8 files changed, 89 insertions, 12 deletions
diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
index ed7f5bd3e4..96669bbd2f 100644
--- a/src/lib/libcrypto/asn1/ameth_lib.c
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.23 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.24 2022/01/10 11:52:43 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -429,3 +429,10 @@ EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 {
        ameth->pkey_ctrl = pkey_ctrl;
 }
+void
+EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_check)(const EVP_PKEY *pk))
+{
+        ameth->pkey_check = pkey_check;
+}
diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h
index 3b949dba65..31fcbef20d 100644
--- a/src/lib/libcrypto/asn1/asn1_locl.h
+++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_locl.h,v 1.15 2021/12/25 12:00:22 jsing Exp $ */
+/* $OpenBSD: asn1_locl.h,v 1.16 2022/01/10 11:52:43 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -124,6 +124,7 @@ struct evp_pkey_asn1_method_st {
        int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
            X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig);
+        int (*pkey_check)(const EVP_PKEY *pk);
 } /* EVP_PKEY_ASN1_METHOD */;
 /* Method to handle CRL access.
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index c96c46dd53..8316683f8f 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.29 2021/12/12 21:30:13 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.30 2022/01/10 11:52:43 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 #include "asn1_locl.h"
+#include "ec_lcl.h"
 #include "evp_locl.h"
 #ifndef OPENSSL_NO_CMS
@@ -620,6 +621,19 @@ ec_pkey_ctrl(EVP_PKEY * pkey, int op, long arg1, void *arg2)
 }
+static int
+ec_pkey_check(const EVP_PKEY *pkey)
+{
+        EC_KEY *eckey = pkey->pkey.ec;
+        if (eckey->priv_key == NULL) {
+                ECerror(EC_R_MISSING_PRIVATE_KEY);
+                return 0;
+        }
+        return EC_KEY_check_key(eckey);
+}
 #ifndef OPENSSL_NO_CMS
 static int
@@ -981,5 +995,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
        .pkey_free = int_ec_free,
        .pkey_ctrl = ec_pkey_ctrl,
        .old_priv_decode = old_ec_priv_decode,
-        .old_priv_encode = old_ec_priv_encode
+        .old_priv_encode = old_ec_priv_encode,
+        .pkey_check = ec_pkey_check,
 };
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index aa5b35f67c..e122a6b329 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.92 2022/01/09 15:15:25 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.93 2022/01/10 11:52:43 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1087,6 +1087,11 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
 void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
    int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2));
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || defined(LIBRESSL_NEXT_API)
+void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_check)(const EVP_PKEY *pk));
+#endif
 #define EVP_PKEY_OP_UNDEFINED           0
 #define EVP_PKEY_OP_PARAMGEN            (1<<1)
 #define EVP_PKEY_OP_KEYGEN              (1<<2)
@@ -1213,6 +1218,9 @@ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || defined(LIBRESSL_NEXT_API)
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+#endif
 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
 EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
@@ -1279,6 +1287,11 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
    int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2),
    int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value));
+#if defined(LIBRESSL_CRYPTO_INTERNAL) || defined(LIBRESSL_NEXT_API)
+void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+    int (*check)(EVP_PKEY *pkey));
+#endif
 /* Authenticated Encryption with Additional Data.
 *
 * AEAD couples confidentiality and integrity in a single primtive. AEAD
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 5eef0b244f..3ff8e8ad99 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_locl.h,v 1.18 2022/01/09 15:15:25 tb Exp $ */
+/* $OpenBSD: evp_locl.h,v 1.19 2022/01/10 11:52:43 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -347,6 +347,8 @@ struct evp_pkey_method_st {
        int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
        int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);
+        int (*check)(EVP_PKEY *pkey);
 } /* EVP_PKEY_METHOD */;
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
index 066291b800..a8a4cc97db 100644
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.8 2021/12/04 16:08:32 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.9 2022/01/10 11:52:43 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -64,6 +64,7 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include "asn1_locl.h"
 #include "bn_lcl.h"
 #include "evp_locl.h"
@@ -222,3 +223,24 @@ merr:
        EVP_PKEY_CTX_free(mac_ctx);
        return mac_key;
 }
+int
+EVP_PKEY_check(EVP_PKEY_CTX *ctx)
+{
+        EVP_PKEY *pkey;
+        if ((pkey = ctx->pkey) == NULL) {
+                EVPerror(EVP_R_NO_KEY_SET);
+                return 0;
+        }
+        if (ctx->pmeth->check != NULL)
+                return ctx->pmeth->check(pkey);
+        if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) {
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+        }
+        return pkey->ameth->pkey_check(pkey);
+}
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index 33924dbd66..92328dd246 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.18 2021/12/03 14:19:57 tb Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.19 2022/01/10 11:52:43 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -582,3 +582,9 @@ EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
        pmeth->ctrl = ctrl;
        pmeth->ctrl_str = ctrl_str;
 }
+void
+EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check)(EVP_PKEY *pkey))
+{
+        pmeth->check = check;
+}
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index d373d7c132..57fe46a976 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.24 2019/11/20 10:46:17 inoguchi Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.25 2022/01/10 11:52:43 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -916,6 +916,12 @@ rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
        return 2;
 }
+static int
+rsa_pkey_check(const EVP_PKEY *pkey)
+{
+        return RSA_check_key(pkey->pkey.rsa);
+}
 #ifndef OPENSSL_NO_CMS
 static RSA_OAEP_PARAMS *
 rsa_oaep_decode(const X509_ALGOR *alg)
@@ -1105,14 +1111,18 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
                .old_priv_decode = old_rsa_priv_decode,
                .old_priv_encode = old_rsa_priv_encode,
                .item_verify = rsa_item_verify,
-                .item_sign = rsa_item_sign
+                .item_sign = rsa_item_sign,
+                .pkey_check = rsa_pkey_check,
        },
        {
                .pkey_id = EVP_PKEY_RSA2,
                .pkey_base_id = EVP_PKEY_RSA,
-                .pkey_flags = ASN1_PKEY_ALIAS
+                .pkey_flags = ASN1_PKEY_ALIAS,
-        }
+                .pkey_check = rsa_pkey_check,
+        },
 };
 const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {

diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c index ed7f5bd3e4..96669bbd2f 100644 --- a/src/lib/libcrypto/asn1/ameth_lib.c +++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ameth_lib.c,v 1.23 2021/12/12 21:30:13 tb Exp $ */	1	/* $OpenBSD: ameth_lib.c,v 1.24 2022/01/10 11:52:43 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -429,3 +429,10 @@ EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
429	{	429	{
430	ameth->pkey_ctrl = pkey_ctrl;	430	ameth->pkey_ctrl = pkey_ctrl;
431	}	431	}
		432
		433	void
		434	EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
		435	int (pkey_check)(const EVP_PKEY pk))
		436	{
		437	ameth->pkey_check = pkey_check;
		438	}


diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h index 3b949dba65..31fcbef20d 100644 --- a/src/lib/libcrypto/asn1/asn1_locl.h +++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: asn1_locl.h,v 1.15 2021/12/25 12:00:22 jsing Exp $ */	1	/* $OpenBSD: asn1_locl.h,v 1.16 2022/01/10 11:52:43 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -124,6 +124,7 @@ struct evp_pkey_asn1_method_st {
124	int (item_sign)(EVP_MD_CTX ctx, const ASN1_ITEM it, void asn,	124	int (item_sign)(EVP_MD_CTX ctx, const ASN1_ITEM it, void asn,
125	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig);	125	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig);
126		126
		127	int (pkey_check)(const EVP_PKEY pk);
127	} /* EVP_PKEY_ASN1_METHOD */;	128	} /* EVP_PKEY_ASN1_METHOD */;
128		129
129	/* Method to handle CRL access.	130	/* Method to handle CRL access.


diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index c96c46dd53..8316683f8f 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_ameth.c,v 1.29 2021/12/12 21:30:13 tb Exp $ */	1	/* $OpenBSD: ec_ameth.c,v 1.30 2022/01/10 11:52:43 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -67,6 +67,7 @@
67	#include <openssl/x509.h>	67	#include <openssl/x509.h>
68		68
69	#include "asn1_locl.h"	69	#include "asn1_locl.h"
		70	#include "ec_lcl.h"
70	#include "evp_locl.h"	71	#include "evp_locl.h"
71		72
72	#ifndef OPENSSL_NO_CMS	73	#ifndef OPENSSL_NO_CMS
@@ -620,6 +621,19 @@ ec_pkey_ctrl(EVP_PKEY * pkey, int op, long arg1, void *arg2)
620		621
621	}	622	}
622		623
		624	static int
		625	ec_pkey_check(const EVP_PKEY *pkey)
		626	{
		627	EC_KEY *eckey = pkey->pkey.ec;
		628
		629	if (eckey->priv_key == NULL) {
		630	ECerror(EC_R_MISSING_PRIVATE_KEY);
		631	return 0;
		632	}
		633
		634	return EC_KEY_check_key(eckey);
		635	}
		636
623	#ifndef OPENSSL_NO_CMS	637	#ifndef OPENSSL_NO_CMS
624		638
625	static int	639	static int
@@ -981,5 +995,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
981	.pkey_free = int_ec_free,	995	.pkey_free = int_ec_free,
982	.pkey_ctrl = ec_pkey_ctrl,	996	.pkey_ctrl = ec_pkey_ctrl,
983	.old_priv_decode = old_ec_priv_decode,	997	.old_priv_decode = old_ec_priv_decode,
984	.old_priv_encode = old_ec_priv_encode	998	.old_priv_encode = old_ec_priv_encode,
		999
		1000	.pkey_check = ec_pkey_check,
985	};	1001	};


diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index aa5b35f67c..e122a6b329 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp.h,v 1.92 2022/01/09 15:15:25 tb Exp $ */	1	/* $OpenBSD: evp.h,v 1.93 2022/01/10 11:52:43 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1087,6 +1087,11 @@ void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
1087	void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,	1087	void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
1088	int (pkey_ctrl)(EVP_PKEY pkey, int op, long arg1, void *arg2));	1088	int (pkey_ctrl)(EVP_PKEY pkey, int op, long arg1, void *arg2));
1089		1089
		1090	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
		1091	void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
		1092	int (pkey_check)(const EVP_PKEY pk));
		1093	#endif
		1094
1090	#define EVP_PKEY_OP_UNDEFINED 0	1095	#define EVP_PKEY_OP_UNDEFINED 0
1091	#define EVP_PKEY_OP_PARAMGEN (1<<1)	1096	#define EVP_PKEY_OP_PARAMGEN (1<<1)
1092	#define EVP_PKEY_OP_KEYGEN (1<<2)	1097	#define EVP_PKEY_OP_KEYGEN (1<<2)
@@ -1213,6 +1218,9 @@ int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
1213	int EVP_PKEY_paramgen(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey);	1218	int EVP_PKEY_paramgen(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey);
1214	int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);	1219	int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
1215	int EVP_PKEY_keygen(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey);	1220	int EVP_PKEY_keygen(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey);
		1221	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
		1222	int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
		1223	#endif
1216		1224
1217	void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX ctx, EVP_PKEY_gen_cb cb);	1225	void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX ctx, EVP_PKEY_gen_cb cb);
1218	EVP_PKEY_gen_cb EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX ctx);	1226	EVP_PKEY_gen_cb EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX ctx);
@@ -1279,6 +1287,11 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
1279	int (ctrl)(EVP_PKEY_CTX ctx, int type, int p1, void *p2),	1287	int (ctrl)(EVP_PKEY_CTX ctx, int type, int p1, void *p2),
1280	int (ctrl_str)(EVP_PKEY_CTX ctx, const char type, const char value));	1288	int (ctrl_str)(EVP_PKEY_CTX ctx, const char type, const char value));
1281		1289
		1290	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
		1291	void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
		1292	int (check)(EVP_PKEY pkey));
		1293	#endif
		1294
1282	/* Authenticated Encryption with Additional Data.	1295	/* Authenticated Encryption with Additional Data.
1283	*	1296	*
1284	* AEAD couples confidentiality and integrity in a single primtive. AEAD	1297	* AEAD couples confidentiality and integrity in a single primtive. AEAD


diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h index 5eef0b244f..3ff8e8ad99 100644 --- a/src/lib/libcrypto/evp/evp_locl.h +++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_locl.h,v 1.18 2022/01/09 15:15:25 tb Exp $ */	1	/* $OpenBSD: evp_locl.h,v 1.19 2022/01/10 11:52:43 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -347,6 +347,8 @@ struct evp_pkey_method_st {
347		347
348	int (ctrl)(EVP_PKEY_CTX ctx, int type, int p1, void *p2);	348	int (ctrl)(EVP_PKEY_CTX ctx, int type, int p1, void *p2);
349	int (ctrl_str)(EVP_PKEY_CTX ctx, const char type, const char value);	349	int (ctrl_str)(EVP_PKEY_CTX ctx, const char type, const char value);
		350
		351	int (check)(EVP_PKEY pkey);
350	} /* EVP_PKEY_METHOD */;	352	} /* EVP_PKEY_METHOD */;
351		353
352	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);	354	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);


diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c index 066291b800..a8a4cc97db 100644 --- a/src/lib/libcrypto/evp/pmeth_gn.c +++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_gn.c,v 1.8 2021/12/04 16:08:32 tb Exp $ */	1	/* $OpenBSD: pmeth_gn.c,v 1.9 2022/01/10 11:52:43 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -64,6 +64,7 @@
64	#include <openssl/evp.h>	64	#include <openssl/evp.h>
65	#include <openssl/objects.h>	65	#include <openssl/objects.h>
66		66
		67	#include "asn1_locl.h"
67	#include "bn_lcl.h"	68	#include "bn_lcl.h"
68	#include "evp_locl.h"	69	#include "evp_locl.h"
69		70
@@ -222,3 +223,24 @@ merr:
222	EVP_PKEY_CTX_free(mac_ctx);	223	EVP_PKEY_CTX_free(mac_ctx);
223	return mac_key;	224	return mac_key;
224	}	225	}
		226
		227	int
		228	EVP_PKEY_check(EVP_PKEY_CTX *ctx)
		229	{
		230	EVP_PKEY *pkey;
		231
		232	if ((pkey = ctx->pkey) == NULL) {
		233	EVPerror(EVP_R_NO_KEY_SET);
		234	return 0;
		235	}
		236
		237	if (ctx->pmeth->check != NULL)
		238	return ctx->pmeth->check(pkey);
		239
		240	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_check == NULL) {
		241	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		242	return -2;
		243	}
		244
		245	return pkey->ameth->pkey_check(pkey);
		246	}


diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c index 33924dbd66..92328dd246 100644 --- a/src/lib/libcrypto/evp/pmeth_lib.c +++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_lib.c,v 1.18 2021/12/03 14:19:57 tb Exp $ */	1	/* $OpenBSD: pmeth_lib.c,v 1.19 2022/01/10 11:52:43 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -582,3 +582,9 @@ EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
582	pmeth->ctrl = ctrl;	582	pmeth->ctrl = ctrl;
583	pmeth->ctrl_str = ctrl_str;	583	pmeth->ctrl_str = ctrl_str;
584	}	584	}
		585
		586	void
		587	EVP_PKEY_meth_set_check(EVP_PKEY_METHOD pmeth, int (check)(EVP_PKEY *pkey))
		588	{
		589	pmeth->check = check;
		590	}


diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c index d373d7c132..57fe46a976 100644 --- a/src/lib/libcrypto/rsa/rsa_ameth.c +++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa_ameth.c,v 1.24 2019/11/20 10:46:17 inoguchi Exp $ */	1	/* $OpenBSD: rsa_ameth.c,v 1.25 2022/01/10 11:52:43 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -916,6 +916,12 @@ rsa_item_sign(EVP_MD_CTX ctx, const ASN1_ITEM it, void *asn,
916	return 2;	916	return 2;
917	}	917	}
918		918
		919	static int
		920	rsa_pkey_check(const EVP_PKEY *pkey)
		921	{
		922	return RSA_check_key(pkey->pkey.rsa);
		923	}
		924
919	#ifndef OPENSSL_NO_CMS	925	#ifndef OPENSSL_NO_CMS
920	static RSA_OAEP_PARAMS *	926	static RSA_OAEP_PARAMS *
921	rsa_oaep_decode(const X509_ALGOR *alg)	927	rsa_oaep_decode(const X509_ALGOR *alg)
@@ -1105,14 +1111,18 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
1105	.old_priv_decode = old_rsa_priv_decode,	1111	.old_priv_decode = old_rsa_priv_decode,
1106	.old_priv_encode = old_rsa_priv_encode,	1112	.old_priv_encode = old_rsa_priv_encode,
1107	.item_verify = rsa_item_verify,	1113	.item_verify = rsa_item_verify,
1108	.item_sign = rsa_item_sign	1114	.item_sign = rsa_item_sign,
		1115
		1116	.pkey_check = rsa_pkey_check,
1109	},	1117	},
1110		1118
1111	{	1119	{
1112	.pkey_id = EVP_PKEY_RSA2,	1120	.pkey_id = EVP_PKEY_RSA2,
1113	.pkey_base_id = EVP_PKEY_RSA,	1121	.pkey_base_id = EVP_PKEY_RSA,
1114	.pkey_flags = ASN1_PKEY_ALIAS	1122	.pkey_flags = ASN1_PKEY_ALIAS,
1115	}	1123
		1124	.pkey_check = rsa_pkey_check,
		1125	},
1116	};	1126	};
1117		1127
1118	const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {	1128	const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {