feat(pkey) add pkey:get_size and allow only return NID of key type

Author: fffonion

README.md

@@ -60,6 +60,7 @@ Table of Contents
     + [pkey:set_parameters](#pkeyset_parameters)
     + [pkey:is_private](#pkeyis_private)
     + [pkey:get_key_type](#pkeyget_key_type)
+    + [pkey:get_size](#pkeyget_size)
     + [pkey:get_default_digest_type](#pkeyget_default_digest_type)
     + [pkey:sign](#pkeysign)
     + [pkey:verify](#pkeyverify)
@@ -1120,19 +1121,37 @@ it's a public key.
 
 ### pkey:get_key_type
 
-**syntax**: *obj, err = pk:get_key_type()*
+**syntax**: *obj, err = pk:get_key_type(nid_only?)*
 
 Returns a ASN1_OBJECT of key type of the private key as a table.
 
+Starting from lua-resty-openssl 1.6.0, an optional argument `nid_only` can be set to `true`
+to only return the numeric NID of the key.
+
 ```lua
 local pkey, err = require("resty.openssl.pkey").new({type="X448"})
 
 ngx.say(require("cjson").encode(pkey:get_key_type()))
 -- outputs '{"ln":"X448","nid":1035,"sn":"X448","id":"1.3.101.111"}'
+ngx.say(pkey:get_key_type(true))
+-- outputs 1035
 ```
 
 [Back to TOC](#table-of-contents)
 
+### pkey:get_size
+
+**syntax**: *size, err = pk:get_size()*
+
+Returns the maximum suitable size for the output buffers for almost all
+operations that can be done with pkey.
+
+For RSA key, this is the size of the modulus.
+For EC, Ed25519 and Ed448 keys, this is the size of the private key.
+For DH key, this is the size of the prime modulus.
+
+[Back to TOC](#table-of-contents)
+
 ### pkey:get_default_digest_type
 
 **syntax**: *obj, err = pk:get_default_digest_type()*

lib/resty/openssl/pkey.lua

@@ -625,8 +625,12 @@ function _M.istype(l)
   return l and l.ctx and ffi.istype(evp_pkey_ptr_ct, l.ctx)
 end
 
-function _M:get_key_type()
-  return objects_lib.nid2table(self.key_type)
+function _M:get_key_type(nid_only)
+  return nid_only and self.key_type or objects_lib.nid2table(self.key_type)
+end
+
+function _M:get_size()
+  return OPENSSL_3X and C.EVP_PKEY_get_size(self.ctx) or C.EVP_PKEY_size(self.ctx)
 end
 
 function _M:get_default_digest_type()

t/openssl/pkey.t

@@ -1310,18 +1310,40 @@ true
                 type = 'RSA',
             }))
             ngx.say(encode_sorted_json(p:get_key_type()))
+            ngx.say(p:get_key_type(true))
         }
     }
 --- request
     GET /t
 --- response_body_like eval
-'{"id":"1.2.840.113549.1.1.1","ln":"rsaEncryption","nid":6,"sn":"rsaEncryption"}'
+'{"id":"1.2.840.113549.1.1.1","ln":"rsaEncryption","nid":6,"sn":"rsaEncryption"}
+6'
 --- no_error_log
 [error]
 
 
 
-=== TEST 38: misc: Checks if it's private key
+=== TEST 38: misc: get size
+--- http_config eval: $::HttpConfig
+--- config
+    location =/t {
+        content_by_lua_block {
+            local p, err = myassert(require("resty.openssl.pkey").new({
+                type = 'EC',
+            }))
+            ngx.say(p:get_size())
+        }
+    }
+--- request
+    GET /t
+--- response_body
+56
+--- no_error_log
+[error]
+
+
+
+=== TEST 39: misc: Checks if it's private key
 --- http_config eval: $::HttpConfig
 --- config
     location =/t {
@@ -1359,7 +1381,7 @@ true
 
 
 
-=== TEST 39: misc: Checks if it's private key: ecx
+=== TEST 40: misc: Checks if it's private key: ecx
 --- http_config eval: $::HttpConfig
 --- config
     location =/t {
@@ -1395,7 +1417,7 @@ true
 
 
 
-=== TEST 40: misc: Returns provider
+=== TEST 41: misc: Returns provider
 --- http_config eval: $::HttpConfig
 --- config
     location =/t {
@@ -1419,7 +1441,7 @@ default
 
 
 
-=== TEST 41: params: Returns gettable, settable params
+=== TEST 42: params: Returns gettable, settable params
 --- http_config eval: $::HttpConfig
 --- config
     location =/t {
@@ -1445,7 +1467,7 @@ default
 
 
 
-=== TEST 42: params: Get params, set params
+=== TEST 43: params: Get params, set params
 --- http_config eval: $::HttpConfig
 --- config
     location =/t {