diff options
author | markm <markm@FreeBSD.org> | 2003-01-28 22:58:14 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2003-01-28 22:58:14 +0000 |
commit | ecacd12edb99d739f012912174233320c5f8262f (patch) | |
tree | b81a83b72c76fb8541cf06d3e99d92f1c0fc0888 /secure/lib/libcrypto/man/RSA_check_key.3 | |
parent | b159341ed957acbcab2f9bdd46c0b82ecd2e7864 (diff) | |
download | FreeBSD-src-ecacd12edb99d739f012912174233320c5f8262f.zip FreeBSD-src-ecacd12edb99d739f012912174233320c5f8262f.tar.gz |
Update for OpenSSL 0.9.7. No assembler code at the moment. This
will follow.
Diffstat (limited to 'secure/lib/libcrypto/man/RSA_check_key.3')
-rw-r--r-- | secure/lib/libcrypto/man/RSA_check_key.3 | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index f5a5581..9c31ac6 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:49 2002 +.\" Mon Jan 13 19:28:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH RSA_check_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_check_key \- validate private \s-1RSA\s0 keys @@ -174,9 +174,27 @@ This function does not work on \s-1RSA\s0 public keys that have only the modulus and public exponent elements populated. It performs integrity checks on all the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private key data too. +.PP +Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work +transparently with any underlying \s-1ENGINE\s0 implementation because it uses the +key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can +override the way key data is stored and handled, and can even provide +support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR +key data at all! If the \s-1ENGINE\s0 in question is only being used for +acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data +is complete and untouched, but this can't be assumed in the general case. +.SH "BUGS" +.IX Header "BUGS" +A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need +to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the +\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also +provide their own verifiers. .SH "SEE ALSO" .IX Header "SEE ALSO" -rsa(3), err(3) +rsa(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_check()\fR appeared in OpenSSL 0.9.4. +\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4. |