From 6b5741e4f43381bf67a7a82640e37e6bb4ac4d68 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 10 Jan 2022 12:10:26 +0000
Subject: Prepare to provide EVP_PKEY_{public,param}_check

This implements checking of a public key and of key generation
parameters for DH and EC keys. With the same logic and setters
and const quirks as for EVP_PKEY_check().

There are a couple of quirks: For DH no default EVP_PKEY_check()
is implemented, instead EVP_PKEY_param_check() calls DH_check_ex()
even though DH_param_check_ex() was added for this purpose.
EVP_PKEY_public_check() for EC curves also checks the private key
if present.

ok inoguchi jsing
---
 src/lib/libcrypto/ec/ec_ameth.c | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

(limited to 'src/lib/libcrypto/ec')

diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c
index 8316683f8f..86f509b736 100644
--- a/src/lib/libcrypto/ec/ec_ameth.c
+++ b/src/lib/libcrypto/ec/ec_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.30 2022/01/10 11:52:43 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.31 2022/01/10 12:10:26 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -634,6 +634,28 @@ ec_pkey_check(const EVP_PKEY *pkey)
 	return EC_KEY_check_key(eckey);
 }
 
+static int
+ec_pkey_public_check(const EVP_PKEY *pkey)
+{
+	EC_KEY *eckey = pkey->pkey.ec;
+
+	/* This also checks the private key, but oh, well... */
+	return EC_KEY_check_key(eckey);
+}
+
+static int
+ec_pkey_param_check(const EVP_PKEY *pkey)
+{
+	EC_KEY *eckey = pkey->pkey.ec;
+
+	if (eckey->group == NULL) {
+		ECerror(EC_R_MISSING_PARAMETERS);
+		return 0;
+	}
+
+	return EC_GROUP_check(eckey->group, NULL);
+}
+
 #ifndef OPENSSL_NO_CMS
 
 static int
@@ -998,4 +1020,6 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
 	.old_priv_encode = old_ec_priv_encode,
 
 	.pkey_check = ec_pkey_check,
+	.pkey_public_check = ec_pkey_public_check,
+	.pkey_param_check = ec_pkey_param_check,
 };
-- 
cgit v1.2.3-55-g6feb