New manual page X509_check_private_key(3), using information

from the OpenSSL manual and from code inspection. Use my own Copyright and license because no Copyright-worthy amount of text from OpenSSL remains. And, no, these functions do *NOT* check private keys, not at all.
author: schwarze <> 2017-08-20 23:18:53 +0000
committer: schwarze <> 2017-08-20 23:18:53 +0000
commit: 41bf8f2b2f43745b983344fd4d5fc6a009b04217 (patch)
tree: 241c02b00afe3cf0f28931025b2e32f958693457 /src/lib
parent: 694453a2826634e6fc2df3548ac09df4f1cc39bf (diff)
download: openbsd-41bf8f2b2f43745b983344fd4d5fc6a009b04217.tar.gz
openbsd-41bf8f2b2f43745b983344fd4d5fc6a009b04217.tar.bz2
openbsd-41bf8f2b2f43745b983344fd4d5fc6a009b04217.zip
3 files changed, 69 insertions, 4 deletions
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 66144c8231..fa966f028e 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.123 2017/08/20 20:15:13 schwarze Exp $
+# $OpenBSD: Makefile,v 1.124 2017/08/20 23:18:53 schwarze Exp $
 .include <bsd.own.mk>
@@ -229,6 +229,7 @@ MAN=	\
        X509_check_ca.3 \
        X509_check_host.3 \
        X509_check_issued.3 \
+        X509_check_private_key.3 \
        X509_cmp_time.3 \
        X509_digest.3 \
        X509_get_pubkey.3 \
diff --git a/src/lib/libcrypto/man/X509_check_private_key.3 b/src/lib/libcrypto/man/X509_check_private_key.3
new file mode 100644
index 0000000000..76192fece4
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_check_private_key.3
@@ -0,0 +1,63 @@
+.\"     $OpenBSD: X509_check_private_key.3,v 1.1 2017/08/20 23:18:53 schwarze Exp $
+.\"     OpenSSL X509_check_private_key.pod 09ddb878 Jun 5 03:56:07 2017 +0800
+.\"
+.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 20 2017 $
+.Dt X509_CHECK_PRIVATE_KEY 3
+.Os
+.Sh NAME
+.Nm X509_check_private_key ,
+.Nm X509_REQ_check_private_key
+.Nd compare public key components
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Ft int
+.Fo X509_check_private_key
+.Fa "X509 *x"
+.Fa "EVP_PKEY *k"
+.Fc
+.Ft int
+.Fo X509_REQ_check_private_key
+.Fa "X509_REQ *x"
+.Fa "EVP_PKEY *k"
+.Fc
+.Sh DESCRIPTION
+These functions are seriously misnamed.
+.Fn X509_check_private_key
+compares the
+.Em public
+key components (e.g. exponent and modulus of an RSA key)
+and parameters (e.g. EC params of an EC key) of
+.Fa k
+with the corresponding properties of
+.Fa x .
+Despite the name, it neither checks whether
+.Fa k
+contains private key components at all, nor, if any are present,
+whether they are consistent with the public key components.
+.Pp
+.Fn X509_REQ_check_private_key
+is equivalent to
+.Fn X509_check_private_key
+except that it compares to the public key
+contained in a certificate request.
+.Sh RETURN VALUES
+These functions return 1 if the public key components and parameters
+match, or 0 if they do not or if an error occurs.
+On error or mismatch, a reason code can be obtained using
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr SSL_check_private_key 3
diff --git a/src/lib/libssl/man/SSL_CTX_use_certificate.3 b/src/lib/libssl/man/SSL_CTX_use_certificate.3
index dec16b3255..bc7d03cc19 100644
--- a/src/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/src/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: SSL_CTX_use_certificate.3,v 1.4 2017/07/25 17:28:37 benno Exp $
+.\"     $OpenBSD: SSL_CTX_use_certificate.3,v 1.5 2017/08/20 23:18:53 schwarze Exp $
 .\"     OpenSSL e248596b Apr 8 22:49:57 2005 +0000
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 25 2017 $
+.Dd $Mdocdate: August 20 2017 $
 .Dt SSL_CTX_USE_CERTIFICATE 3
 .Os
 .Sh NAME
@@ -389,7 +389,8 @@ Otherwise check out the error stack to find out the reason.
 .Xr SSL_CTX_set_cipher_list 3 ,
 .Xr SSL_CTX_set_client_cert_cb 3 ,
 .Xr SSL_CTX_set_default_passwd_cb 3 ,
-.Xr SSL_new 3
+.Xr SSL_new 3 ,
+.Xr X509_check_private_key 3
 .Sh HISTORY
 Support for DER encoded private keys
 .Pq Dv SSL_FILETYPE_ASN1
author	schwarze <>	2017-08-20 23:18:53 +0000
committer	schwarze <>	2017-08-20 23:18:53 +0000
commit	41bf8f2b2f43745b983344fd4d5fc6a009b04217 (patch)
tree	241c02b00afe3cf0f28931025b2e32f958693457 /src/lib
parent	694453a2826634e6fc2df3548ac09df4f1cc39bf (diff)
download	openbsd-41bf8f2b2f43745b983344fd4d5fc6a009b04217.tar.gz openbsd-41bf8f2b2f43745b983344fd4d5fc6a009b04217.tar.bz2 openbsd-41bf8f2b2f43745b983344fd4d5fc6a009b04217.zip

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 66144c8231..fa966f028e 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.123 2017/08/20 20:15:13 schwarze Exp $	1	# $OpenBSD: Makefile,v 1.124 2017/08/20 23:18:53 schwarze Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4		4
@@ -229,6 +229,7 @@ MAN= \
229	X509_check_ca.3 \	229	X509_check_ca.3 \
230	X509_check_host.3 \	230	X509_check_host.3 \
231	X509_check_issued.3 \	231	X509_check_issued.3 \
		232	X509_check_private_key.3 \
232	X509_cmp_time.3 \	233	X509_cmp_time.3 \
233	X509_digest.3 \	234	X509_digest.3 \
234	X509_get_pubkey.3 \	235	X509_get_pubkey.3 \


diff --git a/src/lib/libcrypto/man/X509_check_private_key.3 b/src/lib/libcrypto/man/X509_check_private_key.3 new file mode 100644 index 0000000000..76192fece4 --- /dev/null +++ b/src/lib/libcrypto/man/X509_check_private_key.3
@@ -0,0 +1,63 @@
		1	.\" $OpenBSD: X509_check_private_key.3,v 1.1 2017/08/20 23:18:53 schwarze Exp $
		2	.\" OpenSSL X509_check_private_key.pod 09ddb878 Jun 5 03:56:07 2017 +0800
		3	.\"
		4	.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
		5	.\"
		6	.\" Permission to use, copy, modify, and distribute this software for any
		7	.\" purpose with or without fee is hereby granted, provided that the above
		8	.\" copyright notice and this permission notice appear in all copies.
		9	.\"
		10	.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		11	.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		12	.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		13	.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		14	.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		15	.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		16	.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		17	.\"
		18	.Dd $Mdocdate: August 20 2017 $
		19	.Dt X509_CHECK_PRIVATE_KEY 3
		20	.Os
		21	.Sh NAME
		22	.Nm X509_check_private_key ,
		23	.Nm X509_REQ_check_private_key
		24	.Nd compare public key components
		25	.Sh SYNOPSIS
		26	.In openssl/x509.h
		27	.Ft int
		28	.Fo X509_check_private_key
		29	.Fa "X509 *x"
		30	.Fa "EVP_PKEY *k"
		31	.Fc
		32	.Ft int
		33	.Fo X509_REQ_check_private_key
		34	.Fa "X509_REQ *x"
		35	.Fa "EVP_PKEY *k"
		36	.Fc
		37	.Sh DESCRIPTION
		38	These functions are seriously misnamed.
		39	.Fn X509_check_private_key
		40	compares the
		41	.Em public
		42	key components (e.g. exponent and modulus of an RSA key)
		43	and parameters (e.g. EC params of an EC key) of
		44	.Fa k
		45	with the corresponding properties of
		46	.Fa x .
		47	Despite the name, it neither checks whether
		48	.Fa k
		49	contains private key components at all, nor, if any are present,
		50	whether they are consistent with the public key components.
		51	.Pp
		52	.Fn X509_REQ_check_private_key
		53	is equivalent to
		54	.Fn X509_check_private_key
		55	except that it compares to the public key
		56	contained in a certificate request.
		57	.Sh RETURN VALUES
		58	These functions return 1 if the public key components and parameters
		59	match, or 0 if they do not or if an error occurs.
		60	On error or mismatch, a reason code can be obtained using
		61	.Xr ERR_get_error 3 .
		62	.Sh SEE ALSO
		63	.Xr SSL_check_private_key 3


diff --git a/src/lib/libssl/man/SSL_CTX_use_certificate.3 b/src/lib/libssl/man/SSL_CTX_use_certificate.3 index dec16b3255..bc7d03cc19 100644 --- a/src/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/src/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.4 2017/07/25 17:28:37 benno Exp $	1	.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.5 2017/08/20 23:18:53 schwarze Exp $
2	.\" OpenSSL e248596b Apr 8 22:49:57 2005 +0000	2	.\" OpenSSL e248596b Apr 8 22:49:57 2005 +0000
3	.\"	3	.\"
4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.	4	.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: July 25 2017 $	52	.Dd $Mdocdate: August 20 2017 $
53	.Dt SSL_CTX_USE_CERTIFICATE 3	53	.Dt SSL_CTX_USE_CERTIFICATE 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -389,7 +389,8 @@ Otherwise check out the error stack to find out the reason.
389	.Xr SSL_CTX_set_cipher_list 3 ,	389	.Xr SSL_CTX_set_cipher_list 3 ,
390	.Xr SSL_CTX_set_client_cert_cb 3 ,	390	.Xr SSL_CTX_set_client_cert_cb 3 ,
391	.Xr SSL_CTX_set_default_passwd_cb 3 ,	391	.Xr SSL_CTX_set_default_passwd_cb 3 ,
392	.Xr SSL_new 3	392	.Xr SSL_new 3 ,
		393	.Xr X509_check_private_key 3
393	.Sh HISTORY	394	.Sh HISTORY
394	Support for DER encoded private keys	395	Support for DER encoded private keys
395	.Pq Dv SSL_FILETYPE_ASN1	396	.Pq Dv SSL_FILETYPE_ASN1