+static int dsa_validate_domparams(DSA *dsa)
+{
+ int status = 0;
+
+ return dsa_check_params(dsa, &status);
+}
+
+static int dsa_validate_public(DSA *dsa)
+{
+ int status = 0;
+ const BIGNUM *pub_key = NULL;
+
+ DSA_get0_key(dsa, &pub_key, NULL);
+ return dsa_check_pub_key(dsa, pub_key, &status);
+}
+
+static int dsa_validate_private(DSA *dsa)
+{
+ int status = 0;
+ const BIGNUM *priv_key = NULL;
+
+ DSA_get0_key(dsa, NULL, &priv_key);
+ return dsa_check_priv_key(dsa, priv_key, &status);
+}
+
+static int dsa_validate(void *keydata, int selection)
+{
+ DSA *dsa = keydata;
+ int ok = 0;
+
+ if ((selection & DSA_POSSIBLE_SELECTIONS) != 0)
+ ok = 1;
+
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
+ ok = ok && dsa_validate_domparams(dsa);
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
+ ok = ok && dsa_validate_public(dsa);
+
+ if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
+ ok = ok && dsa_validate_private(dsa);
+
+ /* If the whole key is selected, we do a pairwise validation */
+ if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
+ == OSSL_KEYMGMT_SELECT_KEYPAIR)
+ ok = ok && dsa_check_pairwise(dsa);
+ return ok;
+}
+