Support public key and param check in EVP interface

EVP_PKEY_public_check() and EVP_PKEY_param_check()

Doc and test cases are added

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4647)

5 files changed, 41 insertions, 0 deletions

diff --git a/include/openssl/dh.h b/include/openssl/dh.h
index 753df4e7ae..00858244b8 100644
--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
@@ -142,6 +142,9 @@ DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
 int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
                               BN_GENCB *cb);
 
+int DH_check_params_ex(const DH *dh);
+int DH_check_ex(const DH *dh);
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
 int DH_check_params(const DH *dh, int *ret);
 int DH_check(const DH *dh, int *codes);
 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
index 02039071e8..ddec341d12 100644
--- a/include/openssl/dherr.h
+++ b/include/openssl/dherr.h
@@ -25,6 +25,9 @@ int ERR_load_DH_strings(void);
 # define DH_F_COMPUTE_KEY                                 102
 # define DH_F_DHPARAMS_PRINT_FP                           101
 # define DH_F_DH_BUILTIN_GENPARAMS                        106
+# define DH_F_DH_CHECK_EX                                 121
+# define DH_F_DH_CHECK_PARAMS_EX                          122
+# define DH_F_DH_CHECK_PUB_KEY_EX                         123
 # define DH_F_DH_CMS_DECRYPT                              114
 # define DH_F_DH_CMS_SET_PEERKEY                          115
 # define DH_F_DH_CMS_SET_SHARED_INFO                      116
@@ -34,6 +37,7 @@ int ERR_load_DH_strings(void);
 # define DH_F_DH_NEW_BY_NID                               104
 # define DH_F_DH_NEW_METHOD                               105
 # define DH_F_DH_PARAM_DECODE                             107
+# define DH_F_DH_PKEY_PUBLIC_CHECK                        124
 # define DH_F_DH_PRIV_DECODE                              110
 # define DH_F_DH_PRIV_ENCODE                              111
 # define DH_F_DH_PUB_DECODE                               108
@@ -50,17 +54,28 @@ int ERR_load_DH_strings(void);
 # define DH_R_BAD_GENERATOR                               101
 # define DH_R_BN_DECODE_ERROR                             109
 # define DH_R_BN_ERROR                                    106
+# define DH_R_CHECK_INVALID_J_VALUE                       115
+# define DH_R_CHECK_INVALID_Q_VALUE                       116
+# define DH_R_CHECK_PUBKEY_INVALID                        122
+# define DH_R_CHECK_PUBKEY_TOO_LARGE                      123
+# define DH_R_CHECK_PUBKEY_TOO_SMALL                      124
+# define DH_R_CHECK_P_NOT_PRIME                           117
+# define DH_R_CHECK_P_NOT_SAFE_PRIME                      118
+# define DH_R_CHECK_Q_NOT_PRIME                           119
 # define DH_R_DECODE_ERROR                                104
 # define DH_R_INVALID_PARAMETER_NAME                      110
 # define DH_R_INVALID_PARAMETER_NID                       114
 # define DH_R_INVALID_PUBKEY                              102
 # define DH_R_KDF_PARAMETER_ERROR                         112
 # define DH_R_KEYS_NOT_SET                                108
+# define DH_R_MISSING_PUBKEY                              125
 # define DH_R_MODULUS_TOO_LARGE                           103
+# define DH_R_NOT_SUITABLE_GENERATOR                      120
 # define DH_R_NO_PARAMETERS_SET                           107
 # define DH_R_NO_PRIVATE_VALUE                            100
 # define DH_R_PARAMETER_ENCODING_ERROR                    105
 # define DH_R_PEER_KEY_ERROR                              111
 # define DH_R_SHARED_INFO_ERROR                           113
+# define DH_R_UNABLE_TO_CHECK_GENERATOR                   121
 
 #endif
diff --git a/include/openssl/ecerr.h b/include/openssl/ecerr.h
index b04599a8b3..bd09cb7f1b 100644
--- a/include/openssl/ecerr.h
+++ b/include/openssl/ecerr.h
@@ -126,6 +126,7 @@ int ERR_load_EC_strings(void);
 # define EC_F_EC_KEY_SIMPLE_OCT2PRIV                      259
 # define EC_F_EC_KEY_SIMPLE_PRIV2OCT                      260
 # define EC_F_EC_PKEY_CHECK                               273
+# define EC_F_EC_PKEY_PARAM_CHECK                         274
 # define EC_F_EC_POINTS_MAKE_AFFINE                       136
 # define EC_F_EC_POINT_ADD                                112
 # define EC_F_EC_POINT_CMP                                113
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index e002d63d24..aaecc1b80a 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1218,6 +1218,12 @@ void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
 void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
                              int (*pkey_check) (const EVP_PKEY *pk));
 
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_pub_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*pkey_param_check) (const EVP_PKEY *pk));
+
 void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
                                      int (*pkey_security_bits) (const EVP_PKEY
                                                                 *pk));
@@ -1367,6 +1373,8 @@ int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
 
 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
 EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
@@ -1468,6 +1476,12 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
                              int (*check) (EVP_PKEY *pkey));
 
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (*check) (EVP_PKEY *pkey));
+
 void EVP_PKEY_meth_get_init(EVP_PKEY_METHOD *pmeth,
                             int (**pinit) (EVP_PKEY_CTX *ctx));
 
@@ -1563,6 +1577,12 @@ void EVP_PKEY_meth_get_ctrl(EVP_PKEY_METHOD *pmeth,
 void EVP_PKEY_meth_get_check(EVP_PKEY_METHOD *pmeth,
                              int (**pcheck) (EVP_PKEY *pkey));
 
+void EVP_PKEY_meth_get_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (**pcheck) (EVP_PKEY *pkey));
+
 void EVP_add_alg_module(void);
 
 int ERR_load_EVP_strings(void);
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index a7a46ae9d9..a870e438dd 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -83,6 +83,8 @@ int ERR_load_EVP_strings(void);
 # define EVP_F_EVP_PKEY_NEW                               106
 # define EVP_F_EVP_PKEY_PARAMGEN                          148
 # define EVP_F_EVP_PKEY_PARAMGEN_INIT                     149
+# define EVP_F_EVP_PKEY_PARAM_CHECK                       189
+# define EVP_F_EVP_PKEY_PUBLIC_CHECK                      190
 # define EVP_F_EVP_PKEY_SET1_ENGINE                       187
 # define EVP_F_EVP_PKEY_SIGN                              140
 # define EVP_F_EVP_PKEY_SIGN_INIT                         141