From a447c077ad67d6e81ed1a4fbe9003875add773c2 Mon Sep 17 00:00:00 2001 From: tb <> Date: Mon, 10 Jan 2022 11:52:43 +0000 Subject: Prepare to provide EVP_PKEY_check() This allows checking the validity of an EVP_PKEY. Only RSA and EC keys are supported. If a check function is set the EVP_PKEY_METHOD, it will be used, otherwise the check function on the EVP_PKEY_ASN1_METHOD is used. The default ASN.1 methods wrap RSA_check_key() and EC_KEY_check_key(), respectively. The corresponding setters are EVP_PKEY_{asn1,meth}_set_check(). It is unclear why the PKEY method has no const while the ASN.1 method has const. Requested by tobhe and used by PHP 8.1. Based on OpenSSL commit 2aee35d3 ok inoguchi jsing --- src/lib/libcrypto/ec/ec_ameth.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'src/lib/libcrypto/ec') diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c index c96c46dd53..8316683f8f 100644 --- a/src/lib/libcrypto/ec/ec_ameth.c +++ b/src/lib/libcrypto/ec/ec_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_ameth.c,v 1.29 2021/12/12 21:30:13 tb Exp $ */ +/* $OpenBSD: ec_ameth.c,v 1.30 2022/01/10 11:52:43 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -67,6 +67,7 @@ #include #include "asn1_locl.h" +#include "ec_lcl.h" #include "evp_locl.h" #ifndef OPENSSL_NO_CMS @@ -620,6 +621,19 @@ ec_pkey_ctrl(EVP_PKEY * pkey, int op, long arg1, void *arg2) } +static int +ec_pkey_check(const EVP_PKEY *pkey) +{ + EC_KEY *eckey = pkey->pkey.ec; + + if (eckey->priv_key == NULL) { + ECerror(EC_R_MISSING_PRIVATE_KEY); + return 0; + } + + return EC_KEY_check_key(eckey); +} + #ifndef OPENSSL_NO_CMS static int @@ -981,5 +995,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { .pkey_free = int_ec_free, .pkey_ctrl = ec_pkey_ctrl, .old_priv_decode = old_ec_priv_decode, - .old_priv_encode = old_ec_priv_encode + .old_priv_encode = old_ec_priv_encode, + + .pkey_check = ec_pkey_check, }; -- cgit v1.2.3-55-g6feb