4 files changed, 72 insertions, 4 deletions
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index e122a6b329..a3a55caf88 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.93 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.94 2022/01/10 12:10:26 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1090,6 +1090,10 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 #if defined(LIBRESSL_CRYPTO_INTERNAL) || defined(LIBRESSL_NEXT_API)
 void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
    int (*pkey_check)(const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_public_check)(const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_check)(const EVP_PKEY *pk));
 #endif
 #define EVP_PKEY_OP_UNDEFINED           0
@@ -1220,6 +1224,8 @@ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 #if defined(LIBRESSL_CRYPTO_INTERNAL) || defined(LIBRESSL_NEXT_API)
 int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
 #endif
 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
@@ -1290,6 +1296,10 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
 #if defined(LIBRESSL_CRYPTO_INTERNAL) || defined(LIBRESSL_NEXT_API)
 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
    int (*check)(EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+    int (*public_check)(EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+    int (*param_check)(EVP_PKEY *pkey));
 #endif
 /* Authenticated Encryption with Additional Data.
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 3ff8e8ad99..44e2d5cadb 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_locl.h,v 1.19 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: evp_locl.h,v 1.20 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -349,6 +349,8 @@ struct evp_pkey_method_st {
        int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);
        int (*check)(EVP_PKEY *pkey);
+        int (*public_check)(EVP_PKEY *pkey);
+        int (*param_check)(EVP_PKEY *pkey);
 } /* EVP_PKEY_METHOD */;
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
index a8a4cc97db..7d921d23b4 100644
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.9 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.10 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -244,3 +244,45 @@ EVP_PKEY_check(EVP_PKEY_CTX *ctx)
        return pkey->ameth->pkey_check(pkey);
 }
+int
+EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
+{
+        EVP_PKEY *pkey;
+        if ((pkey = ctx->pkey) == NULL) {
+                EVPerror(EVP_R_NO_KEY_SET);
+                return 0;
+        }
+        if (ctx->pmeth->public_check != NULL)
+                return ctx->pmeth->public_check(pkey);
+        if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+        }
+        return pkey->ameth->pkey_public_check(pkey);
+}
+int
+EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
+{
+        EVP_PKEY *pkey;
+        if ((pkey = ctx->pkey) == NULL) {
+                EVPerror(EVP_R_NO_KEY_SET);
+                return 0;
+        }
+        if (ctx->pmeth->param_check != NULL)
+                return ctx->pmeth->param_check(pkey);
+        if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+        }
+        return pkey->ameth->pkey_param_check(pkey);
+}
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index 92328dd246..d265e2aced 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.19 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.20 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -588,3 +588,17 @@ EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check)(EVP_PKEY *pkey))
 {
        pmeth->check = check;
 }
+void
+EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+    int (*public_check)(EVP_PKEY *pkey))
+{
+        pmeth->public_check = public_check;
+}
+void
+EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+    int (*param_check)(EVP_PKEY *pkey))
+{
+        pmeth->param_check = param_check;
+}

diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index e122a6b329..a3a55caf88 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp.h,v 1.93 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: evp.h,v 1.94 2022/01/10 12:10:26 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1090,6 +1090,10 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
1090	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)	1090	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
1091	void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,	1091	void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
1092	int (pkey_check)(const EVP_PKEY pk));	1092	int (pkey_check)(const EVP_PKEY pk));
		1093	void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
		1094	int (pkey_public_check)(const EVP_PKEY pk));
		1095	void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
		1096	int (pkey_check)(const EVP_PKEY pk));
1093	#endif	1097	#endif
1094		1098
1095	#define EVP_PKEY_OP_UNDEFINED 0	1099	#define EVP_PKEY_OP_UNDEFINED 0
@@ -1220,6 +1224,8 @@ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
1220	int EVP_PKEY_keygen(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey);	1224	int EVP_PKEY_keygen(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey);
1221	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)	1225	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
1222	int EVP_PKEY_check(EVP_PKEY_CTX *ctx);	1226	int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
		1227	int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
		1228	int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
1223	#endif	1229	#endif
1224		1230
1225	void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX ctx, EVP_PKEY_gen_cb cb);	1231	void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX ctx, EVP_PKEY_gen_cb cb);
@@ -1290,6 +1296,10 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
1290	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)	1296	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
1291	void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,	1297	void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
1292	int (check)(EVP_PKEY pkey));	1298	int (check)(EVP_PKEY pkey));
		1299	void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
		1300	int (public_check)(EVP_PKEY pkey));
		1301	void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
		1302	int (param_check)(EVP_PKEY pkey));
1293	#endif	1303	#endif
1294		1304
1295	/* Authenticated Encryption with Additional Data.	1305	/* Authenticated Encryption with Additional Data.


diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h index 3ff8e8ad99..44e2d5cadb 100644 --- a/src/lib/libcrypto/evp/evp_locl.h +++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_locl.h,v 1.19 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: evp_locl.h,v 1.20 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -349,6 +349,8 @@ struct evp_pkey_method_st {
349	int (ctrl_str)(EVP_PKEY_CTX ctx, const char type, const char value);	349	int (ctrl_str)(EVP_PKEY_CTX ctx, const char type, const char value);
350		350
351	int (check)(EVP_PKEY pkey);	351	int (check)(EVP_PKEY pkey);
		352	int (public_check)(EVP_PKEY pkey);
		353	int (param_check)(EVP_PKEY pkey);
352	} /* EVP_PKEY_METHOD */;	354	} /* EVP_PKEY_METHOD */;
353		355
354	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);	356	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);


diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c index a8a4cc97db..7d921d23b4 100644 --- a/src/lib/libcrypto/evp/pmeth_gn.c +++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_gn.c,v 1.9 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: pmeth_gn.c,v 1.10 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -244,3 +244,45 @@ EVP_PKEY_check(EVP_PKEY_CTX *ctx)
244		244
245	return pkey->ameth->pkey_check(pkey);	245	return pkey->ameth->pkey_check(pkey);
246	}	246	}
		247
		248	int
		249	EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
		250	{
		251	EVP_PKEY *pkey;
		252
		253	if ((pkey = ctx->pkey) == NULL) {
		254	EVPerror(EVP_R_NO_KEY_SET);
		255	return 0;
		256	}
		257
		258	if (ctx->pmeth->public_check != NULL)
		259	return ctx->pmeth->public_check(pkey);
		260
		261	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_public_check == NULL) {
		262	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		263	return -2;
		264	}
		265
		266	return pkey->ameth->pkey_public_check(pkey);
		267	}
		268
		269	int
		270	EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
		271	{
		272	EVP_PKEY *pkey;
		273
		274	if ((pkey = ctx->pkey) == NULL) {
		275	EVPerror(EVP_R_NO_KEY_SET);
		276	return 0;
		277	}
		278
		279	if (ctx->pmeth->param_check != NULL)
		280	return ctx->pmeth->param_check(pkey);
		281
		282	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_param_check == NULL) {
		283	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		284	return -2;
		285	}
		286
		287	return pkey->ameth->pkey_param_check(pkey);
		288	}


diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c index 92328dd246..d265e2aced 100644 --- a/src/lib/libcrypto/evp/pmeth_lib.c +++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_lib.c,v 1.19 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: pmeth_lib.c,v 1.20 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -588,3 +588,17 @@ EVP_PKEY_meth_set_check(EVP_PKEY_METHOD pmeth, int (check)(EVP_PKEY *pkey))
588	{	588	{
589	pmeth->check = check;	589	pmeth->check = check;
590	}	590	}
		591
		592	void
		593	EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
		594	int (public_check)(EVP_PKEY pkey))
		595	{
		596	pmeth->public_check = public_check;
		597	}
		598
		599	void
		600	EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
		601	int (param_check)(EVP_PKEY pkey))
		602	{
		603	pmeth->param_check = param_check;
		604	}