Implement openssl pkey -{,pub}check and pkeyparam -check

These expose EVP_PKEY_{,public_,param_}check() to the command line.
They are currently noops and will be enabled in the upcoming bump.

ok inoguchi jsing

1 files changed, 17 insertions, 2 deletions

diff --git a/src/usr.bin/openssl/pkeyparam.c b/src/usr.bin/openssl/pkeyparam.c
index 81bed13958..6ac4558578 100644
--- a/src/usr.bin/openssl/pkeyparam.c
+++ b/src/usr.bin/openssl/pkeyparam.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pkeyparam.c,v 1.12 2019/07/14 03:30:46 guenther Exp $ */
+/* $OpenBSD: pkeyparam.c,v 1.13 2022/01/10 12:17:49 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006
  */
@@ -66,6 +66,7 @@
 #include <openssl/pem.h>
 
 struct {
+        int check;
         char *infile;
         int noout;
         char *outfile;
@@ -74,6 +75,12 @@ struct {
 
 static const struct option pkeyparam_options[] = {
         {
+                .name = "check",
+                .desc = "Check validity of key parameters",
+                .type = OPTION_FLAG,
+                .opt.flag = &pkeyparam_config.check,
+        },
+        {
                 .name = "in",
                 .argname = "file",
                 .desc = "Input file (default stdin)",
@@ -106,7 +113,7 @@ static void
 pkeyparam_usage()
 {
         fprintf(stderr,
-            "usage: pkeyparam [-in file] [-noout] [-out file] "
+            "usage: pkeyparam [-check] [-in file] [-noout] [-out file] "
             "[-text]\n");
         options_usage(pkeyparam_options);
 }
@@ -157,6 +164,14 @@ pkeyparam_main(int argc, char **argv)
                 ERR_print_errors(bio_err);
                 goto end;
         }
+
+#if notyet
+        if (pkeyparam_config.check) {
+                if (!pkey_check(out, pkey, EVP_PKEY_param_check, "Parameters"))
+                        goto end;
+        }
+#endif
+
         if (!pkeyparam_config.noout)
                 PEM_write_bio_Parameters(out, pkey);