From 4718326a46ad460fefc5cc240a8599af4b5993c7 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Wed, 17 Feb 2021 13:00:34 +1000
Subject: Add EVP_PKEY_public_check_quick.

Adding the EVP_PKEY_param_check_quick() reminded me that there are also
partial checks for public keys as part of SP800-56A for FFC (DH named safe
prime groups) and ECC. The code was mainly already there and just needed
to be plumbed into the validate methods.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14206)
---
 crypto/dh/dh_group_params.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'crypto/dh')

diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c
index a752cf9a98..0f66d8969d 100644
--- a/crypto/dh/dh_group_params.c
+++ b/crypto/dh/dh_group_params.c
@@ -81,6 +81,17 @@ void dh_cache_named_group(DH *dh)
     }
 }
 
+int ossl_dh_is_named_safe_prime_group(const DH *dh)
+{
+    int id = DH_get_nid(dh);
+
+    /*
+     * Exclude RFC5114 groups (id = 1..3) since they do not have
+     * q = (p - 1) / 2
+     */
+    return (id > 3);
+}
+
 int DH_get_nid(const DH *dh)
 {
     if (dh == NULL)
-- 
cgit v1.2.3