Remove the pkey_{,public_,param_}check() handlers

This disables the EVP_PKEY_*check() API and makes it fail (more precisely indicate lack of support) on all key types. This is an intermediate step to full removal. Removal is ok beck jsing
author: tb <> 2024-08-29 16:58:19 +0000
committer: tb <> 2024-08-29 16:58:19 +0000
commit: de7d0ab1c83083dedcf2e492963189bc2ba71ef0 (patch)
tree: ac80a4e15f4c62b0c198aacafcfe36bca5b92794
parent: dabf625eeca30be23d1bdf73a58eb6f7fd1bed35 (diff)
download: openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.gz
openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.bz2
openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.zip
5 files changed, 15 insertions, 140 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index d51a5bea4c..13141761d4 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.40 2024/01/04 17:01:26 tb Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.41 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -496,32 +496,6 @@ DHparams_print_fp(FILE *fp, const DH *x)
 }
 LCRYPTO_ALIAS(DHparams_print_fp);
-static int
-dh_pkey_public_check(const EVP_PKEY *pkey)
-{
-        DH *dh = pkey->pkey.dh;
-        if (dh->pub_key == NULL) {
-                DHerror(DH_R_MISSING_PUBKEY);
-                return 0;
-        }
-        return DH_check_pub_key_ex(dh, dh->pub_key);
-}
-static int
-dh_pkey_param_check(const EVP_PKEY *pkey)
-{
-        DH *dh = pkey->pkey.dh;
-        /*
-         * It would have made more sense to support EVP_PKEY_check() for DH
-         * keys and call DH_check_ex() there and keeping this as a wrapper
-         * for DH_param_check_ex(). We follow OpenSSL's choice.
-         */
-        return DH_check_ex(dh);
-}
 const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
        .base_method = &dh_asn1_meth,
        .pkey_id = EVP_PKEY_DH,
@@ -550,8 +524,4 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
        .param_print = dh_param_print,
        .pkey_free = dh_free,
-        .pkey_check = NULL,
-        .pkey_public_check = dh_pkey_public_check,
-        .pkey_param_check = dh_pkey_param_check,
 };
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 378261b946..f42093c3db 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.68 2024/05/10 05:12:03 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.69 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -689,41 +689,6 @@ ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 }
-static int
-ec_pkey_check(const EVP_PKEY *pkey)
-{
-        EC_KEY *eckey = pkey->pkey.ec;
-        if (eckey->priv_key == NULL) {
-                ECerror(EC_R_MISSING_PRIVATE_KEY);
-                return 0;
-        }
-        return EC_KEY_check_key(eckey);
-}
-static int
-ec_pkey_public_check(const EVP_PKEY *pkey)
-{
-        EC_KEY *eckey = pkey->pkey.ec;
-        /* This also checks the private key, but oh, well... */
-        return EC_KEY_check_key(eckey);
-}
-static int
-ec_pkey_param_check(const EVP_PKEY *pkey)
-{
-        EC_KEY *eckey = pkey->pkey.ec;
-        if (eckey->group == NULL) {
-                ECerror(EC_R_MISSING_PARAMETERS);
-                return 0;
-        }
-        return EC_GROUP_check(eckey->group, NULL);
-}
 #ifndef OPENSSL_NO_CMS
 static int
@@ -1092,8 +1057,4 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
        .pkey_ctrl = ec_pkey_ctrl,
        .old_priv_decode = old_ec_priv_decode,
        .old_priv_encode = old_ec_priv_encode,
-        .pkey_check = ec_pkey_check,
-        .pkey_public_check = ec_pkey_public_check,
-        .pkey_param_check = ec_pkey_param_check,
 };
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
index 5d541ffec4..54cd65d0af 100644
--- a/src/lib/libcrypto/evp/evp_local.h
+++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.24 2024/08/28 07:15:04 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.25 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -140,10 +140,6 @@ struct evp_pkey_asn1_method_st {
        int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
            X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig);
-        int (*pkey_check)(const EVP_PKEY *pk);
-        int (*pkey_public_check)(const EVP_PKEY *pk);
-        int (*pkey_param_check)(const EVP_PKEY *pk);
        int (*set_priv_key)(EVP_PKEY *pk, const unsigned char *private_key,
            size_t len);
        int (*set_pub_key)(EVP_PKEY *pk, const unsigned char *public_key,
@@ -322,10 +318,6 @@ struct evp_pkey_method_st {
            const unsigned char *tbs, size_t tbslen);
        int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
            size_t siglen, const unsigned char *tbs, size_t tbslen);
-        int (*check)(EVP_PKEY *pkey);
-        int (*public_check)(EVP_PKEY *pkey);
-        int (*param_check)(EVP_PKEY *pkey);
 } /* EVP_PKEY_METHOD */;
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
index 1c355e594a..415690cd0e 100644
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.19 2024/04/17 08:24:11 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.20 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -226,68 +226,30 @@ merr:
 }
 LCRYPTO_ALIAS(EVP_PKEY_new_mac_key);
+/*
+ * XXX - remove the API below in the next bump.
+ */
 int
 EVP_PKEY_check(EVP_PKEY_CTX *ctx)
 {
-        EVP_PKEY *pkey;
+        EVPerror(ERR_R_DISABLED);
+        return -2;
-        if ((pkey = ctx->pkey) == NULL) {
-                EVPerror(EVP_R_NO_KEY_SET);
-                return 0;
-        }
-        if (ctx->pmeth->check != NULL)
-                return ctx->pmeth->check(pkey);
-        if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) {
-                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-                return -2;
-        }
-        return pkey->ameth->pkey_check(pkey);
 }
 LCRYPTO_ALIAS(EVP_PKEY_check);
 int
 EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
 {
-        EVP_PKEY *pkey;
+        EVPerror(ERR_R_DISABLED);
+        return -2;
-        if ((pkey = ctx->pkey) == NULL) {
-                EVPerror(EVP_R_NO_KEY_SET);
-                return 0;
-        }
-        if (ctx->pmeth->public_check != NULL)
-                return ctx->pmeth->public_check(pkey);
-        if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
-                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-                return -2;
-        }
-        return pkey->ameth->pkey_public_check(pkey);
 }
 LCRYPTO_ALIAS(EVP_PKEY_public_check);
 int
 EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
 {
-        EVP_PKEY *pkey;
+        EVPerror(ERR_R_DISABLED);
+        return -2;
-        if ((pkey = ctx->pkey) == NULL) {
-                EVPerror(EVP_R_NO_KEY_SET);
-                return 0;
-        }
-        if (ctx->pmeth->param_check != NULL)
-                return ctx->pmeth->param_check(pkey);
-        if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
-                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-                return -2;
-        }
-        return pkey->ameth->pkey_param_check(pkey);
 }
 LCRYPTO_ALIAS(EVP_PKEY_param_check);
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index d7ce931733..eb5d599bf0 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.59 2024/08/28 07:15:04 tb Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.60 2024/08/29 16:58:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -1082,12 +1082,6 @@ rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
        return 2;
 }
-static int
-rsa_pkey_check(const EVP_PKEY *pkey)
-{
-        return RSA_check_key(pkey->pkey.rsa);
-}
 #ifndef OPENSSL_NO_CMS
 static RSA_OAEP_PARAMS *
 rsa_oaep_decode(const X509_ALGOR *alg)
@@ -1235,16 +1229,12 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meth = {
        .old_priv_encode = old_rsa_priv_encode,
        .item_verify = rsa_item_verify,
        .item_sign = rsa_item_sign,
-        .pkey_check = rsa_pkey_check,
 };
 const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth = {
        .base_method = &rsa_asn1_meth,
        .pkey_id = EVP_PKEY_RSA2,
        .pkey_flags = ASN1_PKEY_ALIAS,
-        .pkey_check = rsa_pkey_check,
 };
 const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
author	tb <>	2024-08-29 16:58:19 +0000
committer	tb <>	2024-08-29 16:58:19 +0000
commit	de7d0ab1c83083dedcf2e492963189bc2ba71ef0 (patch)
tree	ac80a4e15f4c62b0c198aacafcfe36bca5b92794
parent	dabf625eeca30be23d1bdf73a58eb6f7fd1bed35 (diff)
download	openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.gz openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.tar.bz2 openbsd-de7d0ab1c83083dedcf2e492963189bc2ba71ef0.zip

diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c index d51a5bea4c..13141761d4 100644 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_ameth.c,v 1.40 2024/01/04 17:01:26 tb Exp $ */	1	/* $OpenBSD: dh_ameth.c,v 1.41 2024/08/29 16:58:19 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -496,32 +496,6 @@ DHparams_print_fp(FILE fp, const DH x)
496	}	496	}
497	LCRYPTO_ALIAS(DHparams_print_fp);	497	LCRYPTO_ALIAS(DHparams_print_fp);
498		498
499	static int
500	dh_pkey_public_check(const EVP_PKEY *pkey)
501	{
502	DH *dh = pkey->pkey.dh;
503
504	if (dh->pub_key == NULL) {
505	DHerror(DH_R_MISSING_PUBKEY);
506	return 0;
507	}
508
509	return DH_check_pub_key_ex(dh, dh->pub_key);
510	}
511
512	static int
513	dh_pkey_param_check(const EVP_PKEY *pkey)
514	{
515	DH *dh = pkey->pkey.dh;
516
517	/*
518	* It would have made more sense to support EVP_PKEY_check() for DH
519	* keys and call DH_check_ex() there and keeping this as a wrapper
520	* for DH_param_check_ex(). We follow OpenSSL's choice.
521	*/
522	return DH_check_ex(dh);
523	}
524
525	const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {	499	const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
526	.base_method = &dh_asn1_meth,	500	.base_method = &dh_asn1_meth,
527	.pkey_id = EVP_PKEY_DH,	501	.pkey_id = EVP_PKEY_DH,
@@ -550,8 +524,4 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
550	.param_print = dh_param_print,	524	.param_print = dh_param_print,
551		525
552	.pkey_free = dh_free,	526	.pkey_free = dh_free,
553
554	.pkey_check = NULL,
555	.pkey_public_check = dh_pkey_public_check,
556	.pkey_param_check = dh_pkey_param_check,
557	};	527	};


diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index 378261b946..f42093c3db 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_ameth.c,v 1.68 2024/05/10 05:12:03 tb Exp $ */	1	/* $OpenBSD: ec_ameth.c,v 1.69 2024/08/29 16:58:19 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -689,41 +689,6 @@ ec_pkey_ctrl(EVP_PKEY pkey, int op, long arg1, void arg2)
689		689
690	}	690	}
691		691
692	static int
693	ec_pkey_check(const EVP_PKEY *pkey)
694	{
695	EC_KEY *eckey = pkey->pkey.ec;
696
697	if (eckey->priv_key == NULL) {
698	ECerror(EC_R_MISSING_PRIVATE_KEY);
699	return 0;
700	}
701
702	return EC_KEY_check_key(eckey);
703	}
704
705	static int
706	ec_pkey_public_check(const EVP_PKEY *pkey)
707	{
708	EC_KEY *eckey = pkey->pkey.ec;
709
710	/* This also checks the private key, but oh, well... */
711	return EC_KEY_check_key(eckey);
712	}
713
714	static int
715	ec_pkey_param_check(const EVP_PKEY *pkey)
716	{
717	EC_KEY *eckey = pkey->pkey.ec;
718
719	if (eckey->group == NULL) {
720	ECerror(EC_R_MISSING_PARAMETERS);
721	return 0;
722	}
723
724	return EC_GROUP_check(eckey->group, NULL);
725	}
726
727	#ifndef OPENSSL_NO_CMS	692	#ifndef OPENSSL_NO_CMS
728		693
729	static int	694	static int
@@ -1092,8 +1057,4 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
1092	.pkey_ctrl = ec_pkey_ctrl,	1057	.pkey_ctrl = ec_pkey_ctrl,
1093	.old_priv_decode = old_ec_priv_decode,	1058	.old_priv_decode = old_ec_priv_decode,
1094	.old_priv_encode = old_ec_priv_encode,	1059	.old_priv_encode = old_ec_priv_encode,
1095
1096	.pkey_check = ec_pkey_check,
1097	.pkey_public_check = ec_pkey_public_check,
1098	.pkey_param_check = ec_pkey_param_check,
1099	};	1060	};


diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h index 5d541ffec4..54cd65d0af 100644 --- a/src/lib/libcrypto/evp/evp_local.h +++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_local.h,v 1.24 2024/08/28 07:15:04 tb Exp $ */	1	/* $OpenBSD: evp_local.h,v 1.25 2024/08/29 16:58:19 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -140,10 +140,6 @@ struct evp_pkey_asn1_method_st {
140	int (item_sign)(EVP_MD_CTX ctx, const ASN1_ITEM it, void asn,	140	int (item_sign)(EVP_MD_CTX ctx, const ASN1_ITEM it, void asn,
141	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig);	141	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig);
142		142
143	int (pkey_check)(const EVP_PKEY pk);
144	int (pkey_public_check)(const EVP_PKEY pk);
145	int (pkey_param_check)(const EVP_PKEY pk);
146
147	int (set_priv_key)(EVP_PKEY pk, const unsigned char *private_key,	143	int (set_priv_key)(EVP_PKEY pk, const unsigned char *private_key,
148	size_t len);	144	size_t len);
149	int (set_pub_key)(EVP_PKEY pk, const unsigned char *public_key,	145	int (set_pub_key)(EVP_PKEY pk, const unsigned char *public_key,
@@ -322,10 +318,6 @@ struct evp_pkey_method_st {
322	const unsigned char *tbs, size_t tbslen);	318	const unsigned char *tbs, size_t tbslen);
323	int (digestverify) (EVP_MD_CTX ctx, const unsigned char *sig,	319	int (digestverify) (EVP_MD_CTX ctx, const unsigned char *sig,
324	size_t siglen, const unsigned char *tbs, size_t tbslen);	320	size_t siglen, const unsigned char *tbs, size_t tbslen);
325
326	int (check)(EVP_PKEY pkey);
327	int (public_check)(EVP_PKEY pkey);
328	int (param_check)(EVP_PKEY pkey);
329	} /* EVP_PKEY_METHOD */;	321	} /* EVP_PKEY_METHOD */;
330		322
331	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);	323	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);


diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c index 1c355e594a..415690cd0e 100644 --- a/src/lib/libcrypto/evp/pmeth_gn.c +++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_gn.c,v 1.19 2024/04/17 08:24:11 tb Exp $ */	1	/* $OpenBSD: pmeth_gn.c,v 1.20 2024/08/29 16:58:19 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -226,68 +226,30 @@ merr:
226	}	226	}
227	LCRYPTO_ALIAS(EVP_PKEY_new_mac_key);	227	LCRYPTO_ALIAS(EVP_PKEY_new_mac_key);
228		228
		229	/*
		230	* XXX - remove the API below in the next bump.
		231	*/
		232
229	int	233	int
230	EVP_PKEY_check(EVP_PKEY_CTX *ctx)	234	EVP_PKEY_check(EVP_PKEY_CTX *ctx)
231	{	235	{
232	EVP_PKEY *pkey;	236	EVPerror(ERR_R_DISABLED);
233		237	return -2;
234	if ((pkey = ctx->pkey) == NULL) {
235	EVPerror(EVP_R_NO_KEY_SET);
236	return 0;
237	}
238
239	if (ctx->pmeth->check != NULL)
240	return ctx->pmeth->check(pkey);
241
242	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_check == NULL) {
243	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
244	return -2;
245	}
246
247	return pkey->ameth->pkey_check(pkey);
248	}	238	}
249	LCRYPTO_ALIAS(EVP_PKEY_check);	239	LCRYPTO_ALIAS(EVP_PKEY_check);
250		240
251	int	241	int
252	EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)	242	EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
253	{	243	{
254	EVP_PKEY *pkey;	244	EVPerror(ERR_R_DISABLED);
255		245	return -2;
256	if ((pkey = ctx->pkey) == NULL) {
257	EVPerror(EVP_R_NO_KEY_SET);
258	return 0;
259	}
260
261	if (ctx->pmeth->public_check != NULL)
262	return ctx->pmeth->public_check(pkey);
263
264	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_public_check == NULL) {
265	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
266	return -2;
267	}
268
269	return pkey->ameth->pkey_public_check(pkey);
270	}	246	}
271	LCRYPTO_ALIAS(EVP_PKEY_public_check);	247	LCRYPTO_ALIAS(EVP_PKEY_public_check);
272		248
273	int	249	int
274	EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)	250	EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
275	{	251	{
276	EVP_PKEY *pkey;	252	EVPerror(ERR_R_DISABLED);
277		253	return -2;
278	if ((pkey = ctx->pkey) == NULL) {
279	EVPerror(EVP_R_NO_KEY_SET);
280	return 0;
281	}
282
283	if (ctx->pmeth->param_check != NULL)
284	return ctx->pmeth->param_check(pkey);
285
286	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_param_check == NULL) {
287	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
288	return -2;
289	}
290
291	return pkey->ameth->pkey_param_check(pkey);
292	}	254	}
293	LCRYPTO_ALIAS(EVP_PKEY_param_check);	255	LCRYPTO_ALIAS(EVP_PKEY_param_check);


diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c index d7ce931733..eb5d599bf0 100644 --- a/src/lib/libcrypto/rsa/rsa_ameth.c +++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa_ameth.c,v 1.59 2024/08/28 07:15:04 tb Exp $ */	1	/* $OpenBSD: rsa_ameth.c,v 1.60 2024/08/29 16:58:19 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -1082,12 +1082,6 @@ rsa_item_sign(EVP_MD_CTX ctx, const ASN1_ITEM it, void *asn,
1082	return 2;	1082	return 2;
1083	}	1083	}
1084		1084
1085	static int
1086	rsa_pkey_check(const EVP_PKEY *pkey)
1087	{
1088	return RSA_check_key(pkey->pkey.rsa);
1089	}
1090
1091	#ifndef OPENSSL_NO_CMS	1085	#ifndef OPENSSL_NO_CMS
1092	static RSA_OAEP_PARAMS *	1086	static RSA_OAEP_PARAMS *
1093	rsa_oaep_decode(const X509_ALGOR *alg)	1087	rsa_oaep_decode(const X509_ALGOR *alg)
@@ -1235,16 +1229,12 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meth = {
1235	.old_priv_encode = old_rsa_priv_encode,	1229	.old_priv_encode = old_rsa_priv_encode,
1236	.item_verify = rsa_item_verify,	1230	.item_verify = rsa_item_verify,
1237	.item_sign = rsa_item_sign,	1231	.item_sign = rsa_item_sign,
1238
1239	.pkey_check = rsa_pkey_check,
1240	};	1232	};
1241		1233
1242	const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth = {	1234	const EVP_PKEY_ASN1_METHOD rsa2_asn1_meth = {
1243	.base_method = &rsa_asn1_meth,	1235	.base_method = &rsa_asn1_meth,
1244	.pkey_id = EVP_PKEY_RSA2,	1236	.pkey_id = EVP_PKEY_RSA2,
1245	.pkey_flags = ASN1_PKEY_ALIAS,	1237	.pkey_flags = ASN1_PKEY_ALIAS,
1246
1247	.pkey_check = rsa_pkey_check,
1248	};	1238	};
1249		1239
1250	const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {	1240	const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {