1 files changed, 31 insertions, 1 deletions
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index bbb687da8b..eaca890a50 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.21 2022/01/10 00:09:06 tb Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.22 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -466,6 +466,32 @@ DHparams_print(BIO *bp, const DH *x)
        return do_dh_print(bp, x, 4, NULL, 0);
 }
+static int
+dh_pkey_public_check(const EVP_PKEY *pkey)
+{
+        DH *dh = pkey->pkey.dh;
+        if (dh->pub_key == NULL) {
+                DHerror(DH_R_MISSING_PUBKEY);
+                return 0;
+        }
+        return DH_check_pub_key_ex(dh, dh->pub_key);
+}
+static int
+dh_pkey_param_check(const EVP_PKEY *pkey)
+{
+        DH *dh = pkey->pkey.dh;
+        /*
+         * It would have made more sense to support EVP_PKEY_check() for DH
+         * keys and call DH_check_ex() there and keeping this as a wrapper
+         * for DH_param_check_ex(). We follow OpenSSL's choice.
+         */
+        return DH_check_ex(dh);
+}
 const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
        .pkey_id = EVP_PKEY_DH,
        .pkey_base_id = EVP_PKEY_DH,
@@ -493,4 +519,8 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
        .param_print = dh_param_print,
        .pkey_free = int_dh_free,
+        .pkey_check = NULL,
+        .pkey_public_check = dh_pkey_public_check,
+        .pkey_param_check = dh_pkey_param_check,
 };

diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c index bbb687da8b..eaca890a50 100644 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_ameth.c,v 1.21 2022/01/10 00:09:06 tb Exp $ */	1	/* $OpenBSD: dh_ameth.c,v 1.22 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -466,6 +466,32 @@ DHparams_print(BIO bp, const DH x)
466	return do_dh_print(bp, x, 4, NULL, 0);	466	return do_dh_print(bp, x, 4, NULL, 0);
467	}	467	}
468		468
		469	static int
		470	dh_pkey_public_check(const EVP_PKEY *pkey)
		471	{
		472	DH *dh = pkey->pkey.dh;
		473
		474	if (dh->pub_key == NULL) {
		475	DHerror(DH_R_MISSING_PUBKEY);
		476	return 0;
		477	}
		478
		479	return DH_check_pub_key_ex(dh, dh->pub_key);
		480	}
		481
		482	static int
		483	dh_pkey_param_check(const EVP_PKEY *pkey)
		484	{
		485	DH *dh = pkey->pkey.dh;
		486
		487	/*
		488	* It would have made more sense to support EVP_PKEY_check() for DH
		489	* keys and call DH_check_ex() there and keeping this as a wrapper
		490	* for DH_param_check_ex(). We follow OpenSSL's choice.
		491	*/
		492	return DH_check_ex(dh);
		493	}
		494
469	const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {	495	const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
470	.pkey_id = EVP_PKEY_DH,	496	.pkey_id = EVP_PKEY_DH,
471	.pkey_base_id = EVP_PKEY_DH,	497	.pkey_base_id = EVP_PKEY_DH,
@@ -493,4 +519,8 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
493	.param_print = dh_param_print,	519	.param_print = dh_param_print,
494		520
495	.pkey_free = int_dh_free,	521	.pkey_free = int_dh_free,
		522
		523	.pkey_check = NULL,
		524	.pkey_public_check = dh_pkey_public_check,
		525	.pkey_param_check = dh_pkey_param_check,
496	};	526	};