summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorPaul Yang <yang.yang@baishancloud.com>2017-11-01 00:45:24 +0800
committerRichard Levitte <levitte@openssl.org>2017-11-20 07:20:30 +0100
commitb0004708730f300a2e5c6a11c887caab50b6c42a (patch)
treecdfb52867403b6dee0f8c1c9860111076dd37144 /crypto
parent5d99881e6a58a8775b8ca866b794f615a16bb033 (diff)
Support public key and param check in EVP interface
EVP_PKEY_public_check() and EVP_PKEY_param_check() Doc and test cases are added Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4647)
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asn1/ameth_lib.c12
-rw-r--r--crypto/dh/dh_ameth.c35
-rw-r--r--crypto/dh/dh_check.c52
-rw-r--r--crypto/dh/dh_err.c24
-rw-r--r--crypto/ec/ec_ameth.c33
-rw-r--r--crypto/ec/ec_err.c1
-rw-r--r--crypto/err/openssl.txt18
-rw-r--r--crypto/evp/evp_err.c4
-rw-r--r--crypto/evp/pmeth_gn.c46
-rw-r--r--crypto/evp/pmeth_lib.c26
-rw-r--r--crypto/include/internal/asn1_int.h2
-rw-r--r--crypto/include/internal/evp_int.h2
12 files changed, 252 insertions, 3 deletions
diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c
index 87a3eba14a..5662e17688 100644
--- a/crypto/asn1/ameth_lib.c
+++ b/crypto/asn1/ameth_lib.c
@@ -382,3 +382,15 @@ void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
{
ameth->pkey_check = pkey_check;
}
+
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+ int (*pkey_pub_check) (const EVP_PKEY *pk))
+{
+ ameth->pkey_public_check = pkey_pub_check;
+}
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+ int (*pkey_param_check) (const EVP_PKEY *pk))
+{
+ ameth->pkey_param_check = pkey_param_check;
+}
diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
index e504690fa3..05a1d4227e 100644
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@@ -509,6 +509,25 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
}
+static int dh_pkey_public_check(const EVP_PKEY *pkey)
+{
+ DH *dh = pkey->pkey.dh;
+
+ if (dh->pub_key == NULL) {
+ DHerr(DH_F_DH_PKEY_PUBLIC_CHECK, DH_R_MISSING_PUBKEY);
+ return 0;
+ }
+
+ return DH_check_pub_key_ex(dh, dh->pub_key);
+}
+
+static int dh_pkey_param_check(const EVP_PKEY *pkey)
+{
+ DH *dh = pkey->pkey.dh;
+
+ return DH_check_ex(dh);
+}
+
const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
EVP_PKEY_DH,
EVP_PKEY_DH,
@@ -539,7 +558,13 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
0,
int_dh_free,
- 0
+ 0,
+
+ 0, 0, 0, 0, 0,
+
+ 0,
+ dh_pkey_public_check,
+ dh_pkey_param_check
};
const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
@@ -572,7 +597,13 @@ const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
0,
int_dh_free,
- dh_pkey_ctrl
+ dh_pkey_ctrl,
+
+ 0, 0, 0, 0, 0,
+
+ 0,
+ dh_pkey_public_check,
+ dh_pkey_param_check
};
#ifndef OPENSSL_NO_CMS
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 066bf83336..fc45577101 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -18,6 +18,19 @@
* p is odd
* 1 < g < p - 1
*/
+int DH_check_params_ex(const DH *dh)
+{
+ int errflags = 0;
+
+ (void)DH_check_params(dh, &errflags);
+
+ if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+ DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME);
+ if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+ DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_NOT_SUITABLE_GENERATOR);
+
+ return errflags == 0;
+}
int DH_check_params(const DH *dh, int *ret)
{
@@ -61,6 +74,29 @@ int DH_check_params(const DH *dh, int *ret)
* for 5, p mod 10 == 3 or 7
* should hold.
*/
+int DH_check_ex(const DH *dh)
+{
+ int errflags = 0;
+
+ (void)DH_check(dh, &errflags);
+
+ if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR);
+ if ((errflags & DH_CHECK_Q_NOT_PRIME) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_Q_NOT_PRIME);
+ if ((errflags & DH_CHECK_INVALID_Q_VALUE) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_Q_VALUE);
+ if ((errflags & DH_CHECK_INVALID_J_VALUE) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_J_VALUE);
+ if ((errflags & DH_UNABLE_TO_CHECK_GENERATOR) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_UNABLE_TO_CHECK_GENERATOR);
+ if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_PRIME);
+ if ((errflags & DH_CHECK_P_NOT_SAFE_PRIME) != 0)
+ DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_SAFE_PRIME);
+
+ return errflags == 0;
+}
int DH_check(const DH *dh, int *ret)
{
@@ -142,6 +178,22 @@ int DH_check(const DH *dh, int *ret)
return ok;
}
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
+{
+ int errflags = 0;
+
+ (void)DH_check(dh, &errflags);
+
+ if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
+ DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);
+ if ((errflags & DH_CHECK_PUBKEY_TOO_LARGE) != 0)
+ DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_LARGE);
+ if ((errflags & DH_CHECK_PUBKEY_INVALID) != 0)
+ DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_INVALID);
+
+ return errflags == 0;
+}
+
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
{
int ok = 0;
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
index aae66fa0b9..bbedab593e 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -18,6 +18,9 @@ static const ERR_STRING_DATA DH_str_functs[] = {
{ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
"dh_builtin_genparams"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
@@ -28,6 +31,8 @@ static const ERR_STRING_DATA DH_str_functs[] = {
{ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_BY_NID, 0), "DH_new_by_nid"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_METHOD, 0), "DH_new_method"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_PARAM_DECODE, 0), "dh_param_decode"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_PKEY_PUBLIC_CHECK, 0),
+ "dh_pkey_public_check"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_DECODE, 0), "dh_priv_decode"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_ENCODE, 0), "dh_priv_encode"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_DECODE, 0), "dh_pub_decode"},
@@ -44,6 +49,20 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
{ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_J_VALUE),
+ "check invalid j value"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_Q_VALUE),
+ "check invalid q value"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_INVALID),
+ "check pubkey invalid"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_LARGE),
+ "check pubkey too large"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_SMALL),
+ "check pubkey too small"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_PRIME), "check p not prime"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_SAFE_PRIME),
+ "check p not safe prime"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_Q_NOT_PRIME), "check q not prime"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_DECODE_ERROR), "decode error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NAME),
"invalid parameter name"},
@@ -52,13 +71,18 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
{ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
+ "not suitable generator"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
+ "unable to check generator"},
{0, NULL}
};
diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
index 22ad6b0f2d..0682bc3d1d 100644
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@@ -533,6 +533,35 @@ static int ec_pkey_check(const EVP_PKEY *pkey)
return EC_KEY_check_key(eckey);
}
+static int ec_pkey_public_check(const EVP_PKEY *pkey)
+{
+ EC_KEY *eckey = pkey->pkey.ec;
+
+ /*
+ * Note: it unnecessary to check eckey->pub_key here since
+ * it will be checked in EC_KEY_check_key(). In fact, the
+ * EC_KEY_check_key() mainly checks the public key, and checks
+ * the private key optionally (only if there is one). So if
+ * someone passes a whole EC key (public + private), this
+ * will also work...
+ */
+
+ return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_param_check(const EVP_PKEY *pkey)
+{
+ EC_KEY *eckey = pkey->pkey.ec;
+
+ /* stay consistent to what EVP_PKEY_check demands */
+ if (eckey->group == NULL) {
+ ECerr(EC_F_EC_PKEY_PARAM_CHECK, EC_R_MISSING_PARAMETERS);
+ return 0;
+ }
+
+ return EC_GROUP_check(eckey->group, NULL);
+}
+
const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
EVP_PKEY_EC,
EVP_PKEY_EC,
@@ -568,7 +597,9 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
0, 0, 0,
- ec_pkey_check
+ ec_pkey_check,
+ ec_pkey_public_check,
+ ec_pkey_param_check
};
int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
index 19a7a9d7bd..9f82b4ef7e 100644
--- a/crypto/ec/ec_err.c
+++ b/crypto/ec/ec_err.c
@@ -182,6 +182,7 @@ static const ERR_STRING_DATA EC_str_functs[] = {
{ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_PRIV2OCT, 0),
"ec_key_simple_priv2oct"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_CHECK, 0), "ec_pkey_check"},
+ {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_PARAM_CHECK, 0), "ec_pkey_param_check"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MAKE_AFFINE, 0),
"EC_POINTs_make_affine"},
{ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_ADD, 0), "EC_POINT_add"},
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d3e4a62e71..8547d07882 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -351,6 +351,9 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version
DH_F_COMPUTE_KEY:102:compute_key
DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
+DH_F_DH_CHECK_EX:121:DH_check_ex
+DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
+DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt
DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey
DH_F_DH_CMS_SET_SHARED_INFO:116:dh_cms_set_shared_info
@@ -360,6 +363,7 @@ DH_F_DH_METH_SET1_NAME:119:DH_meth_set1_name
DH_F_DH_NEW_BY_NID:104:DH_new_by_nid
DH_F_DH_NEW_METHOD:105:DH_new_method
DH_F_DH_PARAM_DECODE:107:dh_param_decode
+DH_F_DH_PKEY_PUBLIC_CHECK:124:dh_pkey_public_check
DH_F_DH_PRIV_DECODE:110:dh_priv_decode
DH_F_DH_PRIV_ENCODE:111:dh_priv_encode
DH_F_DH_PUB_DECODE:108:dh_pub_decode
@@ -542,6 +546,7 @@ EC_F_EC_KEY_SIMPLE_CHECK_KEY:258:ec_key_simple_check_key
EC_F_EC_KEY_SIMPLE_OCT2PRIV:259:ec_key_simple_oct2priv
EC_F_EC_KEY_SIMPLE_PRIV2OCT:260:ec_key_simple_priv2oct
EC_F_EC_PKEY_CHECK:273:ec_pkey_check
+EC_F_EC_PKEY_PARAM_CHECK:274:ec_pkey_param_check
EC_F_EC_POINTS_MAKE_AFFINE:136:EC_POINTs_make_affine
EC_F_EC_POINT_ADD:112:EC_POINT_add
EC_F_EC_POINT_CMP:113:EC_POINT_cmp
@@ -692,6 +697,8 @@ EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init
EVP_F_EVP_PKEY_NEW:106:EVP_PKEY_new
EVP_F_EVP_PKEY_PARAMGEN:148:EVP_PKEY_paramgen
EVP_F_EVP_PKEY_PARAMGEN_INIT:149:EVP_PKEY_paramgen_init
+EVP_F_EVP_PKEY_PARAM_CHECK:189:EVP_PKEY_param_check
+EVP_F_EVP_PKEY_PUBLIC_CHECK:190:EVP_PKEY_public_check
EVP_F_EVP_PKEY_SET1_ENGINE:187:EVP_PKEY_set1_engine
EVP_F_EVP_PKEY_SIGN:140:EVP_PKEY_sign
EVP_F_EVP_PKEY_SIGN_INIT:141:EVP_PKEY_sign_init
@@ -1794,18 +1801,29 @@ CT_R_UNSUPPORTED_VERSION:103:unsupported version
DH_R_BAD_GENERATOR:101:bad generator
DH_R_BN_DECODE_ERROR:109:bn decode error
DH_R_BN_ERROR:106:bn error
+DH_R_CHECK_INVALID_J_VALUE:115:check invalid j value
+DH_R_CHECK_INVALID_Q_VALUE:116:check invalid q value
+DH_R_CHECK_PUBKEY_INVALID:122:check pubkey invalid
+DH_R_CHECK_PUBKEY_TOO_LARGE:123:check pubkey too large
+DH_R_CHECK_PUBKEY_TOO_SMALL:124:check pubkey too small
+DH_R_CHECK_P_NOT_PRIME:117:check p not prime
+DH_R_CHECK_P_NOT_SAFE_PRIME:118:check p not safe prime
+DH_R_CHECK_Q_NOT_PRIME:119:check q not prime
DH_R_DECODE_ERROR:104:decode error
DH_R_INVALID_PARAMETER_NAME:110:invalid parameter name
DH_R_INVALID_PARAMETER_NID:114:invalid parameter nid
DH_R_INVALID_PUBKEY:102:invalid public key
DH_R_KDF_PARAMETER_ERROR:112:kdf parameter error
DH_R_KEYS_NOT_SET:108:keys not set
+DH_R_MISSING_PUBKEY:125:missing pubkey
DH_R_MODULUS_TOO_LARGE:103:modulus too large
+DH_R_NOT_SUITABLE_GENERATOR:120:not suitable generator
DH_R_NO_PARAMETERS_SET:107:no parameters set
DH_R_NO_PRIVATE_VALUE:100:no private value
DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
DH_R_PEER_KEY_ERROR:111:peer key error
DH_R_SHARED_INFO_ERROR:113:shared info error
+DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
DSA_R_BAD_Q_VALUE:102:bad q value
DSA_R_BN_DECODE_ERROR:108:bn decode error
DSA_R_BN_ERROR:109:bn error
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 9bb37e0db8..6c1dc83c19 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -96,6 +96,10 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN, 0), "EVP_PKEY_paramgen"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN_INIT, 0),
"EVP_PKEY_paramgen_init"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAM_CHECK, 0),
+ "EVP_PKEY_param_check"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PUBLIC_CHECK, 0),
+ "EVP_PKEY_public_check"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET1_ENGINE, 0),
"EVP_PKEY_set1_engine"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN, 0), "EVP_PKEY_sign"},
diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c
index 1a927a8320..e14965f333 100644
--- a/crypto/evp/pmeth_gn.c
+++ b/crypto/evp/pmeth_gn.c
@@ -191,3 +191,49 @@ int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
return pkey->ameth->pkey_check(pkey);
}
+
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
+{
+ EVP_PKEY *pkey = ctx->pkey;
+
+ if (pkey == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
+ return 0;
+ }
+
+ /* call customized public key check function first */
+ if (ctx->pmeth->public_check != NULL)
+ return ctx->pmeth->public_check(pkey);
+
+ /* use default public key check function in ameth */
+ if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK,
+ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ return -2;
+ }
+
+ return pkey->ameth->pkey_public_check(pkey);
+}
+
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
+{
+ EVP_PKEY *pkey = ctx->pkey;
+
+ if (pkey == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
+ return 0;
+ }
+
+ /* call customized param check function first */
+ if (ctx->pmeth->param_check != NULL)
+ return ctx->pmeth->param_check(pkey);
+
+ /* use default param check function in ameth */
+ if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK,
+ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ return -2;
+ }
+
+ return pkey->ameth->pkey_param_check(pkey);
+}
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 37c5e85257..2d9f4fc6dc 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -630,6 +630,18 @@ void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
pmeth->check = check;
}
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+ int (*check) (EVP_PKEY *pkey))
+{
+ pmeth->public_check = check;
+}
+
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+ int (*check) (EVP_PKEY *pkey))
+{
+ pmeth->param_check = check;
+}
+
void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
int (**pinit) (EVP_PKEY_CTX *ctx))
{
@@ -803,3 +815,17 @@ void EVP_PKEY_meth_get_check(EVP_PKEY_METHOD *pmeth,
if (*pcheck)
*pcheck = pmeth->check;
}
+
+void EVP_PKEY_meth_get_public_check(EVP_PKEY_METHOD *pmeth,
+ int (**pcheck) (EVP_PKEY *pkey))
+{
+ if (*pcheck)
+ *pcheck = pmeth->public_check;
+}
+
+void EVP_PKEY_meth_get_param_check(EVP_PKEY_METHOD *pmeth,
+ int (**pcheck) (EVP_PKEY *pkey))
+{
+ if (*pcheck)
+ *pcheck = pmeth->param_check;
+}
diff --git a/crypto/include/internal/asn1_int.h b/crypto/include/internal/asn1_int.h
index d8b6f45bd8..90d525aa8d 100644
--- a/crypto/include/internal/asn1_int.h
+++ b/crypto/include/internal/asn1_int.h
@@ -56,6 +56,8 @@ struct evp_pkey_asn1_method_st {
const ASN1_STRING *sig);
/* Check */
int (*pkey_check) (const EVP_PKEY *pk);
+ int (*pkey_public_check) (const EVP_PKEY *pk);
+ int (*pkey_param_check) (const EVP_PKEY *pk);
} /* EVP_PKEY_ASN1_METHOD */ ;
DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
diff --git a/crypto/include/internal/evp_int.h b/crypto/include/internal/evp_int.h
index 562ac42ab5..917245c7d4 100644
--- a/crypto/include/internal/evp_int.h
+++ b/crypto/include/internal/evp_int.h
@@ -76,6 +76,8 @@ struct evp_pkey_method_st {
size_t siglen, const unsigned char *tbs,
size_t tbslen);
int (*check) (EVP_PKEY *pkey);
+ int (*public_check) (EVP_PKEY *pkey);
+ int (*param_check) (EVP_PKEY *pkey);
} /* EVP_PKEY_METHOD */ ;
DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-30 12:27:12 +0000