From 41bf8f2b2f43745b983344fd4d5fc6a009b04217 Mon Sep 17 00:00:00 2001
From: schwarze <>
Date: Sun, 20 Aug 2017 23:18:53 +0000
Subject: New manual page X509_check_private_key(3), using information from the
 OpenSSL manual and from code inspection. Use my own Copyright and license
 because no Copyright-worthy amount of text from OpenSSL remains.

And, no, these functions do *NOT* check private keys, not at all.
---
 src/lib/libcrypto/man/Makefile                 |  3 +-
 src/lib/libcrypto/man/X509_check_private_key.3 | 63 ++++++++++++++++++++++++++
 src/lib/libssl/man/SSL_CTX_use_certificate.3   |  7 +--
 3 files changed, 69 insertions(+), 4 deletions(-)
 create mode 100644 src/lib/libcrypto/man/X509_check_private_key.3

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 66144c8231..fa966f028e 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.123 2017/08/20 20:15:13 schwarze Exp $
+# $OpenBSD: Makefile,v 1.124 2017/08/20 23:18:53 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -229,6 +229,7 @@ MAN=	\
 	X509_check_ca.3 \
 	X509_check_host.3 \
 	X509_check_issued.3 \
+	X509_check_private_key.3 \
 	X509_cmp_time.3 \
 	X509_digest.3 \
 	X509_get_pubkey.3 \
diff --git a/src/lib/libcrypto/man/X509_check_private_key.3 b/src/lib/libcrypto/man/X509_check_private_key.3
new file mode 100644
index 0000000000..76192fece4
--- /dev/null
+++ b/src/lib/libcrypto/man/X509_check_private_key.3
@@ -0,0 +1,63 @@
+.\"	$OpenBSD: X509_check_private_key.3,v 1.1 2017/08/20 23:18:53 schwarze Exp $
+.\"	OpenSSL X509_check_private_key.pod 09ddb878 Jun 5 03:56:07 2017 +0800
+.\"
+.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: August 20 2017 $
+.Dt X509_CHECK_PRIVATE_KEY 3
+.Os
+.Sh NAME
+.Nm X509_check_private_key ,
+.Nm X509_REQ_check_private_key
+.Nd compare public key components
+.Sh SYNOPSIS
+.In openssl/x509.h
+.Ft int
+.Fo X509_check_private_key
+.Fa "X509 *x"
+.Fa "EVP_PKEY *k"
+.Fc
+.Ft int
+.Fo X509_REQ_check_private_key
+.Fa "X509_REQ *x"
+.Fa "EVP_PKEY *k"
+.Fc
+.Sh DESCRIPTION
+These functions are seriously misnamed.
+.Fn X509_check_private_key
+compares the
+.Em public
+key components (e.g. exponent and modulus of an RSA key)
+and parameters (e.g. EC params of an EC key) of
+.Fa k
+with the corresponding properties of
+.Fa x .
+Despite the name, it neither checks whether
+.Fa k
+contains private key components at all, nor, if any are present,
+whether they are consistent with the public key components.
+.Pp
+.Fn X509_REQ_check_private_key
+is equivalent to
+.Fn X509_check_private_key
+except that it compares to the public key
+contained in a certificate request.
+.Sh RETURN VALUES
+These functions return 1 if the public key components and parameters
+match, or 0 if they do not or if an error occurs.
+On error or mismatch, a reason code can be obtained using
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr SSL_check_private_key 3
diff --git a/src/lib/libssl/man/SSL_CTX_use_certificate.3 b/src/lib/libssl/man/SSL_CTX_use_certificate.3
index dec16b3255..bc7d03cc19 100644
--- a/src/lib/libssl/man/SSL_CTX_use_certificate.3
+++ b/src/lib/libssl/man/SSL_CTX_use_certificate.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: SSL_CTX_use_certificate.3,v 1.4 2017/07/25 17:28:37 benno Exp $
+.\"	$OpenBSD: SSL_CTX_use_certificate.3,v 1.5 2017/08/20 23:18:53 schwarze Exp $
 .\"	OpenSSL e248596b Apr 8 22:49:57 2005 +0000
 .\"
 .\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 25 2017 $
+.Dd $Mdocdate: August 20 2017 $
 .Dt SSL_CTX_USE_CERTIFICATE 3
 .Os
 .Sh NAME
@@ -389,7 +389,8 @@ Otherwise check out the error stack to find out the reason.
 .Xr SSL_CTX_set_cipher_list 3 ,
 .Xr SSL_CTX_set_client_cert_cb 3 ,
 .Xr SSL_CTX_set_default_passwd_cb 3 ,
-.Xr SSL_new 3
+.Xr SSL_new 3 ,
+.Xr X509_check_private_key 3
 .Sh HISTORY
 Support for DER encoded private keys
 .Pq Dv SSL_FILETYPE_ASN1
-- 
cgit v1.2.3-55-g6feb