8 files changed, 146 insertions, 8 deletions
diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
index 96669bbd2f..8ff5a35d78 100644
--- a/src/lib/libcrypto/asn1/ameth_lib.c
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.24 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.25 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -436,3 +436,17 @@ EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
 {
        ameth->pkey_check = pkey_check;
 }
+void
+EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_public_check)(const EVP_PKEY *pk))
+{
+        ameth->pkey_public_check = pkey_public_check;
+}
+void
+EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_param_check)(const EVP_PKEY *pk))
+{
+        ameth->pkey_param_check = pkey_param_check;
+}
diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h
index 31fcbef20d..76b165e77f 100644
--- a/src/lib/libcrypto/asn1/asn1_locl.h
+++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_locl.h,v 1.16 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: asn1_locl.h,v 1.17 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -125,6 +125,8 @@ struct evp_pkey_asn1_method_st {
            X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig);
        int (*pkey_check)(const EVP_PKEY *pk);
+        int (*pkey_public_check)(const EVP_PKEY *pk);
+        int (*pkey_param_check)(const EVP_PKEY *pk);
 } /* EVP_PKEY_ASN1_METHOD */;
 /* Method to handle CRL access.
diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c
index bbb687da8b..eaca890a50 100644
--- a/src/lib/libcrypto/dh/dh_ameth.c
+++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.21 2022/01/10 00:09:06 tb Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.22 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -466,6 +466,32 @@ DHparams_print(BIO *bp, const DH *x)
        return do_dh_print(bp, x, 4, NULL, 0);
 }
+static int
+dh_pkey_public_check(const EVP_PKEY *pkey)
+{
+        DH *dh = pkey->pkey.dh;
+        if (dh->pub_key == NULL) {
+                DHerror(DH_R_MISSING_PUBKEY);
+                return 0;
+        }
+        return DH_check_pub_key_ex(dh, dh->pub_key);
+}
+static int
+dh_pkey_param_check(const EVP_PKEY *pkey)
+{
+        DH *dh = pkey->pkey.dh;
+        /*
+         * It would have made more sense to support EVP_PKEY_check() for DH
+         * keys and call DH_check_ex() there and keeping this as a wrapper
+         * for DH_param_check_ex(). We follow OpenSSL's choice.
+         */
+        return DH_check_ex(dh);
+}
 const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
        .pkey_id = EVP_PKEY_DH,
        .pkey_base_id = EVP_PKEY_DH,
@@ -493,4 +519,8 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
        .param_print = dh_param_print,
        .pkey_free = int_dh_free,
+        .pkey_check = NULL,
+        .pkey_public_check = dh_pkey_public_check,
+        .pkey_param_check = dh_pkey_param_check,
 };
diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 8316683f8f..86f509b736 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.30 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.31 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -634,6 +634,28 @@ ec_pkey_check(const EVP_PKEY *pkey)
        return EC_KEY_check_key(eckey);
 }
+static int
+ec_pkey_public_check(const EVP_PKEY *pkey)
+{
+        EC_KEY *eckey = pkey->pkey.ec;
+        /* This also checks the private key, but oh, well... */
+        return EC_KEY_check_key(eckey);
+}
+static int
+ec_pkey_param_check(const EVP_PKEY *pkey)
+{
+        EC_KEY *eckey = pkey->pkey.ec;
+        if (eckey->group == NULL) {
+                ECerror(EC_R_MISSING_PARAMETERS);
+                return 0;
+        }
+        return EC_GROUP_check(eckey->group, NULL);
+}
 #ifndef OPENSSL_NO_CMS
 static int
@@ -998,4 +1020,6 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
        .old_priv_encode = old_ec_priv_encode,
        .pkey_check = ec_pkey_check,
+        .pkey_public_check = ec_pkey_public_check,
+        .pkey_param_check = ec_pkey_param_check,
 };
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h
index e122a6b329..a3a55caf88 100644
--- a/src/lib/libcrypto/evp/evp.h
+++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp.h,v 1.93 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: evp.h,v 1.94 2022/01/10 12:10:26 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1090,6 +1090,10 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 #if defined(LIBRESSL_CRYPTO_INTERNAL) || defined(LIBRESSL_NEXT_API)
 void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
    int (*pkey_check)(const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_public_check)(const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_check)(const EVP_PKEY *pk));
 #endif
 #define EVP_PKEY_OP_UNDEFINED           0
@@ -1220,6 +1224,8 @@ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 #if defined(LIBRESSL_CRYPTO_INTERNAL) || defined(LIBRESSL_NEXT_API)
 int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
 #endif
 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
@@ -1290,6 +1296,10 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
 #if defined(LIBRESSL_CRYPTO_INTERNAL) || defined(LIBRESSL_NEXT_API)
 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
    int (*check)(EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+    int (*public_check)(EVP_PKEY *pkey));
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+    int (*param_check)(EVP_PKEY *pkey));
 #endif
 /* Authenticated Encryption with Additional Data.
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h
index 3ff8e8ad99..44e2d5cadb 100644
--- a/src/lib/libcrypto/evp/evp_locl.h
+++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_locl.h,v 1.19 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: evp_locl.h,v 1.20 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -349,6 +349,8 @@ struct evp_pkey_method_st {
        int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value);
        int (*check)(EVP_PKEY *pkey);
+        int (*public_check)(EVP_PKEY *pkey);
+        int (*param_check)(EVP_PKEY *pkey);
 } /* EVP_PKEY_METHOD */;
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
index a8a4cc97db..7d921d23b4 100644
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.9 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.10 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -244,3 +244,45 @@ EVP_PKEY_check(EVP_PKEY_CTX *ctx)
        return pkey->ameth->pkey_check(pkey);
 }
+int
+EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
+{
+        EVP_PKEY *pkey;
+        if ((pkey = ctx->pkey) == NULL) {
+                EVPerror(EVP_R_NO_KEY_SET);
+                return 0;
+        }
+        if (ctx->pmeth->public_check != NULL)
+                return ctx->pmeth->public_check(pkey);
+        if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+        }
+        return pkey->ameth->pkey_public_check(pkey);
+}
+int
+EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
+{
+        EVP_PKEY *pkey;
+        if ((pkey = ctx->pkey) == NULL) {
+                EVPerror(EVP_R_NO_KEY_SET);
+                return 0;
+        }
+        if (ctx->pmeth->param_check != NULL)
+                return ctx->pmeth->param_check(pkey);
+        if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
+                EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
+        }
+        return pkey->ameth->pkey_param_check(pkey);
+}
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index 92328dd246..d265e2aced 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.19 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.20 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -588,3 +588,17 @@ EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth, int (*check)(EVP_PKEY *pkey))
 {
        pmeth->check = check;
 }
+void
+EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+    int (*public_check)(EVP_PKEY *pkey))
+{
+        pmeth->public_check = public_check;
+}
+void
+EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+    int (*param_check)(EVP_PKEY *pkey))
+{
+        pmeth->param_check = param_check;
+}

diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c index 96669bbd2f..8ff5a35d78 100644 --- a/src/lib/libcrypto/asn1/ameth_lib.c +++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ameth_lib.c,v 1.24 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: ameth_lib.c,v 1.25 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -436,3 +436,17 @@ EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
436	{	436	{
437	ameth->pkey_check = pkey_check;	437	ameth->pkey_check = pkey_check;
438	}	438	}
		439
		440	void
		441	EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
		442	int (pkey_public_check)(const EVP_PKEY pk))
		443	{
		444	ameth->pkey_public_check = pkey_public_check;
		445	}
		446
		447	void
		448	EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
		449	int (pkey_param_check)(const EVP_PKEY pk))
		450	{
		451	ameth->pkey_param_check = pkey_param_check;
		452	}


diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h index 31fcbef20d..76b165e77f 100644 --- a/src/lib/libcrypto/asn1/asn1_locl.h +++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: asn1_locl.h,v 1.16 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: asn1_locl.h,v 1.17 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -125,6 +125,8 @@ struct evp_pkey_asn1_method_st {
125	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig);	125	X509_ALGOR alg1, X509_ALGOR alg2, ASN1_BIT_STRING *sig);
126		126
127	int (pkey_check)(const EVP_PKEY pk);	127	int (pkey_check)(const EVP_PKEY pk);
		128	int (pkey_public_check)(const EVP_PKEY pk);
		129	int (pkey_param_check)(const EVP_PKEY pk);
128	} /* EVP_PKEY_ASN1_METHOD */;	130	} /* EVP_PKEY_ASN1_METHOD */;
129		131
130	/* Method to handle CRL access.	132	/* Method to handle CRL access.


diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c index bbb687da8b..eaca890a50 100644 --- a/src/lib/libcrypto/dh/dh_ameth.c +++ b/src/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_ameth.c,v 1.21 2022/01/10 00:09:06 tb Exp $ */	1	/* $OpenBSD: dh_ameth.c,v 1.22 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -466,6 +466,32 @@ DHparams_print(BIO bp, const DH x)
466	return do_dh_print(bp, x, 4, NULL, 0);	466	return do_dh_print(bp, x, 4, NULL, 0);
467	}	467	}
468		468
		469	static int
		470	dh_pkey_public_check(const EVP_PKEY *pkey)
		471	{
		472	DH *dh = pkey->pkey.dh;
		473
		474	if (dh->pub_key == NULL) {
		475	DHerror(DH_R_MISSING_PUBKEY);
		476	return 0;
		477	}
		478
		479	return DH_check_pub_key_ex(dh, dh->pub_key);
		480	}
		481
		482	static int
		483	dh_pkey_param_check(const EVP_PKEY *pkey)
		484	{
		485	DH *dh = pkey->pkey.dh;
		486
		487	/*
		488	* It would have made more sense to support EVP_PKEY_check() for DH
		489	* keys and call DH_check_ex() there and keeping this as a wrapper
		490	* for DH_param_check_ex(). We follow OpenSSL's choice.
		491	*/
		492	return DH_check_ex(dh);
		493	}
		494
469	const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {	495	const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
470	.pkey_id = EVP_PKEY_DH,	496	.pkey_id = EVP_PKEY_DH,
471	.pkey_base_id = EVP_PKEY_DH,	497	.pkey_base_id = EVP_PKEY_DH,
@@ -493,4 +519,8 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
493	.param_print = dh_param_print,	519	.param_print = dh_param_print,
494		520
495	.pkey_free = int_dh_free,	521	.pkey_free = int_dh_free,
		522
		523	.pkey_check = NULL,
		524	.pkey_public_check = dh_pkey_public_check,
		525	.pkey_param_check = dh_pkey_param_check,
496	};	526	};


diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index 8316683f8f..86f509b736 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_ameth.c,v 1.30 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: ec_ameth.c,v 1.31 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -634,6 +634,28 @@ ec_pkey_check(const EVP_PKEY *pkey)
634	return EC_KEY_check_key(eckey);	634	return EC_KEY_check_key(eckey);
635	}	635	}
636		636
		637	static int
		638	ec_pkey_public_check(const EVP_PKEY *pkey)
		639	{
		640	EC_KEY *eckey = pkey->pkey.ec;
		641
		642	/* This also checks the private key, but oh, well... */
		643	return EC_KEY_check_key(eckey);
		644	}
		645
		646	static int
		647	ec_pkey_param_check(const EVP_PKEY *pkey)
		648	{
		649	EC_KEY *eckey = pkey->pkey.ec;
		650
		651	if (eckey->group == NULL) {
		652	ECerror(EC_R_MISSING_PARAMETERS);
		653	return 0;
		654	}
		655
		656	return EC_GROUP_check(eckey->group, NULL);
		657	}
		658
637	#ifndef OPENSSL_NO_CMS	659	#ifndef OPENSSL_NO_CMS
638		660
639	static int	661	static int
@@ -998,4 +1020,6 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
998	.old_priv_encode = old_ec_priv_encode,	1020	.old_priv_encode = old_ec_priv_encode,
999		1021
1000	.pkey_check = ec_pkey_check,	1022	.pkey_check = ec_pkey_check,
		1023	.pkey_public_check = ec_pkey_public_check,
		1024	.pkey_param_check = ec_pkey_param_check,
1001	};	1025	};


diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index e122a6b329..a3a55caf88 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp.h,v 1.93 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: evp.h,v 1.94 2022/01/10 12:10:26 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1090,6 +1090,10 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
1090	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)	1090	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
1091	void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,	1091	void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
1092	int (pkey_check)(const EVP_PKEY pk));	1092	int (pkey_check)(const EVP_PKEY pk));
		1093	void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
		1094	int (pkey_public_check)(const EVP_PKEY pk));
		1095	void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
		1096	int (pkey_check)(const EVP_PKEY pk));
1093	#endif	1097	#endif
1094		1098
1095	#define EVP_PKEY_OP_UNDEFINED 0	1099	#define EVP_PKEY_OP_UNDEFINED 0
@@ -1220,6 +1224,8 @@ int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
1220	int EVP_PKEY_keygen(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey);	1224	int EVP_PKEY_keygen(EVP_PKEY_CTX ctx, EVP_PKEY *ppkey);
1221	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)	1225	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
1222	int EVP_PKEY_check(EVP_PKEY_CTX *ctx);	1226	int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
		1227	int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
		1228	int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
1223	#endif	1229	#endif
1224		1230
1225	void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX ctx, EVP_PKEY_gen_cb cb);	1231	void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX ctx, EVP_PKEY_gen_cb cb);
@@ -1290,6 +1296,10 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
1290	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)	1296	#if defined(LIBRESSL_CRYPTO_INTERNAL) \|\| defined(LIBRESSL_NEXT_API)
1291	void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,	1297	void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
1292	int (check)(EVP_PKEY pkey));	1298	int (check)(EVP_PKEY pkey));
		1299	void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
		1300	int (public_check)(EVP_PKEY pkey));
		1301	void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
		1302	int (param_check)(EVP_PKEY pkey));
1293	#endif	1303	#endif
1294		1304
1295	/* Authenticated Encryption with Additional Data.	1305	/* Authenticated Encryption with Additional Data.


diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h index 3ff8e8ad99..44e2d5cadb 100644 --- a/src/lib/libcrypto/evp/evp_locl.h +++ b/src/lib/libcrypto/evp/evp_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_locl.h,v 1.19 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: evp_locl.h,v 1.20 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -349,6 +349,8 @@ struct evp_pkey_method_st {
349	int (ctrl_str)(EVP_PKEY_CTX ctx, const char type, const char value);	349	int (ctrl_str)(EVP_PKEY_CTX ctx, const char type, const char value);
350		350
351	int (check)(EVP_PKEY pkey);	351	int (check)(EVP_PKEY pkey);
		352	int (public_check)(EVP_PKEY pkey);
		353	int (param_check)(EVP_PKEY pkey);
352	} /* EVP_PKEY_METHOD */;	354	} /* EVP_PKEY_METHOD */;
353		355
354	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);	356	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);


diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c index a8a4cc97db..7d921d23b4 100644 --- a/src/lib/libcrypto/evp/pmeth_gn.c +++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_gn.c,v 1.9 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: pmeth_gn.c,v 1.10 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -244,3 +244,45 @@ EVP_PKEY_check(EVP_PKEY_CTX *ctx)
244		244
245	return pkey->ameth->pkey_check(pkey);	245	return pkey->ameth->pkey_check(pkey);
246	}	246	}
		247
		248	int
		249	EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
		250	{
		251	EVP_PKEY *pkey;
		252
		253	if ((pkey = ctx->pkey) == NULL) {
		254	EVPerror(EVP_R_NO_KEY_SET);
		255	return 0;
		256	}
		257
		258	if (ctx->pmeth->public_check != NULL)
		259	return ctx->pmeth->public_check(pkey);
		260
		261	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_public_check == NULL) {
		262	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		263	return -2;
		264	}
		265
		266	return pkey->ameth->pkey_public_check(pkey);
		267	}
		268
		269	int
		270	EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
		271	{
		272	EVP_PKEY *pkey;
		273
		274	if ((pkey = ctx->pkey) == NULL) {
		275	EVPerror(EVP_R_NO_KEY_SET);
		276	return 0;
		277	}
		278
		279	if (ctx->pmeth->param_check != NULL)
		280	return ctx->pmeth->param_check(pkey);
		281
		282	if (pkey->ameth == NULL \|\| pkey->ameth->pkey_param_check == NULL) {
		283	EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
		284	return -2;
		285	}
		286
		287	return pkey->ameth->pkey_param_check(pkey);
		288	}


diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c index 92328dd246..d265e2aced 100644 --- a/src/lib/libcrypto/evp/pmeth_lib.c +++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pmeth_lib.c,v 1.19 2022/01/10 11:52:43 tb Exp $ */	1	/* $OpenBSD: pmeth_lib.c,v 1.20 2022/01/10 12:10:26 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -588,3 +588,17 @@ EVP_PKEY_meth_set_check(EVP_PKEY_METHOD pmeth, int (check)(EVP_PKEY *pkey))
588	{	588	{
589	pmeth->check = check;	589	pmeth->check = check;
590	}	590	}
		591
		592	void
		593	EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
		594	int (public_check)(EVP_PKEY pkey))
		595	{
		596	pmeth->public_check = public_check;
		597	}
		598
		599	void
		600	EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
		601	int (param_check)(EVP_PKEY pkey))
		602	{
		603	pmeth->param_check = param_check;
		604	}