diff options
| author | Matt Caswell <matt@openssl.org> | 2021-02-09 15:50:05 +0000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2021-02-15 14:17:36 +1000 |
| commit | 899e25643dc63a84a924d08f86d7d19613714431 (patch) | |
| tree | f79751777385af9b6d4d05a8dc1739a94f59510b /crypto/evp/keymgmt_meth.c | |
| parent | aee73562d17499f2660c14f8c150459097680a1d (diff) | |
Implement EVP_PKEY_param_check_quick() and use it in libssl
The low level DH API has two functions for checking parameters:
DH_check_ex() and DH_check_params_ex(). The former does a "full" check,
while the latter does a "quick" check. Most importantly it skips the
check for a safe prime. We're ok without using safe primes here because
we're doing ephemeral DH.
Now that libssl is fully using the EVP API, we need a way to specify that
we want a quick check instead of a full check. Therefore we introduce
EVP_PKEY_param_check_quick() and use it.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14146)
Diffstat (limited to 'crypto/evp/keymgmt_meth.c')
| -rw-r--r-- | crypto/evp/keymgmt_meth.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 7ef2d703f8..460fd24cec 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -404,12 +404,12 @@ int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keydata, int selection) } int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, - int selection) + int selection, int checktype) { /* We assume valid if the implementation doesn't have a function */ if (keymgmt->validate == NULL) return 1; - return keymgmt->validate(keydata, selection); + return keymgmt->validate(keydata, selection, checktype); } int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt, |