diff options
| author | tb <> | 2022-01-10 11:52:43 +0000 |
|---|---|---|
| committer | tb <> | 2022-01-10 11:52:43 +0000 |
| commit | a447c077ad67d6e81ed1a4fbe9003875add773c2 (patch) | |
| tree | 1fec6a88d05f741604c6f6549798d45c11a3aef3 /src/lib/libcrypto/rsa | |
| parent | 0af4f789497e3f3ba6818138f64585c080464044 (diff) | |
| download | openbsd-a447c077ad67d6e81ed1a4fbe9003875add773c2.tar.gz openbsd-a447c077ad67d6e81ed1a4fbe9003875add773c2.tar.bz2 openbsd-a447c077ad67d6e81ed1a4fbe9003875add773c2.zip | |
Prepare to provide EVP_PKEY_check()
This allows checking the validity of an EVP_PKEY. Only RSA and EC keys
are supported. If a check function is set the EVP_PKEY_METHOD, it will
be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is
used. The default ASN.1 methods wrap RSA_check_key() and
EC_KEY_check_key(), respectively.
The corresponding setters are EVP_PKEY_{asn1,meth}_set_check().
It is unclear why the PKEY method has no const while the ASN.1 method
has const.
Requested by tobhe and used by PHP 8.1.
Based on OpenSSL commit 2aee35d3
ok inoguchi jsing
Diffstat (limited to 'src/lib/libcrypto/rsa')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_ameth.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c index d373d7c132..57fe46a976 100644 --- a/src/lib/libcrypto/rsa/rsa_ameth.c +++ b/src/lib/libcrypto/rsa/rsa_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_ameth.c,v 1.24 2019/11/20 10:46:17 inoguchi Exp $ */ | 1 | /* $OpenBSD: rsa_ameth.c,v 1.25 2022/01/10 11:52:43 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2006. | 3 | * project 2006. |
| 4 | */ | 4 | */ |
| @@ -916,6 +916,12 @@ rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, | |||
| 916 | return 2; | 916 | return 2; |
| 917 | } | 917 | } |
| 918 | 918 | ||
| 919 | static int | ||
| 920 | rsa_pkey_check(const EVP_PKEY *pkey) | ||
| 921 | { | ||
| 922 | return RSA_check_key(pkey->pkey.rsa); | ||
| 923 | } | ||
| 924 | |||
| 919 | #ifndef OPENSSL_NO_CMS | 925 | #ifndef OPENSSL_NO_CMS |
| 920 | static RSA_OAEP_PARAMS * | 926 | static RSA_OAEP_PARAMS * |
| 921 | rsa_oaep_decode(const X509_ALGOR *alg) | 927 | rsa_oaep_decode(const X509_ALGOR *alg) |
| @@ -1105,14 +1111,18 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { | |||
| 1105 | .old_priv_decode = old_rsa_priv_decode, | 1111 | .old_priv_decode = old_rsa_priv_decode, |
| 1106 | .old_priv_encode = old_rsa_priv_encode, | 1112 | .old_priv_encode = old_rsa_priv_encode, |
| 1107 | .item_verify = rsa_item_verify, | 1113 | .item_verify = rsa_item_verify, |
| 1108 | .item_sign = rsa_item_sign | 1114 | .item_sign = rsa_item_sign, |
| 1115 | |||
| 1116 | .pkey_check = rsa_pkey_check, | ||
| 1109 | }, | 1117 | }, |
| 1110 | 1118 | ||
| 1111 | { | 1119 | { |
| 1112 | .pkey_id = EVP_PKEY_RSA2, | 1120 | .pkey_id = EVP_PKEY_RSA2, |
| 1113 | .pkey_base_id = EVP_PKEY_RSA, | 1121 | .pkey_base_id = EVP_PKEY_RSA, |
| 1114 | .pkey_flags = ASN1_PKEY_ALIAS | 1122 | .pkey_flags = ASN1_PKEY_ALIAS, |
| 1115 | } | 1123 | |
| 1124 | .pkey_check = rsa_pkey_check, | ||
| 1125 | }, | ||
| 1116 | }; | 1126 | }; |
| 1117 | 1127 | ||
| 1118 | const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = { | 1128 | const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = { |