From 41bf8f2b2f43745b983344fd4d5fc6a009b04217 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Sun, 20 Aug 2017 23:18:53 +0000 Subject: New manual page X509_check_private_key(3), using information from the OpenSSL manual and from code inspection. Use my own Copyright and license because no Copyright-worthy amount of text from OpenSSL remains. And, no, these functions do *NOT* check private keys, not at all. --- src/lib/libcrypto/man/Makefile | 3 +- src/lib/libcrypto/man/X509_check_private_key.3 | 63 ++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 src/lib/libcrypto/man/X509_check_private_key.3 (limited to 'src/lib/libcrypto') diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile index 66144c8231..fa966f028e 100644 --- a/src/lib/libcrypto/man/Makefile +++ b/src/lib/libcrypto/man/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.123 2017/08/20 20:15:13 schwarze Exp $ +# $OpenBSD: Makefile,v 1.124 2017/08/20 23:18:53 schwarze Exp $ .include @@ -229,6 +229,7 @@ MAN= \ X509_check_ca.3 \ X509_check_host.3 \ X509_check_issued.3 \ + X509_check_private_key.3 \ X509_cmp_time.3 \ X509_digest.3 \ X509_get_pubkey.3 \ diff --git a/src/lib/libcrypto/man/X509_check_private_key.3 b/src/lib/libcrypto/man/X509_check_private_key.3 new file mode 100644 index 0000000000..76192fece4 --- /dev/null +++ b/src/lib/libcrypto/man/X509_check_private_key.3 @@ -0,0 +1,63 @@ +.\" $OpenBSD: X509_check_private_key.3,v 1.1 2017/08/20 23:18:53 schwarze Exp $ +.\" OpenSSL X509_check_private_key.pod 09ddb878 Jun 5 03:56:07 2017 +0800 +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 20 2017 $ +.Dt X509_CHECK_PRIVATE_KEY 3 +.Os +.Sh NAME +.Nm X509_check_private_key , +.Nm X509_REQ_check_private_key +.Nd compare public key components +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_check_private_key +.Fa "X509 *x" +.Fa "EVP_PKEY *k" +.Fc +.Ft int +.Fo X509_REQ_check_private_key +.Fa "X509_REQ *x" +.Fa "EVP_PKEY *k" +.Fc +.Sh DESCRIPTION +These functions are seriously misnamed. +.Fn X509_check_private_key +compares the +.Em public +key components (e.g. exponent and modulus of an RSA key) +and parameters (e.g. EC params of an EC key) of +.Fa k +with the corresponding properties of +.Fa x . +Despite the name, it neither checks whether +.Fa k +contains private key components at all, nor, if any are present, +whether they are consistent with the public key components. +.Pp +.Fn X509_REQ_check_private_key +is equivalent to +.Fn X509_check_private_key +except that it compares to the public key +contained in a certificate request. +.Sh RETURN VALUES +These functions return 1 if the public key components and parameters +match, or 0 if they do not or if an error occurs. +On error or mismatch, a reason code can be obtained using +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr SSL_check_private_key 3 -- cgit v1.2.3-55-g6feb