From d7610bb566b677b7cd1dff6af83c18174a305942 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Mon, 10 Jan 2022 12:17:49 +0000
Subject: Implement openssl pkey -{,pub}check and pkeyparam -check

These expose EVP_PKEY_{,public_,param_}check() to the command line.
They are currently noops and will be enabled in the upcoming bump.

ok inoguchi jsing
---
 src/usr.bin/openssl/apps.c | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

(limited to 'src/usr.bin/openssl/apps.c')

diff --git a/src/usr.bin/openssl/apps.c b/src/usr.bin/openssl/apps.c
index 392d3cc339..fd13371f5d 100644
--- a/src/usr.bin/openssl/apps.c
+++ b/src/usr.bin/openssl/apps.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: apps.c,v 1.61 2021/11/26 16:23:27 tb Exp $ */
+/* $OpenBSD: apps.c,v 1.62 2022/01/10 12:17:49 tb Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -2262,3 +2262,31 @@ show_cipher(const OBJ_NAME *name, void *arg)
 
 	fprintf(stderr, " -%-24s%s", name->name, (++*n % 3 != 0 ? "" : "\n"));
 }
+
+int
+pkey_check(BIO *out, EVP_PKEY *pkey, int (check_fn)(EVP_PKEY_CTX *),
+    const char *desc)
+{
+	EVP_PKEY_CTX *ctx;
+
+	if ((ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
+		ERR_print_errors(bio_err);
+		return 0;
+	}
+
+	if (check_fn(ctx) == 1) {
+		BIO_printf(out, "%s valid\n", desc);
+	} else {
+		unsigned long err;
+
+		BIO_printf(out, "%s invalid\n", desc);
+
+		while ((err = ERR_get_error()) != 0)
+			BIO_printf(out, "Detailed error: %s\n",
+			    ERR_reason_error_string(err));
+	}
+
+	EVP_PKEY_CTX_free(ctx);
+
+	return 1;
+}
-- 
cgit v1.2.3-55-g6feb