Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Returns keysize in bits #691

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Returns keysize in bits #691

wants to merge 8 commits into from

Conversation

chrisliaw
Copy link

There are some situation the actual key size in bits are required, for example for display or analysis.

For EC/RSA etc, the key size is fixed which is not really useful. However recently I've been working on X25519 key and the key size is at odd 253, not at byte boundary. Projected there will more situation like this in coming use cases where key size in bit is more desirable especially when PQ key get involved.

The method keysize_in_bits() attached to OpenSSL::PKey class shall be available to all PKey type and it is just returning the key size in bits.

…eeded for key such as X25519 where the size not in byte boundary
@rhenium
Copy link
Member

rhenium commented Nov 4, 2023

GitHub Actions is failing because EVP_PKEY_get_bits() exists only in OpenSSL >= 3.0. It apparently had a different name in older versions according to the manpage.

The manpage of EVP_PKEY_get_bits() seems to deliberately avoid "key size". Probably this is because it's not a very well defined term.

EVP_PKEY_get_bits() returns the cryptographic length of the cryptosystem to which the key in pkey belongs, in bits. Note
that the definition of cryptographic length is specific to the key cryptosystem. This length corresponds to the provider
parameter OSSL_PKEY_PARAM_BITS.

I prefer not to name this method keysize_in_bits in that case. bits is probably good enough.

ext/openssl/ossl_pkey.c Outdated Show resolved Hide resolved
ext/openssl/ossl_pkey.c Outdated Show resolved Hide resolved
test/openssl/test_pkey.rb Outdated Show resolved Hide resolved
test/openssl/test_pkey_dh.rb Outdated Show resolved Hide resolved
test/openssl/test_pkey_ec.rb Outdated Show resolved Hide resolved
@chrisliaw
Copy link
Author

Thanks for the time Kazuki San. Is it acceptable I put the #ifdef to make it only support when it is compiled with OpenSSL >= 3.0 or I need to support OpenSSL < 3.0?

Thanks!

Regards

@rhenium
Copy link
Member

rhenium commented Nov 6, 2023

The manpage says EVP_PKEY_get_bits() was called EVP_PKEY_bits() in older versions than 3.0. It seems that the old name exists in all OpenSSL/LibreSSL versions we support.

ext/openssl/ossl_pkey.c Show resolved Hide resolved
ext/openssl/ossl_pkey.c Show resolved Hide resolved
ext/openssl/ossl_pkey.c Outdated Show resolved Hide resolved
test/openssl/test_pkey.rb Show resolved Hide resolved
test/openssl/test_pkey.rb Show resolved Hide resolved
test/openssl/test_pkey_ec.rb Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

3 participants