APPS/pkeyutl: add missing high-level check for -verifyrecover not bei…

…ng compatible with EdDSA

apps/pkeyutl.c

@@ -43,14 +43,19 @@ static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
                         int filesize, unsigned char *sig, int siglen,
                         unsigned char **out, size_t *poutlen);
 
-static int only_rawin(const EVP_PKEY *pkey)
+static int is_EdDSA(const EVP_PKEY *pkey)
 {
     if (pkey == NULL)
         return 0;
     return EVP_PKEY_is_a(pkey, "ED25519")
         || EVP_PKEY_is_a(pkey, "ED448");
 }
 
+static int only_rawin(const EVP_PKEY *pkey)
+{
+    return is_EdDSA(pkey);
+}
+
 typedef enum OPTION_choice {
     OPT_COMMON,
     OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
@@ -309,10 +314,15 @@ int pkeyutl_main(int argc, char **argv)
     }
 
     pkey = get_pkey(kdfalg, inkey, keyform, key_type, passinarg, pkey_op, e);
+
+    if (pkey_op == EVP_PKEY_OP_VERIFYRECOVER && is_EdDSA(pkey)) {
+        BIO_printf(bio_err, "%s: -verifyrecover cannot be used with EdDSA\n", prog);
+        goto end;
+    }
+
     if (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY) {
         if (only_rawin(pkey)) {
-            if ((EVP_PKEY_is_a(pkey, "ED25519") || EVP_PKEY_is_a(pkey, "ED448"))
-                && digestname != NULL) {
+            if (is_EdDSA(pkey) && digestname != NULL) {
                 BIO_printf(bio_err,
                            "%s: -digest (prehash) is not supported with EdDSA\n", prog);
                 EVP_PKEY_free(pkey);