Add EVP_PKEY_public_check_quick.

Adding the EVP_PKEY_param_check_quick() reminded me that there are also partial checks for public keys as part of SP800-56A for FFC (DH named safe prime groups) and ECC. The code was mainly already there and just needed to be plumbed into the validate methods. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14206)
author: Shane Lontis <shane.lontis@oracle.com> 2021-02-17 13:00:34 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2021-02-22 13:31:31 +1000
commit: 4718326a46ad460fefc5cc240a8599af4b5993c7 (patch)
tree: be4beed6f52122d46ebba91baf9fb59ba586f918 /crypto/dh
parent: 681618cfc18b4f01f2c07e823308d30f6f47504b (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c
index a752cf9a98..0f66d8969d 100644
--- a/crypto/dh/dh_group_params.c
+++ b/crypto/dh/dh_group_params.c
@@ -81,6 +81,17 @@ void dh_cache_named_group(DH *dh)
     }
 }
 
+int ossl_dh_is_named_safe_prime_group(const DH *dh)
+{
+    int id = DH_get_nid(dh);
+
+    /*
+     * Exclude RFC5114 groups (id = 1..3) since they do not have
+     * q = (p - 1) / 2
+     */
+    return (id > 3);
+}
+
 int DH_get_nid(const DH *dh)
 {
     if (dh == NULL)
author	Shane Lontis <shane.lontis@oracle.com>	2021-02-17 13:00:34 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2021-02-22 13:31:31 +1000
commit	4718326a46ad460fefc5cc240a8599af4b5993c7 (patch)
tree	be4beed6f52122d46ebba91baf9fb59ba586f918 /crypto/dh
parent	681618cfc18b4f01f2c07e823308d30f6f47504b (diff)