Update for OpenSSL 0.9.7. No assembler code at the moment. This

will follow.

1 files changed, 22 insertions, 4 deletions

diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3
index f5a5581..9c31ac6 100644
--- a/secure/lib/libcrypto/man/RSA_check_key.3
+++ b/secure/lib/libcrypto/man/RSA_check_key.3
@@ -1,5 +1,5 @@
 .\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:49 2002
+.\" Mon Jan 13 19:28:31 2003
 .\"
 .\" Standard preamble:
 .\" ======================================================================
@@ -138,7 +138,7 @@
 .\" ======================================================================
 .\"
 .IX Title "RSA_check_key 3"
-.TH RSA_check_key 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH RSA_check_key 3 "0.9.7" "2003-01-13" "OpenSSL"
 .UC
 .SH "NAME"
 RSA_check_key \- validate private \s-1RSA\s0 keys
@@ -174,9 +174,27 @@ This function does not work on \s-1RSA\s0 public keys that have only the modulus
 and public exponent elements populated. It performs integrity checks on all
 the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private
 key data too.
+.PP
+Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work
+transparently with any underlying \s-1ENGINE\s0 implementation because it uses the
+key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can
+override the way key data is stored and handled, and can even provide
+support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR
+key data at all! If the \s-1ENGINE\s0 in question is only being used for
+acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data
+is complete and untouched, but this can't be assumed in the general case.
+.SH "BUGS"
+.IX Header "BUGS"
+A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need
+to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure
+elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and
+completely violating encapsulation and object-orientation in the process).
+The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the
+\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also
+provide their own verifiers.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
-rsa(3), err(3)
+rsa(3), ERR_get_error(3)
 .SH "HISTORY"
 .IX Header "HISTORY"
-\&\fIRSA_check()\fR appeared in OpenSSL 0.9.4.
+\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4.