diff options
| author | markus <> | 2002-09-10 16:31:57 +0000 |
|---|---|---|
| committer | markus <> | 2002-09-10 16:31:57 +0000 |
| commit | 7d038e9d4d83e7c7120e78418e108df70b9025d6 (patch) | |
| tree | baf775b286ff801a89f746b1938a3c700bba6822 /src/lib/libcrypto/doc/RSA_check_key.pod | |
| parent | 3bd21dd4c3a3e3106321a5f6b3641ab9f18a6e3b (diff) | |
| download | openbsd-7d038e9d4d83e7c7120e78418e108df70b9025d6.tar.gz openbsd-7d038e9d4d83e7c7120e78418e108df70b9025d6.tar.bz2 openbsd-7d038e9d4d83e7c7120e78418e108df70b9025d6.zip | |
merge openssl-0.9.7-beta3, tested on vax by miod@
Diffstat (limited to 'src/lib/libcrypto/doc/RSA_check_key.pod')
| -rw-r--r-- | src/lib/libcrypto/doc/RSA_check_key.pod | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/src/lib/libcrypto/doc/RSA_check_key.pod b/src/lib/libcrypto/doc/RSA_check_key.pod index 1db6d736ab..a5198f3db5 100644 --- a/src/lib/libcrypto/doc/RSA_check_key.pod +++ b/src/lib/libcrypto/doc/RSA_check_key.pod | |||
| @@ -18,7 +18,9 @@ in fact prime, and that B<n = p*q>. | |||
| 18 | It also checks that B<d*e = 1 mod (p-1*q-1)>, | 18 | It also checks that B<d*e = 1 mod (p-1*q-1)>, |
| 19 | and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>. | 19 | and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>. |
| 20 | 20 | ||
| 21 | The key's public components may not be B<NULL>. | 21 | As such, this function can not be used with any arbitrary RSA key object, |
| 22 | even if it is otherwise fit for regular RSA operation. See B<NOTES> for more | ||
| 23 | information. | ||
| 22 | 24 | ||
| 23 | =head1 RETURN VALUE | 25 | =head1 RETURN VALUE |
| 24 | 26 | ||
| @@ -28,12 +30,38 @@ RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise. | |||
| 28 | If the key is invalid or an error occurred, the reason code can be | 30 | If the key is invalid or an error occurred, the reason code can be |
| 29 | obtained using L<ERR_get_error(3)|ERR_get_error(3)>. | 31 | obtained using L<ERR_get_error(3)|ERR_get_error(3)>. |
| 30 | 32 | ||
| 33 | =head1 NOTES | ||
| 34 | |||
| 35 | This function does not work on RSA public keys that have only the modulus | ||
| 36 | and public exponent elements populated. It performs integrity checks on all | ||
| 37 | the RSA key material, so the RSA key structure must contain all the private | ||
| 38 | key data too. | ||
| 39 | |||
| 40 | Unlike most other RSA functions, this function does B<not> work | ||
| 41 | transparently with any underlying ENGINE implementation because it uses the | ||
| 42 | key data in the RSA structure directly. An ENGINE implementation can | ||
| 43 | override the way key data is stored and handled, and can even provide | ||
| 44 | support for HSM keys - in which case the RSA structure may contain B<no> | ||
| 45 | key data at all! If the ENGINE in question is only being used for | ||
| 46 | acceleration or analysis purposes, then in all likelihood the RSA key data | ||
| 47 | is complete and untouched, but this can't be assumed in the general case. | ||
| 48 | |||
| 49 | =head1 BUGS | ||
| 50 | |||
| 51 | A method of verifying the RSA key using opaque RSA API functions might need | ||
| 52 | to be considered. Right now RSA_check_key() simply uses the RSA structure | ||
| 53 | elements directly, bypassing the RSA_METHOD table altogether (and | ||
| 54 | completely violating encapsulation and object-orientation in the process). | ||
| 55 | The best fix will probably be to introduce a "check_key()" handler to the | ||
| 56 | RSA_METHOD function table so that alternative implementations can also | ||
| 57 | provide their own verifiers. | ||
| 58 | |||
| 31 | =head1 SEE ALSO | 59 | =head1 SEE ALSO |
| 32 | 60 | ||
| 33 | L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)> | 61 | L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)> |
| 34 | 62 | ||
| 35 | =head1 HISTORY | 63 | =head1 HISTORY |
| 36 | 64 | ||
| 37 | RSA_check() appeared in OpenSSL 0.9.4. | 65 | RSA_check_key() appeared in OpenSSL 0.9.4. |
| 38 | 66 | ||
| 39 | =cut | 67 | =cut |