEY_free(EVP_PKEY *x)
  static void EVP_PKEY_free_it(EVP_PKEY *x)
         {
         if (x->ameth && x->ameth->pkey_free)
  static void EVP_PKEY_free_it(EVP_PKEY *x)
         {
         if (x->ameth && x->ameth->pkey_free)
+               {
                 x->ameth->pkey_free(x);
                 x->ameth->pkey_free(x);
+               x->pkey.ptr = NULL;
+               }
  #ifndef OPENSSL_NO_ENGINE
         if (x->engine)
                 {
  #ifndef OPENSSL_NO_ENGINE
         if (x->engine)
                 {