diff options
| author | tb <> | 2022-01-10 12:10:26 +0000 |
|---|---|---|
| committer | tb <> | 2022-01-10 12:10:26 +0000 |
| commit | 875eb616f98cd0720501dc97ee72ed96343b0b33 (patch) | |
| tree | ba8a46237cda314ddd3da47248b453e7613bb73a /src/lib/libcrypto/dh | |
| parent | 7f7aefb469a9916b1d914a9fabaed99bb909ef8d (diff) | |
| download | openbsd-875eb616f98cd0720501dc97ee72ed96343b0b33.tar.gz openbsd-875eb616f98cd0720501dc97ee72ed96343b0b33.tar.bz2 openbsd-875eb616f98cd0720501dc97ee72ed96343b0b33.zip | |
Prepare to provide EVP_PKEY_{public,param}_check
This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().
There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.
ok inoguchi jsing
Diffstat (limited to 'src/lib/libcrypto/dh')
| -rw-r--r-- | src/lib/libcrypto/dh/dh_ameth.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c index bbb687da8b..eaca890a50 100644 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ b/src/lib/libcrypto/dh/dh_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh_ameth.c,v 1.21 2022/01/10 00:09:06 tb Exp $ */ | 1 | /* $OpenBSD: dh_ameth.c,v 1.22 2022/01/10 12:10:26 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -466,6 +466,32 @@ DHparams_print(BIO *bp, const DH *x) | |||
| 466 | return do_dh_print(bp, x, 4, NULL, 0); | 466 | return do_dh_print(bp, x, 4, NULL, 0); |
| 467 | } | 467 | } |
| 468 | 468 | ||
| 469 | static int | ||
| 470 | dh_pkey_public_check(const EVP_PKEY *pkey) | ||
| 471 | { | ||
| 472 | DH *dh = pkey->pkey.dh; | ||
| 473 | |||
| 474 | if (dh->pub_key == NULL) { | ||
| 475 | DHerror(DH_R_MISSING_PUBKEY); | ||
| 476 | return 0; | ||
| 477 | } | ||
| 478 | |||
| 479 | return DH_check_pub_key_ex(dh, dh->pub_key); | ||
| 480 | } | ||
| 481 | |||
| 482 | static int | ||
| 483 | dh_pkey_param_check(const EVP_PKEY *pkey) | ||
| 484 | { | ||
| 485 | DH *dh = pkey->pkey.dh; | ||
| 486 | |||
| 487 | /* | ||
| 488 | * It would have made more sense to support EVP_PKEY_check() for DH | ||
| 489 | * keys and call DH_check_ex() there and keeping this as a wrapper | ||
| 490 | * for DH_param_check_ex(). We follow OpenSSL's choice. | ||
| 491 | */ | ||
| 492 | return DH_check_ex(dh); | ||
| 493 | } | ||
| 494 | |||
| 469 | const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { | 495 | const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { |
| 470 | .pkey_id = EVP_PKEY_DH, | 496 | .pkey_id = EVP_PKEY_DH, |
| 471 | .pkey_base_id = EVP_PKEY_DH, | 497 | .pkey_base_id = EVP_PKEY_DH, |
| @@ -493,4 +519,8 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { | |||
| 493 | .param_print = dh_param_print, | 519 | .param_print = dh_param_print, |
| 494 | 520 | ||
| 495 | .pkey_free = int_dh_free, | 521 | .pkey_free = int_dh_free, |
| 522 | |||
| 523 | .pkey_check = NULL, | ||
| 524 | .pkey_public_check = dh_pkey_public_check, | ||
| 525 | .pkey_param_check = dh_pkey_param_check, | ||
| 496 | }; | 526 | }; |