From 875eb616f98cd0720501dc97ee72ed96343b0b33 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 10 Jan 2022 12:10:26 +0000
Subject: Prepare to provide EVP_PKEY_{public,param}_check

This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().

There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.

ok inoguchi jsing
---
 src/lib/libcrypto/asn1/ameth_lib.c | 16 +++++++++++++++-
 src/lib/libcrypto/asn1/asn1_locl.h |  4 +++-
 2 files changed, 18 insertions(+), 2 deletions(-)

(limited to 'src/lib/libcrypto/asn1')

diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
index 96669bbd2f..8ff5a35d78 100644
--- a/src/lib/libcrypto/asn1/ameth_lib.c
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.24 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.25 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -436,3 +436,17 @@ EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
 {
 	ameth->pkey_check = pkey_check;
 }
+
+void
+EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_public_check)(const EVP_PKEY *pk))
+{
+	ameth->pkey_public_check = pkey_public_check;
+}
+
+void
+EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+    int (*pkey_param_check)(const EVP_PKEY *pk))
+{
+	ameth->pkey_param_check = pkey_param_check;
+}
diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h
index 31fcbef20d..76b165e77f 100644
--- a/src/lib/libcrypto/asn1/asn1_locl.h
+++ b/src/lib/libcrypto/asn1/asn1_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_locl.h,v 1.16 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: asn1_locl.h,v 1.17 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -125,6 +125,8 @@ struct evp_pkey_asn1_method_st {
 	    X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig);
 
 	int (*pkey_check)(const EVP_PKEY *pk);
+	int (*pkey_public_check)(const EVP_PKEY *pk);
+	int (*pkey_param_check)(const EVP_PKEY *pk);
 } /* EVP_PKEY_ASN1_METHOD */;
 
 /* Method to handle CRL access.
-- 
cgit v1.2.3-55-g6feb