summaryrefslogtreecommitdiffstats
path: root/secure/lib/libcrypto/man/RSA_check_key.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/RSA_check_key.3')
-rw-r--r--secure/lib/libcrypto/man/RSA_check_key.326
1 files changed, 22 insertions, 4 deletions
diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3
index f5a5581..9c31ac6 100644
--- a/secure/lib/libcrypto/man/RSA_check_key.3
+++ b/secure/lib/libcrypto/man/RSA_check_key.3
@@ -1,5 +1,5 @@
.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:21:49 2002
+.\" Mon Jan 13 19:28:31 2003
.\"
.\" Standard preamble:
.\" ======================================================================
@@ -138,7 +138,7 @@
.\" ======================================================================
.\"
.IX Title "RSA_check_key 3"
-.TH RSA_check_key 3 "0.9.6e" "2002-07-30" "OpenSSL"
+.TH RSA_check_key 3 "0.9.7" "2003-01-13" "OpenSSL"
.UC
.SH "NAME"
RSA_check_key \- validate private \s-1RSA\s0 keys
@@ -174,9 +174,27 @@ This function does not work on \s-1RSA\s0 public keys that have only the modulus
and public exponent elements populated. It performs integrity checks on all
the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private
key data too.
+.PP
+Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work
+transparently with any underlying \s-1ENGINE\s0 implementation because it uses the
+key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can
+override the way key data is stored and handled, and can even provide
+support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR
+key data at all! If the \s-1ENGINE\s0 in question is only being used for
+acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data
+is complete and untouched, but this can't be assumed in the general case.
+.SH "BUGS"
+.IX Header "BUGS"
+A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need
+to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure
+elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and
+completely violating encapsulation and object-orientation in the process).
+The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the
+\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also
+provide their own verifiers.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-rsa(3), err(3)
+rsa(3), ERR_get_error(3)
.SH "HISTORY"
.IX Header "HISTORY"
-\&\fIRSA_check()\fR appeared in OpenSSL 0.9.4.
+\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4.
OpenPOWER on IntegriCloud